Response
Djessica
Article:
IT Risk Assessment | Protect Your Organization (hyperproof.io)Links to an external site.
Summary
This week I read an insightful article entitled, “How to Perform a Successful IT Risk Assessment”. As the title suggests, it provides a comprehensive overview on what an IT risk assessment is, why it is essential, and how it is conducted.
IT security risk assessments are described as “assessments that focus on identifying the threats facing your information systems, networks, and data and assessing the potential consequences you’d face should these adverse events occur” (Team, 2024). In other words, risk assessments help organizations analyze the potential threats to their systems and proactively take measures to prevent them. They should be conducted on a regular basis and whenever major changes are made within the organization (Team, 2024).
Information security risk assessments are conducted for many reasons including: cost justification, improving productivity, breaking barriers between the IT staff and senior management, and facilitating communication throughout the organization.
The article describes eight fundamental steps that are necessary when conducting a risk assessment:
1. Identify and catalog your information assets.
2. Identify threats.
3. Identify vulnerabilities.
4. Analyze internal controls.
5. Determine the likelihood that an incident will occur.
6. Assess the impact a threat would have.
7. Prioritize the risks to your information security.
8. Design Controls.
What I learned
“How to Perform a Successful IT Risk Assessment” was overflowing with information. For example, I learned that every 40 seconds a cyber-attack is being attempted and ransomware attacks are increasing at a rate of 400% every year. I also learned that the risks to sensitive information are always evolving so it’s imperative that your information security evolve with them. Changes to many parts of a business can open it up to different risks, so it’s important that the people responsible for information security are aware and are clear on what actions to take if and when changes occur (Team, 2024). Furthermore, another key takeaway that I extracted from this article is the importance of considering every department and every perspective when conducting the assessment. For example, when identifying your information assets, you must consider that different roles and different departments have unique perspectives on what the most important assets are, so you should get input from each source. (Team, 2024) The same can be said about identifying threats. Threats can come in various forms, not all threats are malicious. It can be as simple as an employee accidentally deleting information or as abrupt as a natural disaster or a power failure. With that being said, in order to successfully conduct a risk analysis, one must have a keen sense of awareness, excellent foresight and expect the unexpected.
JASON
Health and Environment Information Systems for Exposure and Disease Mapping, and Risk Assessment
In this paper, the author discusses how chemical hazards within the environment impact people’s health. He notes we must manage the risks associated with these hazards. The distribution of chemicals in the society is distributed unevenly. The diseases occurring from these chemical environmental hazards reveal different disease patterns. Geographical Information Systems (GIS) can produce maps to assess exposure to environmental disease patterns. Disease tools provide knowledge and information on changes in disease patterns and exposure to disease. The varying patterns of disease can be assessed using software tools such as Inquiry Facility, developed by the U.K. Small Area Health Statistics Unit and enhanced in the European Health and Environment Information System project. These make for a quick assessment of any potential health hazards associated with an environmental pollutant (Jarup, 2024).
The article highlights the launch of the EUROHEIS project in 1999, aimed at enhancing comprehension of the connections between environmental exposures, health outcomes, and risks. Through the creation of integrated information systems, the project seeks to facilitate swift assessments of environmental-health relationships at a geographical level. The collaboration between the Health Department and Information Systems is particularly noteworthy, enabling an integrated approach that promises to pinpoint geographical risk levels more effectively.
I learned that the process of risk assessment for Health Environment Information Systems and disease mapping relies on evaluating health risks linked to pollution and estimating the affected population. This corresponds to the standard procedure for risk assessment, where any deviations from these norms would be detectable by an IT department. Health and environmental information systems, specifically Geographic Information Systems (GIS), offer valuable tools for the risk assessment process. They can aid in exposure assessment, disease mapping, and evaluating health risks associated with pollution sources, helping estimate the number of people at risk. We also should be aware of both the strengths and weaknesses of this approach. The article notes that studies have examined variations in risk with proximity to pollution sources like industrial plants or landfill sites. Overlaying maps of exposure and disease can be misleading due to inaccuracies in exposure estimates, latency periods, and migration issues. The article also highlights a significant advantage of GIS for risk assessment as its ability to model risk geographically, facilitating the estimation of individual risk without costly measurements (Jarup, 2024).
