Need a 250 word Peer Response with 1 cited reference
Don't use plagiarized sources. Get Your Custom Essay on
Two Peer responses read below
Just from $13/Page
Hello everyone
I hope everyone is having a great start to the week. This week we are talking about risk management. Risk management is the process of identifying, assessing, and controlling threats to an organization’s capital and earning. When assessing threats, these threats could come from a variety of sources. These threats could be to infrastructure, data-related risks, legal, natural disasters, and many more. Risk management identifies these and allows an organization to prioritize and take action against these. By implementing a risk management plan and considering the various potential risks or events before they occur, an organization can save money and protect their future. Within the current scope of my work, I deal with the Risk Management Framework (RMF) when it comes to Navy systems. As this is only one of many risk management strategies each organization will have the one that meets the needs of the organization. When applying the Risk Management Framework, this is done to mitigate any risks that are identified. This strategy is applied to system engineering as certain mitigation strategies require the addition of hardware. With additional hardware, systems have to take into account a wide variety of things such as the functionality of this hardware and how it is overall connected to the system. When it comes to software and overall security of the system, there are certain security configurations that need to be implemented. With these configurations, the system may not operate as intended. Due to this, system engineering needs to be involved to ensure that with the proper hardware, software, and security it is operating as it should be. Software updates and patches are always released and because of this, systems are evolving. System engineering is simply there to ensure that it is operating as it should be but also pushing the system to evolve with the advances in technology.
I look forward to reading all the opinions and comments.
V/r
Kurtis
References
Conducting a Risk Assessment. (n.d.). Retrieved August 24, 2020, from https://www.assp.org/news-and-articles/2019/02/12/…
Risk Assessment : OSH Answers. (2020, August 21). Retrieved August 24, 2020, from https://www.ccohs.ca/oshanswers/hsprograms/risk_as…
Rouse, M. (2020, April 07). What is Risk Management and Why is it Important? Retrieved August 24, 2020, from https://searchcompliance.techtarget.com/definition…
What Is Risk Management? (n.d.). Retrieved August 24, 2020, from https://www.clearrisk.com/what-is-risk-management
Need a 250 word Peer Response #2 with 1 cited reference
Class,
Welcome to week 4! Half-way there and I hope everyone is doing well. Aww risk management and mitigation. As I am sure anyone who has any sort exposure to the military can attest to this is a very common concept. It even has its department directive (DD Form 2977, Deliberate Risk Assessment Worksheet). This form lays out the risks associated with whatever activity we are applying for so that the command team can approve or disapprove the form. We even have to use it for situations like washing vehicles (Department of Defense, 2014). The reason that this form is even in existence, is for legal reasons because someone at some point got hurt or damaged something in whichever activity they are doing. Anyway I suppose this is the purpose of risk management. Learning from past mistakes to help determine is the risk is worth the activity itself.
When it comes to information systems Jacobs states that risk management is “the process of reducing the risk faced by the enterprise, through risk mitigation actions and risk assignment agreements, to acceptable level of residual risk that the organization can consider a normal cost of doing business” (Jacobs, 2016, pp 224). In laymen’s terms risk assessments in the business world are associated with the lowering of costs. A perfect example of this in my mind is when large companies factor in the cost of a law suite when dumping toxic waste. Basically they performed a risk assessment and found that the cost disposing of waste in a safe and legal way outlays the cost of even the harshest law suite. Its simple dollars and cents. This is a rather cold examination of risk management, but it makes since from a purely business perspective.
In information systems risk management, boils down to how much risk an organization is willing to take on with regard to there information. For example if a company decides to get into health insurance they need to weigh how much it will cost to protect data in compliance with HIPPA. Now when dealing with data in particular there are other risks outside of financial costs. These include a lack of trust in the organization/data, a loss of contracts to handle the data, and in extreme examples jail time for top executives.
When building risk tolerance into an information system our textbook states that the risk management mythological framework revolves around “identifying risks and determining how to manage (reduce) those risks” (Jacobs, 2016, pp 232). Both of these two goals must be met enable for the risk tolerance to be within the system. Much like how on the DD Form 2977, it is impossible for the system engineers to fully know every risk they need to base there assessment on historical analysis. A key factor in these systems is building enough flexibility into the system so that once it is cracked open by attackers they can be quickly quarantined and the system is updated to reflect the new risk.
Anyway I got a little off topic throughout this weeks post, but I look forward to hearing everyones thoughts. As always if anyone needs anything from me, please just reach out.
References
Department of Defense. (2014, January). DELIBERATE RISK ASSESSMENT WORKSHEET. Retrieved August 24, 2020, from https://www.gocivilairpatrol.com/media/cms/DD_Form…
Jacobs, S. (2016). Chapter 4-5 In Engineering information security: The application of systems engineering concepts to achieve information assurance (Second ed., pp. 123-267). Hobokin, NJ: John Wiley & Sons.