Risk Management

Updated: Oct 25

-Team DRASInt


Background


Our experts have analyzed that the Security and Investigative functions are linked to Cyber domain in one way or the other. Intricate knowledge of Cyber security and related processes is mandatory. In an attempt to arm our students with sound knowledge in the field of Cyber-security, we will be evolving a Cyber security module exclusively to be used in Security domain. The contents, which are basic in nature will be introduced to the audience in a series of introductory articles by our team. You can log on to the blog page to offer your valuable comments for suggesting improvements.


What is Risk Management?


Risk Management (RM) is the process of identifying potential risks, assessing the impact of those risks, and planning how to respond if the risks become reality.


Setting Up your RM System

The Company needs to determine what assets it needs to protect and prioritize. As the US National Institute of Standards and Technology (NIST) points out in its Framework for Improving Critical Infrastructure Cyber security, there is no one-size-fits all solution. Different organizations have different technology infrastructures and different potential risks. Some organizations such as financial services firms and healthcare organizations have regulatory in addition to business concerns that need to be addresses in a Cyber security RM system. Cyber security should follow a layered approach, with additional protections for the most important assets, such as corporate and customer data.


ISO 27001


The ISO 27001 defines five steps that are needed for managing Cyber security Risk and seven steps that must be followed for carrying out a Risk Assessment. They are as follows:


  • Risk identification

  • Vulnerability reduction

  • Threat reduction

  • Consequence mitigation

  • Enable cyber security outcome


ISO 27001 requires the organization to define the risk acceptance criteria and the criteria for performing security risk assessments:


  • Identify risks associated with the loss of confidentiality, availability and integrity of information within the scope of the Information Security Management System (ISMS)

  • Identify the risk owners.

  • Assess the consequences that may result if an identified risk materializes.

  • Assess the likelihood of that risk occurring.

  • Determine the level of the risk.

  • Compare the results of the analysis against the risk criteria.

  • Prioritize the risks for treatment.


Analyzing and Fixing Risk through RM


There are few ways to approach and treat risk in RM. They are given below :


Avoidance

This entails changing plans to eliminate a risk. This strategy is good for risks that could potentially have a significant impact on a business or project.


Transfer

Transfer is applicable to projects with multiple parties. It is not used frequently and often includes insurance. Transfer is also known as “Risk Sharing”.


Mitigation

Mitigation is limiting the impact of a risk so that if a problem occurs it will be easier to fix. This is the most common and also known as “Optimizing risk” or “Risk reduction”.


Exploitation

Some risks are good; such as if a product is popular there is not enough staff to keep up with sales. In such a case, the risk can be exploited by adding more sales staff.


Management should ensure that these risk identification activities are performed to determine the Company’s information security risk profile.


End of Part II

Finding it interesting,

standby for our next introductory contents.


Meanwhile,

If you wish to offer your comments,

you can log in to to the blog page to offer your comments for carrying out improvements.


For more details regarding update on the new products, please visit

https://www.drasintrisk.com/shop

Book for free Consultation with our experts today.

DRASINT RISK ALLIANCE PRIVATE LIMITED प्रकाशित सामग्री का एकमात्र मालिक है।

Mobile Number:+918290439442, Email-forensic@drasintrisk.com



DRASInt Risk Alliance Private Limited acts as your Consultative Investigative Unit (CIU) for Field Investigation Services and Surveillance. We specialize in investigations related to Arson, White Collar Crime, Financial Fraud and Malpractice, Corporate frauds and Forgery. We specialize in Protective Intelligence, Industrial Surveys, Asset Verification, Accident Investigation Services and Fire Damage Investigation Services, Character Report, Background Verification, Identity Verification Services, Pre-Employment Check, Documentary Proofing, Bank Card Verification, Digital Forensics Services and Forensic Audit Services, Insurance Fraud investigation and Insurance Claim Verification.


We also undertake to investigate Anti-Counterfeit Services, Infringement of Trade Mark, Trademark Verification and Pilferage of Good. As a private investigator we undertake Property Dispute and Asset Verification Investigations, investigations related to Matrimonial Discord, Extra Marital Affairs, and Spouse Fidelity and Pre Matrimonial Verification. Sourcing and provisioning of Security Manpower and Equipment, and to conduct Security, Investigation, Intelligence Awareness Training programs are some of our other specialties.


DRASInt RISK ALLIANCE PRIVATE LIMITED कॉपीराइट के उल्लंघन, साहित्यिक चोरी या प्रकाशन के अन्य उल्लंघनों के मुद्दों को बहुत गंभीरता से लेती है। हम अपने अधिकारों की रक्षा करना चाहते हैं और हम हमेशा साहित्यिक चोरी के दावों की जांच करते हैं। प्रस्तुत पाठ की जाँच की जाती है।जहाँ पाठों में पाया जाता है कि बिना अनुमति के या अपर्याप्त स्वीकृति के साथ तृतीय-पक्ष कॉपीराइट सामग्री शामिल है, हम कार्रवाई करने का अधिकार सुरक्षित रखते है। प्रतियाँ बनाने का अधिकार डेटाबेस, या वितरकों को उपलब्ध है जो विभिन्न दर्शकों को पांडुलिपियों या पत्रिकाओं को प्रसारित करने में शामिल हो सकते हैं।


References


32 views0 comments

Recent Posts

See All