Risk Assesment in It

Risk analysis related to information security and infrastructure protection

By Jamal Ghammashi

Columbia Southern University

The analysis of risk faced by corporations is vital to their security and economic welfare as well as the protection of the employees. (1) Risk analysis is performed at many levels and with many degrees of detail. Risk analysis services are provided by Fortune 500 consulting firms like Deloitte and Touche, Ernst and Young, KPMG and many others. The basics of doing a risk analysis are the same whether it is for a person, a Fortune 500 company or even the military. The first thing you must do is identify the risks that you face. The next step is to identify the potential consequences of the risks. Next you must identify the ways to reduce the risks. Then you have to determine what they will do to alleviate any of the risks. You then determine how well the things you implemented worked. Then analyze how well it worked and adjust if you need to. As it pertains to doing a risk analysis of your IT systems the same basic steps apply, the first thing that must be done to do any risk analysis is to know what types of IT systems you have within the organization. The problem that has been found is too often the analysis is done in regard to external factors. The problem is too often the true threats come from internal sources such as disgruntled employees or just plain criminals. The objectives and goals of any risk assessment on the infrastructure and security protections is to protect the company, its information and its employees. The target audience is really everyone from the owners and share holders to the employees as they all benefit from a secure IT environment. The steps necessary to perform a risk analysis are assessment and evaluation, threats and cost effective security measures. The assessment and evaluation stage is when you do an assessment of what you have and what the risks are....