Report of Risk Management (Case Study) Essay Example | Topics and Well Written Essays - 6250 words

Report of Risk Management (Case Study) - Essay Example The analysis against the metric levels needs to be quantitative based on past experiences (data available), industry experiences (case studies), advice from consultants and internal brainstorming. Every level needs proper justification to a deep level such that serious risks do not remain un-noticed and also meager risks do not get projected to the management as serious simply because they are more talked about in the organization. Risk Management is a very expensive affair for an organization. Hence, special care should be taken that investments should be planned after a thorough analysis of the assets, threats, impacts, and vulnerabilities before a risk tag is assigned. Many organizations get trapped in the sales skills of security product marketing people & Insurance agents such that they end up spending a lot of money in the wrong direction whereby the core issues remain untouched. Such problems arise due to lack of a systematic and effective Risk Management System. In this paper a systematic Risk Management procedure is being presented in detail and applied to the case study. The workflow of risk management has been arrived at after a study of multiple risk management approaches viz., safety & health risk management, asset risk management and information risk management (OHSAS 18001, ISO 27005, safety engineering and National Institute of Standards and Technology). In this approach, the asset values have been calculated based on Cost (C), Integrity (I) and Availability (A). The parameter â€Å"confidentiality† in NIST recommendation has been replaced by Cost because most of the assets (except computers) listed in the case study are physical & environment related assets and moreover cost-effectiveness of the Risk Management is expected as a key result area herewith in this case study. The role carrying out such a major assessment for the company and having a budgetary estimate of $700,000 is actually a junior resource. Hence, every proposal presented for the