Risk Analysis For Information Technology

Running Head: RISK ANALYSIS 1

Risk Analysis for Information Technology

Name

Affiliation

Tutor

Date

RISK ANALYSIS 2

Risk Analysis for Information Technology

The paper mentions that “threats arising from authorized access are the most difficult to find and

assess.” Table 1 (page 131) in the paper lists potential threats to information security. Do some

research on the two threats listed under unauthorized physical or electronic access. Explain what

type of harmful consequences can result from these threats.

Software piracy

Six out of seven used softwares are normally pirated. To the software technology, this has been a

major drawback (Givon, Mahajan & Muller, 1995). Globally, illegal software use has been the order of

the day and had been termed as the biggest problem encountered in this industry. For example, those

who use the illegal software forgo the required costs of purchase, thus, reducing profits gained in the

industry. This would result to losses being incurred in software companies. However, this can be

reduced through embracing security measures that would discourage the software pirates from their

illegal deeds.

Hacking

There has been a diverse use of technology in the recent past. However, this has contributed to an

emergence of illegal online hackers who disrespect people’s privacy (Jordan & Taylor, 1998). They

attack individuals and organizations’ profiles, websites or even systems, by obtaining illegal access to

the sites or even hacking their passwords. Hacking can bring an organization negative consequence. For

example, the aim of the hackers may be to drain it financially. It has been evident in that hacking cases

are reported day in day out where finances of several organizations have been interfered with. Therefore,

necessary measures to reduce this threat should be implemented.

RISK ANALYSIS 3

The paper says: “any security measure or combination of such measures must not cost more than

it would cost to tolerate the problem addressed by the measure.” Do you agree? Why or why not?

Explain in details.

According to Stewart & Mueller (2008), assessment measures are recommended to have a tendency

to cut costs. Therefore, any security measures taken to reduce or curb possible threats should be able to

achieve this. It mea should be analyzed in details on its effectiveness and cost before being

implemented. The advantages that accrue due to a measures implemented should be able to outweigh the

costs incurred during implementing it. For example, if a management takes measures in controlling

software piracy, the costs incurred should not be more than what those softwares yield for the

organization. Therefore, the measures should justify their relevance. To ensure this to be a continuous

process, the approaches used should be overly analyzed to test for their cost- effectiveness.

List the properties that are desirable for any measure (quantitative or qualitative) of loss exposure

of IT assets. List all quantitative risk analysis methodologies described in the paper. Briefly

describe their advantages and disadvantages

The properties desirable for risk assessment measures include acceptability by the management,

users and the department related, must be detailed and facilitate advancing technologies. Similarly, it

should be capable of implementation and cut on costs, must have room for current or future

improvement, learner friendly, therefore one willing to learn it should have access to clearly stated

documents.

Quantitative Risks Analysis Methodologies

RISK ANALYSIS 4

The methodologies under this approach, which measure the extent to which IT assets are at risk by

multiplying the vulnerability of an asset by its probability occurring include annualized loss expectancy,

Courtney, Livermore Risk Analysis Methodology, and Stochastic Dominance.

The positive impacts of quantitative risk analysis are; IT assets that are prone to destruction and

critical identification. It also takes part in valuation of these assets. On the other hand, these methods are

disadvantageous in that the estimate made of probability of destruction is not precise. In addition, big

and small problems prone to take place are averaged and alike solutions given. With this, the major

issues may be overlooked leading to ineffectiveness.

List all qualitative risk analysis methodologies described in the paper. Briefly describe their

advantages and disadvantages

Qualitative Risks analysis Methodologies

These methods are applicable only when an instant assessment of IT assets risk is required. They

include Scenario analysis, Fuzzy metrics, and Questionnaires.

These methods are advantageous in that they help to save time and effort, which in turn saves on

costs. This is because the assets and threats do not need to have exact values and probabilities,

respectively. When the management needs to find out gross weakness in the systems, it is advisable to

use these methods. However, this approach has its own drawbacks in that the values provided are not

exact. With this, the management may regard it suspicious.

Consider the risk analysis method proposed by the authors of this paper. The authors claim that

the proposed risk analysis process using a combination of methodologies is more effective than the

RISK ANALYSIS 5

use of any single methodology. Do you agree with this claim? Explain in details (and preferably

with examples). Mention any drawback of the proposed method if you find any.

The approach that seeks to combine the qualitative and quantitative risk analysis a methodology is

effective in comparison with the use of just one of them. This is because there is flexibility in that; IT

assets can be examined with their respective threats and the extent to which these assets are vulnerable

to these threats. Additionally, the management can have a clear estimation of all risks necessary to

occur. This is achieved by first using the qualitative methodologies in the first steps. This approach helps

to first assess necessary information to be used in the latter part of the process, hence the quantitative

methods are used in the last step. Where the management uses only one of the approaches, the

information gathered may not be as comprehensive as when both are combined. In addition, it enables

the management to have trust on the measures. For example, the suspicions caused by qualitative

methodologies alone are eliminated. Secondly, the risk of averaging huge and smaller threats is reduced

in that, as the process begins, possible threats are identified in order of their effects.

The major drawback associated with this approach is that it may be complex since it is a

combination of two strategies. Therefore, a threat to cost and time effect is encountered.

Do some research and find out one more risk assessment methodology that has been proposed

after this (citations of this paper will give you a clue). Give a brief sketch of that method and

provide a comparison

There is previously proposed risk assessment approach, which would yield in measuring possible

threats to IT assets. The approach consists of four distinct steps (Choi, Cho & Seo, 2004).

Survey of Information Related to a Risk

RISK ANALYSIS 6

This is related to the first step of the combined methodology since it involves survey of information

that yield in determining risks. In this case, a previous issue related to assets risks is gathered.

Identification of the Risks

From the information gathered, possible risks are identified. Possible sources of risks are also

investigated in detail. This is a critical stage and hence utmost care should be put into practice.

Analyzing and Evaluating the Risk

This is done on the basis probability of a threat occurring. It should be done on regularity. Risks are

calculated by multiplying probability and the expected cost.

Managing the risk

After all is done, an appropriate strategy to cater for each individual threat is implemented.

Measures are taken to aid reduction of potential severity of losses occurring.

Both measures have similarities in that they help in determination of possible threats in an

organization. However, they are different in that the combined methodology incurs huge costs and it is

time ineffective.

RISK ANALYSIS 7

References

Choi, H, Cho, H & Seo, J. W. (2004, March / April). Risk Assessment Methodology for Underground

Construction Projects. Journal of Construction Engineering and Management, 130(2), 258- 272.

Givon, M, Mahajan, V & Muller, E (1995, January). Journal Software Piracy: Estimation of Lost Sales

and the Impact on Software Diffusion. Journal of Marketing, 59(1), 29- 37

Jordan, T & Taylor, P (1998, November). A Sociology of Hackers. The Editorial Board of the

Sociological Review, 46(4), 758- 780

Stewart, M. G & Mueller, J. (2008, April). A Risk and Cost- Benefit Assessment of United States

Aviation security Measures. Journal of Transportation Security, 1(3), 143-159

Place new order. It's free, fast and safe

Paper type

Deadline

Page count

550 words

Total price: $ 15.00

Our customers say

Jeff Curtis

USA, Student

"I'm fully satisfied with the essay I've just received. When I read it, I felt like it was exactly what I wanted to say, but couldn’t find the necessary words. Thank you!"

Ian McGregor

UK, Student

"I don’t know what I would do without your assistance! With your help, I met my deadline just in time and the work was very professional. I will be back in several days with another assignment!"

Shannon Williams

Canada, Student

"It was the perfect experience! I enjoyed working with my writer, he delivered my work on time and followed all the guidelines about the referencing and contents."