Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 words

Information Security Risk Management - Case Study Example Organization face internal as well as external actor, which create uncertainty for organizations in achieving the objectives. Hall (2010) called that the risk management was a hybrid function that had bridged the number of disciplines to reduce or avoid loss for organizations. Proactive activities are attempted to mitigate or prevent loss in the organizations. Tavakkoli-Moghaddam et al., (2011) used the compromise ranking (VIKOR) and fuzzy entropy techniques in engineering, procurement and construction projects. Separate techniques for risk identification and risk prioritization are used. Qualitative assessment helps the management to prioritize the risks identified by calculating their impacts and impacts. Except these techniques, Monte Carlo method is most significantly used for risk identification. This method is based on probability and their impacts. Monte Carlo method shows the correlation between the identified variables for a project. Identification of vulnerabilities and threats through risk assessment helps in determining the impacts of each risk. However, risk assessment becomes a complex undertaking when imperfect information is provided. Value assignment to information system business processes including the costs, recovery and their impacts can be measured in indirect and direct costs. Exposure of sensitive information about a specific business area of the organization has wide consequences and impacts the reputation or regard of the organization. Attacker can falsify the information, which is important for future decisions. Both qualitative and quantitative risk assessment technique can be used (Carroll, 2009). Risk identification requires the risk treatment. Risk treatment is a range of options used for risk evaluation and plan preparation for risk treatment. Planning the risk treatment also requires plans’ implementation. In an organization, when risk about information security