Risk Analysis: A Risk Management Plan (WNA)

1188 Words 5 Pages
Gibson says, “A risk assessment (RA), also referred to as “Risk Analysis”, is a process used to identify and evaluate risk” (2015). It differs from Risk Management Plan (RMP) as RA is about classifying the risks quantitatively and qualitatively, but RMP is about avoiding and mitigating risks, threats and vulnerabilities.
Risk assessment is a subset of RMP. RA helps an organization to prioritize the risks based on their likelihood and degree of impact. RA is a very important instrument when an organization is trying to evaluate their risks, plan the control/solution and monitor their effectiveness. RA helps the management take well informed decision to neutralize the risks based on the quantitative numbers and qualitative factors. Once a control
…show more content…
Paragraph # 1:

Security challenges in a virtual world of IT are very complex and very difficult to control. Hackers/malwares need not be physically present at any given point of time to cause damage to anything that has an IT value. The list of 22 risks, threats and vulnerabilities impact almost all the seven domains in an IT set up.

IT Domain Number of Risks, Threats, and Vulnerabilities
Workstation 5
System/Application 4
User 4
LAN 3
WAN 3
LAN-to-WAN 2
Remote Access 1
Total
…show more content…
The other parameter of Risk Level is the degree of impact. Let us consider that critical events have the highest impact of 100, major events have the impact of 50, and minor events have an impact of 10. Now, Risk Level = Probability * Impact. So, we get the following table:

Risk factor Probability (%) Impact Risk level (Probability * Impact)
Critical 100 100 10000
Major 50 50 2500
Minor 10 10 100

Considering the number of Critical, Major, and Minor events for each of the seven domains of IT, we get the following Risk level (The last column):

IT Domain Number of Critical factors Number of Major factors Number of Minor factors Total Risk level
User 2 2 0 25000
System/Application 2 1 1 22600
LAN 1 0 2 10200
Remote Access 1 0 0

Related Documents

Related Topics