Provide a reflection paper of 500 words minimum (2 pages double spaced) of how the knowledge, skills, or theories of Risk Management and Information Security have been applied, or could be applied, in a practical manner to your current work environment.

Answer:

Before knowing how risk management impacts our work environment, it is important to understand what exactly risk management is, and how it is beneficial in a business.

Risk management : It is concerned with predicting and observing the risks, that a business may face in future. It also includes the various procedures that is to be followed to avoid or minimize those risks.

Some of the main advantages of risk management are as follows:

• An effective risk management program helps a business to see the apparent risks of future.
• If a business is aware of the risks, it is easy to develop potential risk management programs to minimize those risks.
• Reduced risk’s helps a business to have more liable investment.

Following are the process of risk management:

1. Identifying the risk to know its categories and impacts in case if it is being ignored.
2. Analyzing the risk thoroughly, in case it has some serious outcomes that, if ignored can lead to loss in the business.
3. Evaluating the risk means, finding to what extent a risk can threaten the project.
4. Treating the risk means following the procedures to avoid or minimize the risk.

The strategies that are followed to treat the risk associated with any work are given as follows:

1. Avoidance of risk: This is chosen if the loss associated with the risk is small and can be neglected.
2. Reduction of risk: It can be done by following proper procedures to tackle the risk.
3. Sharing of risk loss onto multiple parties: It will help in dividing the loss of risk on number of people associated with that project and no complete burden has to be faced by a single person.
4. Retention of risks: It simply means to take full responsibility if a loss occurs after ignoring the risk rather than investing in some kind of insurance.

An effective risk management should do the following functions:

• It should create values in such a way, in which resources expended to minimize risk should be less.
• It should be an integral part of a process used in an organization, in order to have least risks associated with any business.
• It should be an important part of any decision-making process
• It should address all the uncertainties and assumptions associated with any new business.
• It should be a systematic and structured process with proper procedures to avoid or minimize risks.
• It should be based on the actual facts and information related to the project.
• It should also take human factors into consideration.
• It should be transparent, dynamic and iterative to follow.
• It should be have scope of improvement and enhancement as the risk may change at certain level.

Implementation and limitations of risk management:

Implementation of risk management system includes following all of procedures and methods for minimizing the effect of the risks. However, following risk management to an greater extent can lead to certain disadvantages as well.

• It can delay a project to get completed.
• It can limit an organization from taking risks.
• It can suspend a project until the process of risk management is completed.

Information security: Information Security is the process of preventing any unauthorized access to aa system. An unauthorized action may modify or use the confidential data for illegal activities.

The goal of implementing the information system is to protect the data from intruders or unauthorizes access and this can be effectively achieved by implement a proper risk management process explained above.

Concepts of Information Security:

• Confidentiality: It means having control on to who gets to access the information.
• Integrity: It is the process of ensuring that the confidential information or data is being modified by the person who has authorized access to the system.
• Availability: It is the process of ensuring that only the authorized users are able to have the access to the system.

The three objectives of information security are as follows:

Confidentiality:

It is one of the primary objectives of information security. Confidentiality is required to keep the information confidential(not being disclosed) and to keep the sensitive information private.

Integrity

Integrity meant to ensure that the information is modified or deleted in an authorized manner. It is important to keep the information consistent or, to allow the data to be changed only in an authorized manner in order to ensure the consistency or proper ordering of data.

Availability

Availability is to ensure that, the systems work properly, and service should not deny to any authorized users. It means that availability helps in ensuring that the authorized users are getting to use the services.

• The knowledge and theories of risk management and information security if applied in a proper and systematic manner can effectively help our current work environment. The advantages will be as follows:

1. It will help the project to see the apparent risks of future.
2. It can help a project to run with minimum or no risk or it will help in lessening the adverse outcomes .
3. It helps in ensuring that the investment being made for the business or project is risk free and proves as a liability to the business.
4. It will the projects to be done keeping in mind the risks associated with it and procedures to follow to minimize it.
5. It will provide transparency for any decision-making process which will eventually help in achieving the objectives of the entity.
6. It make the work environment secure and protected or it will help implementing a positive and secure work culture.
7. It will ensure only authorized people are getting to use or modify the data.
8. It will ensure that data is available to those only who have authorized access to the system.
9. Proper implementation of information security will minimize the harm to resources and data of the system.
10. It will help in monitoring risks and will provide access to reliable, up-to-date facts and information related to risks.