Page 48 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 48

Information  Security and Privacy




                    Notes          3.  To help improve the business’s operating performance and shareholder value.
                                   4.  To improve efficiency by reducing risk exposure inherent in the business processes.
                                   5.  To support the achievement of strategic goals.

                                   4.2.2 External  Factors

                                   1.  To ensure compliance with regulatory requirements.
                                   2.  To deliver competitive advantage.

                                   3.  To reassure stakeholders and interest groups that the business is actively managing risk.

                                   4.2.3 Steps involve in Risk Management

                                   Risk management involves the following steps:
                                   1.  Reviewing operations  of the organization.

                                   2.  Identifying potential threats to the organization.
                                   3.  The likelihood of their occurrence.
                                   4.  Adopting appropriate actions to address the most likely threats.
                                   Risk management is not a matter of getting the right insurance. Previously, people were not
                                   serious about risk management. Nowadays the impression of risk management has changed
                                   dramatically. With the recent increase in rules and regulations, employee-related lawsuits and
                                   reliance on key resources, risk management is becoming a management practice that is every
                                   bit as important as financial or facilities management.
                                   Information security, availability and confidentiality only address some of the components of
                                   an organization’s information security. Therefore, we are moving beyond the concept of just
                                   information  security.




                                      Task  Discuss the process of identifying risk.

                                       !

                                     Caution To successfully manage their risk in the future, organizations need to develop an
                                     enterprise-wide risk management framework.

                                   Self Assessment

                                   Fill in the blanks:

                                   3.  ....................... is a process to identify and then manage threats which could severely impact
                                       or bring down the organization.
                                   4.  Successful risk management needs  the involvement  of all levels of ....................... of  an
                                       organization.
                                   5.  To  successfully  manage  their  risk  in  the  future,  organizations  need  to  develop  an
                                       ....................... risk management framework.






          42                                LOVELY PROFESSIONAL UNIVERSITY
   43   44   45   46   47   48   49   50   51   52   53