Risk Assessment Frameworks

The concept of risk assessment can be considered as the identification of hazards that would directly impact the overall working of the organisation. The concept which can be applied to the aspect is detect business risk and provide processes, measures and control which would be directly reducing the impact of the risk to the operation of the business (Wood and Dandin 2017). The main aspect which would be taken into consideration would be the reduction of the different risk factor which is involved into the concept.

The organisation mainly take into consideration risk assessment framework (RAF) to directly share and prioritize the details relating to the assessment including details which is related to the risk in the sector of information technology (IT). The RAF can be beneficial in a way which would be directly beneficial in a way which would be helping the organisation to identify hazards which are potential and any aspect which is related to the risk by these type of hazards as well as fallout of potential if these risk come to fruition. The main functionality which is related to the assessment of the risk is done mainly by the Chief Risk manager (CRM) and Chief Risk officer (CRO).

The main difficulty which is related to the risk assessment process is related to the risk identification and the development of the countermeasures which is related to the risk. An analysis of the risk can be very much beneficial in the aspect of identifying the different factor which are related to the risk and the mitigation aspect which can be involved into the concept.

It can be stated here that management and development of cyber security can be very much beneficial in the aspect of business decision is making is due to the factor that there would not be any type risk factor involved into the internal as well as external working of the business (Levi, Allouchen and Kontorovich 2018).. It can be stated that a business without the factor of cyber security and other risk factor involved into the concept can be very much a successful business orientation.

An information assets can be considered as a knowledge body that is managed and organised by means of a single entity. Taking into consideration other organisation assets it can be stated here that the information assets also is very much crucial in the working of the organisation.

There are different types of factor which can be included into the concept which would be directly making an information assets critical. It can be stated that the assists which include different type of data which are very much crucial in the sector of operation of the organisation can be considered to be a critical assists (Levi, Allouchen and Kontorovich 2018). The security aspect of the critical assets are very much important in the sector of operation of the buienss. This is due to the factor that if there are any type of intruder activity included into the concept it would be directly affecting the overall working of the organisation.

Challenges in Risk Assessment and Mitigation

In the WFA there can be implementation of a technique which is related to the periodization of the data which would be classifying the university information assists. Security of the data should be one of the most priority sector within the working of the organisation.

1. What is the strategy which would be included into the working of the assists of the organisation?

2. What are the intellectual property which are involved into the assets of the working of the organisation?

3. What are the material which are used in the concept in the securing aspect of the critical data?

4. What are the operations which are included in the sector of the critical data of the university?

5. Is there any type of legal constraint impacted into the sector of dealing with the critical data?

Threat: Threats can be considered as external entity which would be directly degrading the quality of the data and would be hampering with the security of the data.

Hazards: The hazards can be considered as attacks which only degrade the quality of the data.

Attack: Attack are those factor which aim a system or a data in order to get the access of the data and use it for their own benefit (Kruse et al. 2017). The attack is mainly generated by the hackers.

Incident: The concept of incident can be stated to be less complexity aspect as compared to other event which majorly include intrusion into a system.

Threat: One of the example of threat which can be stated here is the attack of the HDFC bank server. The main concept which resulted in the attack was the loopholes in the security of the system.

Incident: The example which can be stated in context of the incident can be related to the World health organisation database (Massey 2017). The incident resulted in discloser of personal details of many person who were involved into the concept and personal details were stolen in the concept. The attack was mainly generated by means of an attack which is known as WannaCry

The attack which are discussed above mainly had a aim of taking into consideration personal details of the person so that the data can be used in some type of unethical manner which would be including the bank details, the phone name, email and other personal details which are very much crucial for an individual.

WannaCry can be considered as one of the attack which directly aim at accessing the data of the organisation and does not leave the system and takes the overall control of the system (Singer and Friedman 2014). The main mitigation aspect which can be done in the aspect is ensuring the data entry point of the system is secured.

Security of the system can be considered to be very much essential due to the factor that if there are any type of loopholes in the system it would be directly hampering the overall access point of the system.

Confidentiality: The data of the user should be always be secured if it is not secured the system cannot be termed as confidentiality system

Integrity: The integrity of the data is very much essential in the sector that the quality of the data is not compromised upon (Levi, Allouchen and Kontorovich 2018).

Availability: The availability of the data should be done to the user so that they can access the data when they need to do so.

It can be stated that according to the critically of the data the data should be sorted and the data which has the highest priority would be given security of the upmost level which would be keeping the data very much safe from the hand of the intruders and any type of unethical activity.

References

Gcaza, N. and Von Solms, R., 2017. A Strategy for a Cybersecurity Culture: A South African Perspective. The Electronic Journal of Information Systems in Developing Countries, 80(1), pp.1-17.

Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), pp.1-10.

Levi, M., Allouche, Y. and Kontorovich, A., 2018, June. Advanced Analytics for Connected Car Cybersecurity. In 2018 IEEE 87th Vehicular Technology Conference (VTC Spring)(pp. 1-7). IEEE.

Massey, D., 2017, November. Applying Cybersecurity Challenges to Medical and Vehicular Cyber Physical Systems. In Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense (pp. 39-39). ACM.

Singer, P.W. and Friedman, A., 2014. Cybersecurity: What everyone needs to know. Oxford University Press.

Weinstein, R., 2016. Cybersecurity: Getting beyond Technical Compliance Gaps. NYUJ Legis. & Pub. Pol’y, 19, p.913.

Wood, T.A. and Dandin, M., 2017, May. Cybersecurity and the electric grid: Innovation and intellectual property. In Circuits and Systems (ISCAS), 2017 IEEE International Symposium on (pp. 1-1). IEEE.