Risks at any work place

279 views 12 pages ~ 3180 words Print

Risks are unavoidable in the workplace. They can be either normal or induced by humans. In this case, it is the duty of management to ensure that accurate procedures are in place to handle situations when they arise. Often, it is critical for management to ensure that a careful evaluation of the occurrence of risks in the future has been performed such that steps are placed in motion to deter them from happening, including those triggered deliberately by individuals (Baskerville 138). The fundamental premise is that risk reduction enables the estimation and handling of risks as they emerge, allowing an organization to avoid significant damage. The focus of the analysis is to highlight the significance of risk analysis and preventive security for companies.

Risk analysis puts into perspective the evaluation of factors that may interfere with the operations of an organization such that they are controlled before they result in damage (Aven 36). Network safeties measures have turned essential to personal laptop and computer users, cooperation’s, and even the military armed forces. Through the arrival of the internet, security levels have to turn out to be key concerns; also the record of security legalizes an improved perceptive of the surfacing of security know-how. The web arrangement itself permitted for different safety terrorizations to happen (Aven 36). The structural design of the internet, once customized can lessen the probable operation attack through the network. Being aware of the assault technique, permits for the right security to come out (Baskerville 139). Various businesses protect themselves from the internet through the use of firewalls as well as encryption mechanisms.

The companies form an intranet so as to stay linked to the web but protected from potential terrorization. The whole field of the net system security is immense as well as a developing phase. The sequence of research consists of a brief account courting back to internet’s early stages and the present progression network safety. So as to comprehend the study being conducted currently, background knowledge of the web, its susceptibilities, attack techniques through the internet, and security technology is essential hence they have to be analyzed (Baskerville 140).

In the previous years, the diversity of risk that the computer network face by sophisticated attackers has raised radically transversely all communal margins this has led to challenging cost-effective encumbrance on health and organization schemes (Haimes 61). This is due to excess structures of current knowledge on the computer system, quick development of internet service station, communal usage and distribution of facts. Henceforth, creating risk assessment an extremely critical matter in the network of equipment. This article clearly focuses on the peril that may happen in the computer system, risk evaluation, risk prevention and tactical switch. Concerning statistics there has been a shocking tendency in the number of security leverage such as economic deception, stealing of exclusive statistics, statistics or net deceit or intelligence, scheme (Haimes 61).

Computer programmers or rejection of facility outbreaks in many establishments in the previous years; several and big business have been significantly affected by these volatile computer net security openings. Therefore, the chief concern of whichever institute is the safety of their statistics, for them to achieve the necessities of the corporate dealing (information security) Privacy, honesty and accessibility, the value of information must be continued. Thus, the possibility of deprivation (risk) in the workstation network of any business organization should be put into concern since the computer network creates a return of high value to companies (Refsdal 56). Computer security is the use of technology to do a job or task properly that is, making sure that the system works correctly. Security is the process that requires input from the entire organization to be effective (Refsdal 56).

Risk assessment means looking at each certain task and bearing in mind the safety system of completing it, this aids to be conscious of the threats convoluted in carrying out the task and taken actions to prevent injury. To evaluate risk, one first needs to identify the hazards (that is, tools, equipment’s, materials, and work method); secondly, to decide who might be harmed and how. Furthermore, assess the risk and put measures to control the risk. Also, account for the findings and apply them and finally, scrutinize the assessment and modernize it as required.

Risk Evaluation Practice: in risk assessment, the sequence of actions to achieve result includes:

What valuable assets used for the network (computers, and information trade secret)?

What are threats to the network (scam, impersonators, and private workers); computer programmers could be internal or external destruction?

What are the susceptibilities to the network (infrastructure exposure)?

Practices Employed to Evaluate Risk

In the previous year’s many techniques have been employed to conduct the risk assessment in computer network system these are; Nationwide Institution of Standard and Technology method, Operative Critical Risk, Asset, and Vulnerability Assessment and benchmarking. Nationwide Institution of Standard and Technology help various establishments to develop, sustain and maintain normal processes of the knowledge required to advance the quality of products and services offered, to guarantee the use of updated actions to achieve results, to certify the dependability of the product as well as to promote a prompt growth of marketing (Malhotra 32).

Operational Critical Risk, Asset, and Vulnerability Assessment is a self-directed movement that permits an association to ascertain and control the information security risk that is essential to its duty, that is the threats to the high-value resources and the liabilities that may expose the possessions to threats. With these, the organization will be able to project defensive policies to lessen the general risk exposure of its information assets (Malhotra 33).

The latter is the method used to determine the enactment of supercomputer network in an establishment. Benchmarking tools is a set of databases that are used to determine and evaluate its enactment, network proprieties, strategies as well as the webs under definite conditions. More so, benchmark aids to standardize and enhance the prospective and firmness at the various swiftness of hardware and software (valued resources). Also, it helps to know to the degree does a computer system can hold up under demanding circumstances and also help to know the position of a specific challenges which later, helps to lessen the expenditures when mending and bringing up-to-date the network. The Network links, central processing unit function, server and various parts of the computer network that can be measured or judged (Malhotra 33).

The Range of Risk Evaluation

In business or company establishment in which data is being produced on a day-to-day basis, the safety of statistics and information is the utmost essential main concern that has to be put onto keen deliberation to avert any cyber-criminal activity to give and take the network. Risk evaluation transmits out the safety and information risks that might happen in an institution; it aids in planning for the unexpected situations. The risk may be influenced by either interior or exterior forces to destabilize the organization so that it will not have the capability to attain its information security objectives. To evaluate any risk, there is necessity to discover the terrorizations that may happen and the susceptibilities to the threats (Malhotra 34).

Natural Catastrophe

In the situation where nature controls itself, natural catastrophes create severe threats on life and possessions security. Common natural disasters include drought, fire, and flood, which happen devoid of any cautioning. Consequently, the use of various practices will safeguard in contrast to the natural catastrophes; for prompt, a guaranteed mechanism being placed at all times will be of boundless assistance. The method comprises the allocation of servers in the organization, the usage of back-ups servers, usage of fire alarm and fire extinguisher (Malhotra 34).

Scheme Catastrophe

In numerous situations, once an institution is trying to lessen the cost they have a tendency to buy poorer components for their computer system thus this may lead to network failure. The superior the constituents of the system of equipment the higher the vulnerability and possibility of system failure get low (Malhotra 35).

Unintentional Human: or Human Occurrence

The likelihood that someone will deliberately or accidentally do something that will cause damage to the computer network is very high or that someone is going to do something underdeveloped (like shutting down the server). In this context, there is a requirement for secure verification and compression (the usage of clear and personal guidelines) or password so as to have the ability to access the computer. There is also а need for usage of locks on worthy possessions so that no one will do away with them (Malhotra 35).

Malicious Human: (or Persons with Criminal Minds)

These are people with malicious intent; it is classified into three, which are: Impersonation, Interception, and Interference. Impersonation is compared to deceiving. This occurs when one effectively cheats or disguises to have access by faking data into somebody else’s assets illegally. Interception refers to a situation when one hacks the server or mail essentially to obtain vibrant facts or data or trade secret so as to disrupt the business organization, intelligence trade secret or to blackmail the organization. Consequently, invidious human the usage of decent verification and data encryption of statistics for definite assets are essential and also the use of locks to secure supercomputers from being taken away. Influence by convicts could be internal or external (Malhotra 35).

Points at Which Risk Should Be Assessed in a Computer Network

Threat evaluation refers to the system that should occasionally be constant; it obliges for a continuous effort. There is certainly no wrong time to evaluate risk and scrutinize network susceptibilities. Threat evaluation is not only meant to comprehend the technology resolution to security but also to comprehend the professional validation for affecting the security. The Main areas where risk requires to be evaluated are; when different code, software packages or presentation are established, to guarantee the security state of the system as well as to know whether the examination implemented previously will be of assistance if security problem arises. Each and every time changes are prepared on the programs or schemes which will aid to expose susceptibilities that have possible side influence (Herr and Romanosky 30).

Risk evaluation and vulnerability should frequently be done conducted to scrutinize the control applied and anytime there is an influence in security, invasion or attack, hence, aid to perceive how the breaking arose and the challenge with the strategy used. As with any crime, the threat to confidentiality and reliability of data ascends from a very slight minority of criminals. A particular user operating from a basic computer can lead to the destruction of a large number of systems in an organization. Additionally, the terrorizations can also be triggered by the employees offering services in the business associations. Supreme system securities specialists have an assertion that the mainstream of network attacks are instigated by the staffs who work inside the organizations where breaks have happened (Herr and Romanosky 30).

Through faults, frequently the workers have a tendency of destroying their own firm’s networks and debase the data. Additionally, with the aid of distant technology, companies are growing to include a large number of teleworkers, branch offices, and corporate associates. These remote organizations and associates represent identical dangers as in-house staffs and also the risk of security breaks if their distant networking belongings are not appropriately safeguarded and supervised. Consequently for a company to safeguard its data, it requires having detailed information concerning the prospective rivals and their activities. Network security dangers can be categorized into two classifications; these are Logic attacks and Resource attacks. The logic outbreaks pervert the software and liabilities with an aim to crash the scheme. The attacks are made deliberately by computer programmers to destroy the system enactment (Herr and Romanosky 30).

Research attacks are the set of networks security attacks. These attacks are anticipated to impact the main constituents such as the central processing unit and Random access memory. Frequently this is done by the distribution of several internet protocol packets. The attack can be even more influential if the attacker fixes the despiteful software. Regularly, the malicious software encompasses the code for tracking many attack occurrences and a communication groundwork to empower distant regulatory (Herr and Romanosky 31).

After detecting the causes of threats and the types of damage that can arise about, it becomes easy to frame a security strategy (Anderson et al. 40). Currently, various administrations have an extensive variety of choices for technologies starting from antivirus software correspondences to steadfast network security hardware such as security system technologies must be used to project the security schemes in an organization so as to protect the business undertakings at all level. After fitting the safety implements, skilled network security professionals can be involved so as to have a guarantee that current policy is responsible for the necessary way out for safety practices. Also, the practices can also be involved in the progression of ascertaining the restrictions of the current security and also to modernize it from frequently. Commonly, the certification approaches rely on additional aspect than a lone one. Such multi-influence practices are hard to plan. These practices are more dependable as well as stronger than fraud preventions. Extenuating perils might lead into go a long way towards enhancing security (Anderson et al. 40). The practices to safeguard the computer system and reduce the likelihood of threat or susceptibility effect in an organization include:

Use of Firewalls

Organizations set up firewalls to curb a computer system from illegal packets in and out of the local network. The security system could be hardware as external devices positioned between the local area network and the router connected to the internet or as software fitted on each computer; security system usually scrutinizes all the incoming data. It safeguards the internal computer network against venomous access from outside and can also be designed to restrict the right of entry of core users to the rest of the world. It is fitted with each connection to the internet exposing data flow to deliberate supervision and also setup to conform to the security guidelines that majorly give the operator the ability control the flow of data in and out of the network. This security system offers safety measures that make the computer network less susceptible and lessen the risks (Anderson et al. 40).

Antivirus Software

Antivirus software is designed to safeguard and secure the computer against despiteful threat or viruses such as Key loggers and other codes that can do away with the system which can be started by the users though surfing the web or use of memory sticks across the network. The risk can slow down the computer and also lead to a strange and unwanted conduct of the network. There is a necessity for a fast antivirus scanner to become aware of a malicious threat on the system and clean the system from these threats aiding the operator to have a clean a malware system. Antivirus program software has to run in the background completely times and be updated once it expires so as to uphold the reliability of the network (Anderson et al. 41).

Group Policy

The policy permits or runs central switch of workers and computers in an organization. It gets responsible for control over the program and eliminates the program when it is not needed. It forms a modified desktop alignment for the employees. It provides a registered on to the computer system using an account that contains proprietor license for the policy usage (Boyson 343).

Physical Safety Measures

Physical safety measures involve usage of a decent padlock on the steel entrance to the server chamber or room so as to make it more challenging to break in. All confidential information is safeguarded completely in case an intruder comes he or she will not have right of entry to the computers thus prevent the computers from being taken without the organization consent. This article analyses the risk evaluation and extenuation in the computer network, further it identifies the threats and susceptibilities that lead to the rise of risks in the computer network. It further analyses the methods used to address peril and risk evaluation. It also examines the precautionary actions such as designing of security systems, antivirus software, group policy, and physical safety measures to lessen risk which has more implication for decision-making by the organization for computer network reliability mainly concerning computer information security (Boyson 345).

Conclusion

As stated earlier, the focus of the analysis is to highlight the significance of risk analysis and preventive security for companies. Also, risk analysis puts into perspective the evaluation of factors that may interfere with the operations of an organization such that they are controlled before they result in damage. From a personal perspective, risk assessment does not have an assurance for complete eradication or stoppage to all malicious threats but lessens threats to a reduced degree. Therefore, it is advisable for companies to ensure adequate planning such that each employee is informed on the strategy of various organizations and response to definite interior and exterior impacts since the main computer threat is essentially the operator behind the computer. The management of risks should not only be a task for the heads of a company but rather each person even in the subordinate level as risks tend to emanate from various places. From a personal viewpoint, employees should be trained on ways of identifying and assessing risks in regards to their departments such that they are able to manage them before they cause harm to other sections in a company.

Works Cited

Anderson, R., Barton, Clayton, R., Van Eeten, M. J., Levi, M., ... & Savage, S. Measuring The Cost of Cybercrime. In The Economics of Information Security and Privacy. Berlin: Springer Berlin Heidelberg, 2013. [Internet] Available from: http://www.econinfosec.org/archive/weis2012/papers/Anderson_WEIS2012.pdf. [Accessed 9 February 2017]

Aven, Terje. Foundations of Risk Analysis. Wiley, 2012. [Internet] Available from: http://vpdfcn.diemviet.com.vn/Upload/english/File/Economics/Foundations_of_Risk_Analysis.pdf. [Accessed 9 February 2017]

Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. “Incident-Centered Information Security: Managing A Strategic Balance Between Prevention And Response”. Information & Management, vol. 51, no.1, 2014, 138-151. [Internet] Available from: doi:10.1016/j.im.2013.11.004. [Accessed 9 February 2017]

Boyson, Sandor. ”Cyber Supply Chain Risk Management: Revolutionizing the Strategic Control of Critical IT Systems”. Technovation, vol. 34, no. 7, 2014, pp. 342-353. Elsevier BV, [Internet] Available from: doi:10.1016/j.technovation.2014.02.001 and http://isiarticles.com/bundles/Article/pre/pdf/43893.pdf. [Accessed 9 February 2017]

Haimes, Yacov Y. and Andrew P. Sage. Risk Modeling, Assessment, and Management. John Wiley & Sons, 2015. ISBN: 978-1-119-01798-1

Herr, Trey and Romanosky, Sasha. Cyber Crime: Security under Scarce Resources. The American Foreign Policy Council: Defence Technology Briefing, no. 11, 2015. [Internet] Available from: https://poseidon01.ssrn.com/delivery.php?ID=321102020088086124086092096016098069021063020068087078105086024089003088108097124119059058002121107109114088103096064119087021050009068002021115003127105019009114029090058030122024098119026073126066064077086117083027107005123016118030083067094074083114&EXT=pdf. [Accessed 9 February 2017].

Malhotra, Yogesh. ”Cybersecurity & Cyber-Finance Risk Management: Strategies, Tactics, Operations, &, Intelligence: Enterprise Risk Management to Model Risk Management: Understanding Vulnerabilities, Threats, & Risk Mitigation (Presentation Slides)”. SSRN Electronic Journal, vol. 8, no. 2, 2015, pp. 30-40, [Internet] Available from: doi:10.2139/ssrn.2693886. [Accessed 9 February 2017]

Refsdal, Atle, Bjørnar Solhaug, and Ketil Stølen. ”Cyber-Risk Management”. Cyber-Risk Management (2015): 33-47, [Internet] Available from: doi:10.1007/978-3-319-23570-7_5. [Accessed 9 February 2017].

November 23, 2022
Category:

Economics Life

Subject area:

Workplace Risk Responsibility

Number of pages

12

Number of words

3180

Downloads:

46

Writer #

Rate:

4.6

Expertise Responsibility
Verified writer

JakeS has helped me with my economics assignment. I needed an urgent paper dealing with Brexit. JakeS has been awesome by offering an outline with ten sources that have been used. It helped me to avoid plagiarism and learn more about the subject.

Hire Writer

Use this essay example as a template for assignments, a source of information, and to borrow arguments and ideas for your paper. Remember, it is publicly available to other students and search engines, so direct copying may result in plagiarism.

Eliminate the stress of research and writing!

Hire one of our experts to create a completely original paper even in 3 hours!

Hire a Pro

Similar Categories