Information System Risk Management Paper Essay Example | Topics and Well Written Essays - 1500 words

Information System Risk Management Paper - Essay Example Threats to an organization can be both from internal sources and external. While the motives may vary, the system is vulnerable to several risks. This paper will examine the vulnerabilities, the potential threats and the levels of security that could help mitigate the risks and allow uninterrupted workflow. Risk has been defined as the chance of exposure to the adverse consequences of future events (Egbuji, 1999). The likelihood and consequences have to be understood to provide for the right security measures. For a risk to be understandable, according to the Software Engineering Institute (SEI, 2006) of Carnegie Mellon University, it must be expressed clearly. This also implies that possible losses must be identified. Risks have to be assessed continuously and used for decision-making. In the field of computer technology and the information systems, technology enhancement is an ongoing process, which further necessitates continuous risk assessment. Besides, the losses due to lack of security controls could be in the areas of production, revenue, damaged reputation, and financial performance. Benefits of proper security measures could result in enhanced operational efficiency and competitive advantages (Kim, 2006). An organization must invest in IS security and know where to cut corner s. They should be able to spell the difference between security success and disaster (Gupta and Hammond, 2006). According to SEI, seven principles provide the framework to establish effective risk management. These include having a global perspective, the system should be at par with the larger systems, forward-looking view that is identifying and anticipating uncertainties, open communication – information and communication at all levels should be free flowing, integrated – risk management should be a vital and an integrated part of management, continuous – regular upgradation and constant vigil, shared product vision – having common purpose, shared