Alexander Spirovski
American Public University
ISSC363 IT Security Risk Management
Part 1:
The purpose of a risk assessment is to identify, quantify, and prioritize risks; as well as providing useful insight into which safeguards and controls to develop and use to control specific risks. Furthermore, risk assessments must: create cognizance of risks, determine who is affected by risks, ascertain if existing control measures are adequate or inadequate, and help prevent illness, injury, and asset ruin. Identifying risks allows the organization to clearly define the threats and vulnerabilities associated with risks. Quantifying risks informs the organization of the potential losses (usually in terms of money) …show more content…
However, the degree of potential destruction from risk of fire should lead to installation of fire suppression systems and creation of offsite data backup systems, among other things. The purpose of risk scope is to clearly identify the boundary of the risk assessment; doing so prevents scope creep (cost overruns and missed deadlines), thus keeping the risk assessment timely and within its budget. Preventing scope creep is accomplished by defining the following: goals/objectives of risk assessment, responsibilities for and within the risk assessment process, specific inclusions and exclusion, risk assessment setting and methodologies, as well as identifying and specifying the decisions which are to be made based on the results of the risk assessment. The purpose of identifying critical areas of a risk assessment is to make sure that its labor is properly focused. For example, risks which lead to failure of Web and Database servers require more effort and attention from employees working on the risk assessment than those which result in workstation failure. The failure of Web and/or Database servers