Program Explanation Risk management: The process of identifying risk, evaluating its comparative magnitude, and taking some steps to reduce it to the acceptable level is referred as risk management. The probability of defining something that will go wrong as a source of any event or due to any series of sequences is referred as risk. A risk management plan contains assessment, analysis, and handling the risk. It takes the step to ensure the confidentiality, integrity and availability of all the components in the organization’s information system. It has three major undertakings: Risk identification Risk assessment Risk control Identifying the risk: Identification of risk is important, because an individual should know what risks are available in the system and should be aware of the ways to control them. Information should be analyzed and the system which stores, uses and transmit information should be checked repeatedly. These steps should be taken to protect it from risk and to make sure up to which vulnerabilities they are susceptible. Once the process has been identified, analyze what are the measures that have been already taken to protect the system. Moving the asset from place does not really mean that the asset is kept safer. Organizations will start implementing the control mechanisms, but they unfortunately neglect the periodic review, maintenance, revision which are necessary to run the system without risk. Thus, the training programs, education and technologies which help in protecting the information should be maintained carefully and regularly.

Computer Science Principles of Information Security (MindTap Course List)What is risk management? Why is the identification of risks and vulnerabilities to assets so important in risk management?

What is risk management? Why is the identification of risks and vulnerabilities to assets so important in risk management?

BuyFind

Principles of Information Security...

6th Edition

Michael E. Whitman + 1 other

Publisher: Cengage Learning

ISBN: 9781337102063

Chapter 5, Problem 1RQ

Textbook Problem

What is risk management? Why is the identification of risks and vulnerabilities to assets so important in risk management?

Expert Solution

Explanation of Solution

Risk management:

The process of identifying risk, evaluating its comparative magnitude, and taking some steps to reduce it to the acceptable level is referred as risk management.
The probability of defining something that will go wrong as a source of any event or due to any series of sequences is referred as risk.
A risk management plan contains assessment, analysis, and handling the risk.
It takes the step to ensure the confidentiality, integrity and availability of all the components in the organization’s information system.
It has three major undertakings:
- Risk identification
- Risk assessment
- Risk control

Identifying the risk:

Identification of risk is important, because an individual should know what risks are available in the system and should be aware of the ways to control them.
Information should be analyzed and the system which stores, uses and transmit information should be checked repeatedly.
These steps should be taken to protect it from risk and to make sure up to which vulnerabilities they are susceptible.
Once the process has been identified, analyze what are the measures that have been already taken to protect the system.
Moving the asset from place does not really mean that the asset is kept safer.
Organizations will start implementing the control mechanisms, but they unfortunately neglect the periodic review, maintenance, revision which are necessary to run the system without risk.
Thus, the training programs, education and technologies which help in protecting the information should be maintained carefully and regularly.