Overview of IS Risk Assessment (IP) Research Paper

Overview of IS Risk Assessment (IP) - Research Paper ExampleMeasurements consist of (Sun, Srivastava, & Mock, 2006) Cost which is used to entertain the cultivation and systems Value of the reading and information systems Threat probability and occurrence Effectiveness of Controls Prior to Risk Assessment Before conducting risk assessment, primary factors atomic number 18 considered. The identification of information assets lays the foundation for further assessment. Information assets are defined as the entities that hold organization data. A good discussion is available on www.ibm.com which states it as, information assets precisely resembles with the nature of business and business strategy of the organization. Likewise, these information systems may be subjected to contractual and legislative compliance requiring protection from threats and mission censorious systems. The information assets for an organization will be the technology assets, data asset, service asset and peop le asset. In a typical scenario of an organizations network, the owners for master of ceremonies hardware will be the server administration group. The owners for the applications running on the servers will be the application support group and the owners for the data, which is stored on the server, will be system development group. Question needs to be answered Moreover, the risk management process involves the implementation of safeguards and controls that are continuously observed. Likewise, risk management identifies information assets on with their weaknesses and prioritizes them as per severity and business impact. The self-examination process of risk management assists managers to identify and mark severity of information assets. However, it is not a fact that assets are only indicating as systems, they also includes people, hardware and software components. Moreover, risk management also reflects asset classification, categorization of groups with respect to business impact against each set asset there are certain questions that need to be answered What is the most important or mission critical asset for the organization? Which asset generates wage for the organization? Which asset provides revenue for the organization? Which information asset has the most replacement cost? Which information asset requires significant protection cost? Which information asset reflects the most significant liability when breached? Phases of Risk Assessment The first phase of risk assessment is the investigation phase. The investigation phase is conducted to gather information regarding the system and resources. The threats are prioritized before assessment. The identification of critical components is conducted in order to prioritize threats. After prioritization, related plug-in is selected before execution. Risk assessment includes the scanning of completely open ports of the system. This phase also conducts scanning of all known vulnerabilities. The next phase inc ludes reporting of the findings which are extracted by investigation phase. The findings are then categorized in different priorities. The report illustrates open ports, number of vulnerabilities found at high status, number of vulnerabilities found at medium status, number of vulnerabilities found at low status (Fenz, Ekelhart, & Neubauer, 2011). Report also includes host information including the netbios name, DNS name and operating system. This phas