Method Used for Managing Risk Issues

Question: Discuss about the Method Used for Managing Risk Issues. Answer: Introduction: IT risk management is the method used for managing risk issues associated with information technology in accordance with business, organization, and enterprises. The business risks are mainly associated with operations performed by the enterprise, ownership, influence from others, involvement, and adoption of Information technology (Resnik, 2015). From the research, it has been predicted that risk are the combination of threat, assets, and vulnerability. In this paper we will focus on role and feasibility of cyber insurance, various approaches of mitigating security risk, evaluation of IT security risk, and advantage of using intrusion detection system, firewalls, and vulnerability scanner to reduce risk. Role and Feasibility of Cyber insurance: Cyber insurance is used for protecting businesses and its assets from the IT risks. Cyber insurance plays an important role in providing coverage like first party coverage which is usually associated against the losses which comes under the category of data destruction, theft, extortion, hacking, and other denial of service attacks, liability coverage works in accordance with the loss occurs due to error and omissions, defamation, failure in safeguarding the data, and other security audits. Cyber insurance is preferred because of the reason like scarcity in sound technical solution (Lujan, 2011); difficulty arises in designing the solution against network attack, and many others. Various approaches of mitigating security risk: The security risks are usually associated with strategic demand, operational issues, financial tactics, and many others (Buhalis, 2012). The occurrence of risk can be avoided, reduced, reduction in spreading, transferring of risk, and its acceptance. The process of mitigating the risk is associated with following step which are highlighted below: Assumption of risk Avoidance of risk Limitation of risk Planning of risk Research and acknowledgment Transference of risk There are various security methods which can be implemented within the organization to overcome the risk which are categorised as firewalls, intrusion detection system, and access control by implementing biometric authentication system and locking through key-card, vulnerability scanner, and many others. Evaluation of IT security Risk: The methodology which is used for evaluating the security risk are associated with the series of step which are categorised as analysis of situation and requirement, creation of security policy and keep it updated, review of the document, identification of the risk, scanning of vulnerability, analysis of the data, and preparation of the report. Advantage: Firewall is a system design for using network security which helps in monitoring and controlling the incoming and outgoing of data by predetermining the risk associated with the data transfer using the security standard rules. Intrusion detection system is an application software which is designed for monitoring the occurrence of malicious activity on the network (Bresler, 2010) It helps in restricting the unauthorised accessing of the system. It helps in protecting the valuable information from distraction Faster recovery if the distraction occurs in the data due to some cyber attack Helps in the growth of the business by preserving its valuable information From the research, it has been discovered that the occurrence of risk can be avoided, reduced, reduction in spreading, transferring of risk, and its acceptance. References: Lujan, G. (2011).Cyber insurance research paper(1st ed.). Retrieved from https://www.canberra.edu.au/media-centre/attachments/pdf_folder/AIG-CIS-Cyber-Insurance_F3.pdf Resnik, D. (2015).Computer security in the real world.(1st ed.). Retrieved from https://web.mit.edu/6.826/www/notes/HO31.pdf Bresler, L. (2010).The privacy and security issues with information technology(1st ed.). Retrieved from https://www.projectpact.eu/privacy-security-research-paper-series/privacy-security-research-paper-series/PACT_ResearchPapers_10_FINAL.pdf Buhalis, A. (2012).Network security attacks, tools, and techniques(1st ed.). Retrieved from https://www.ijarcsse.com/docs/papers/Volume_3/6_June2013/V3I6-0254.pdf