The Information Systems Audit And Control Association also known as ISACA highlight in the
Certified Information Systems Auditor (CISA) Review Manual:
“Risk Management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization”.
Management of risk is defined as a particular risk that can occur at any specific moment in time. Unmanaged risk can have a significant effect on project management, whereas risk that is effectively managed is effectively reduced. Risk management is important to mission critical projects.
Any risk management plan should focus on the immediate, the future, and any potential threats that may occur in managing such risk. These risks translate into three main categories:
– Risk: where any information asset may be at a serious risk of potential damage
– Vulnerability: an imperfection or weakness that potentially could hinder or be used to cause harm to an information asset
– Threat: can be either manufactured or occur naturally through nature to damage an asset
A vulnerability may cause harm and impact a organizations information resources and data integrity, it may also harm confidentiality of such information. Managing such risk entails various protocols and audits.
Effective Risk Management
Mission critical business processes in an organization must be protected at all times, through effective risk management. Such management entails (often) the use of software systems. These systems are put in place and audited regularly so that such vulnerabilities are minimized.
Management of risk isn’t without its problems, for it can directly affect costs, and productivity, the management team must decide upon what factors determine such investment in risk management strategies.
Business Continuity Plans (BCP)
Mission critical processes must be maintained at all times, business continuity refers to the processes and systems in place that can protect and also recover such processes in case of failure, through any vulnerability. This recovery time would be at a minimum in such instances.
Business Continuity Planning (BCP):
This entails backup planning rather than simply mitigating risk or relying on avoidance tactics. It details such scenarios whereby business units will eventually fail, whether or not the risk plan’s preemptive plan is in place or not. Such systems are similar to disaster recovery plans and can restore data, systems and information.
Disaster recovery systems are in place in order to restore natural running of business units, which rely on mission critical systems to function properly whether through sabotage or natural occurrence. Similar systems are in place in hosting companies, and governments. Data protection may rely on off-site systems, regular backups, or powerless ready systems such as those running on generators.