Risk Assessment Methodologies
Report
As an information technology analyst, it is my responsibility to measure all the risks factors, which effect worse our system and become the causes of different losses in our company. Therefore, I am going to discuss the different risk assessment procedures that tell about the different type of risks also help to sort out the problem of risks in my company.
Different companies have the different form of risks related to their products or services. Risks or threats belong to anything, which adversely affects your profit, also damage the reputation of a company by not keeping all information, or data secure from the outside users. So different type of risk assessment methodologies are used in different companies according to their need and requirements, some are discussed below: Qualitative risk assessment, quantitative risk assessment, what if analysis, Asset audit, hazard and operability study, failure mode and effect analysis and in last fault tree analysis.
-
Qualitative Risk Assessment
In this assessment, qualitative risk measure. it means a quality of a product may be in danger or due to some reasons we could not attain the good quality of our products. This risk damages the reputation of our product. A customer wants high-quality product whatever that belongs to. Keeping a high-quality level is very important for successfully taking the attention of customers. When people give the proper price of the product then they demand a high-quality product or service. So proper quality assessment must be done because competitors may provide more high-quality product in the market, which is better than quality as compare to our product and affect our profitability. (Giac.org, 2004)
-
Quantitative Risk Assessment
In this assessment, carefully assess the quantity demand of product among customers. Customers like our product and want to purchase more but our production capacity is low so we cannot full fill the demand and need of customers. This thing also affects our image. For improving the limit of quantity, we have to improve our production capacity. Consider all the risk factors, which affect the quantity of production and make proper recommendations and must focus on all markets where the demand of our product is high and try to keep maintaining the demand with different techniques. Because once customer shifts to next product, it will never come back.
-
What if Analysis
In this assessment, different questions are asked about the threats or problem; find the causes of that problem. Proper follow-up is prepared to find out the risk factors, which affect our productivity and profitability. Actually, proper questions rise at every level from where this issue going to start and what things become the major cause of such problems. Risk assessment is not an easy task and proper working, procedures should be arranged to measure the risks, and to determine what happens before the problem arises in the specific area. So what if the analysis is considered as helping tool in risk assessment. (Mass.gov, 2018)
-
Asset Audit
In this assessment, management focuses on auditing of all assets, which are, involved in the company. Sometimes our assets did not give use proper return or utilization so assets audit is very important in this regard. Different assets have different usage and their different working affect the profitability of the company. Assets have given us long-term benefits and we use assets for a long time in different sectors like production, transport etc. so any problem may arise in this area because they do not properly support in production or not deliver the product or any other problem arise which directly affect the working of the company. Therefore, asset audit is also having an important aspect.
-
Hazard And Operability Study
In this assessment, problems are discussed in details; their main and basic reason has to find out whether they are due to employees or because of assets or may be any problem in our policy or management. Actually, we consider the initial level of problem and search out the reason for that problem. Then we measure how much that problem affects our working and productivity and what results give us with facing this problem. Different problems occur in the company so nature of every problem is different from each other. (Praxiom, 2015)
-
Failure Mode And Effect of Analysis
In this assessment, we measure the reason of problem and find out different solutions to resolve that problem. We also consider different solutions to implement the problem and then check out the effect of that solution. Not always all solutions are best to resolve all problems so the study of all type of different solutions are also important to get the perfect solution to our problem.
-
Fault Tree Analysis
In this assessment, we consider all the ways or roadmap from where the problem is going to start and how much it effects at the different level. Sometimes problem not affect the whole system but specifically damage to a unique sector or area so it’s important to note the complete path of problem it’s starting and ending points and its affected areas so proper and smooth solutions have to prepare to sort out this network of a problem and perform well in all fields. (Searchsecurity.techtarget.com, 2004)
Recommendation
After discussing the different type of risk assessment procedure, according to my knowledge, we have to adopt fault tree analysis. All methodologies are best according to their working skills but according to my need fault tree suits our company because, in information technology, it’s not easy to detect the starting point of a problem and capture its complete path. Therefore, by using this methodology, we can easily detect the problem and its path then we easily find out the solution and remove that problem from our system. However, remaining methodologies are also doing their best at their required places.
Reference
- org. (2004). Global Information Assurance Certification Paper. 1-119.
- gov. (2018). Information Security Risk Assessment Guidelines. Retrieved from https://www.mass.gov/anf/research-and-tech/cyber-security/security-for-state-employees/risk-assessment/risk-assessment-guideline.html
- (2015, November 5). Overview of Risk Assessment Method. Retrieved from https://www.praxiom.com/risk-assessment.htm
- techtarget.com. (2004, March). Risk assessment methodology: Anatomy of the risk assessment process. Retrieved from https://searchsecurity.techtarget.com/Risk-assessment-methodology-Anatomy-of-the-risk-assessment-process