Week 1: Risk Management Fundamentals: Threats, Vulnerabilities, & Exploits

Week 1: Risk Management Fundamentals: Threats, Vulnerabilities, & Exploits
The Risk management fundament weekly topic evaluated the different risk management concepts and operations. The topic impacts one with knowledge and skills on risk assessment methodologies, risk calculations, and safeguard selection objectives and criteria. The risk is comprised of threats and vulnerability of assets (Fenz et al., 2014). The threat involves the natural or man-made circumstances that have adverse impacts on organizational assets. Vulnerability takes the absence or weaknesses of a safeguard in an asset that makes a threat to succeed. Therefore, risk is a function of threat and vulnerability. The risk management fundamentals take the mitigation of risks by reducing risks to acceptable and favorable levels or organization.
Risk mitigation
Risk mitigation involves three risk management elements, such as risk identification, risk analysis, and risk control (Fenz et al., 2014). Risk identification takes risk management that involves identifying specific elements of risk, such as assets, threats, and vulnerabilities.
Consequently, risk analysis takes the process of examining the sources of cyber threats and evaluating them in relation to information system vulnerabilities (Fenz et al., 2014). Risk analysis is implemented by defining threats, identifying different consequences, defining threat frequency, and assessing the probability that the threat will materialize.
Moreover, risk analysis takes the action of bringing together risk management elements, such as identification, analysis, and control (Fenz et al., 2014). The risk analysis is implemented by identifying the assets to be protected, the definition of threats in terms of threat frequency and data impact, calculation of annualized loss expectancy (ALE), and selection of the appropriate and relevant safeguards.
Goals of risk analysis
The goals of risk analysis take the identification of acceptable risk levels. In this case, the risk analysis takes the identification of assets and their value to an organization (Fenz et al., 2014). The identification of vulnerabilities and threats to an organization and its assets resulting from the risk. The quantification of the probability and impact of the potential threats and initiating an economic balance between the impact of the threat and cost of countermeasure approaches.
Countermeasures to risks and threats
The risk management fundamentals ensure that the risks and threats associated with common organizational assets are effectively countered to ensure that organization and operations are done within safe and secure environments (Wheeler, 2011). Risk management takes control of risk, and Risk control is a countermeasure or safeguard that reduces the risk associated with different threats. The general remedies for risk reduction include risk reduction, risk assignment, and risk acceptance.
Risk reduction takes the mitigation of risks by implementing necessary security procedures, policies, and controls to protect assets. The reduction of risk is done by altering, reducing, and eliminating threats and vulnerabilities (Wheeler, 2011). Moreover, the risk assignment as a countermeasure takes avoiding risk outcomes by assigning the potential loss associated with a risk to a third party, such as taking insurance covers. This approach ensures that in the event that risk occurs, then an organization will maintain its continuity. Additionally, there is risk acceptance as a countermeasure that involves accepting the loss connected with a potential risk, thus making it possible to eliminate or neutralize it to the point that it only causes minimum damage.
Risk management fundamentals take a series of activities and steps towards mitigating threats and risks to a business. The mitigation of risks ensures that threats and risk are at a manageable level, and they do not negatively affect a business.
References