RISK MANAGEMENT: HOW TO CALCULATE RISK?
INTRODUCTION :
Risk Assessment and Risk Management is done with the calculation of severity and likelihood. Severity is considered based on the level of the disaster which will impact in the future of the organisation. Likelihood is deemed to be found on the way risk which will probably change the organisation. The Risk calculation by analysing how the impact occurred and how it can be mitigated based on the calculation.
It is also a meaningful way to protect organization business, at the same time acquiesce with the law and procedure. It helps to focus on the risks that matters in the organization. In many scenarios, direct measures can be summed up to control risks, which means smooth, cheap and effective measures to ensure your most valuable asset.
In Risk assessment and risk management process, we are going to discuss about the how process is done. Here are the below contents.
STEP 1 – IDENTIFY THE HAZARDS:
The risk is vital to understand the context in which it exists. It needs to define the relationship between organization and environment that functions in, so that outline of the organization facing risk is evident.
- Look at location, exposure to data;
- Interrogation with the contiguous people;
- To check any recent incidents.
STEP 2 – HOW THE RISK HAS HAPPENED:
This step denotes that to identify the likelihood and consequence of it are occurring. The risk can be of any type such as physical, ethical, financial.
The physical risks are those involving the damage to the organizational assets such the infrastructure equipment, injuries for the employees and also if the condition of the weather is terrible which affects routine services.
The Ethical risks involve potential harm to the reputation and services of the organization. The trust of the organization gets degraded when the data breach or leakage has occurred.
The Financial risks which involve the loss of organizational assets. Any theft of financial breach occurred on the internet.
STEP 3 – EVALUATE THE RISKS:
Risk evaluation denotes the analysing the likelihood and consequences of the threat which is pointed and making the decision of risk factors were potentially have an effect and needed to be made a priority. The level of the risk is considered based on the likelihood and consequence of the impact.
The Evaluation is done by comparing the impact of the risk found during the analysis process with risk criteria previously impacted by the organization.
The criteria for evaluating the risks
SCALE FOR THE LIKELIHOOD:
| Severity | Description |
| 5 | Certain: It will probably occur or often impact several times per year |
| 4 | Likely: Likely to arise once per year |
| 3 | Possible: It will occur five years once the period |
| 2 | Unlikely: Disaster occurred once in 10+ years |
| 1 | Rare: Barley occurs |
SCALE FOR THE CONSEQUENCE:
| Severity | Description |
| 5 | Catastrophic |
| 4 | Major |
| 3 | Moderate |
| 2 | Minor |
| 1 | Negligible |
Calculation of Risk priority
Risk=Likelihood * Impact
| IMPACT | ||||||
| LIKELIHOOD | 1 | 2 | 3 | 4 | 5 | |
| 1 | Very Low | Very Low | Low | Low | Medium | |
| 2 | Very Low | Low | Medium | Medium | High | |
| 3 | Low | Medium | Medium | High | High | |
| 4 | Medium | Medium | High | High | Very High | |
| 5 | High | High | Very High | Very High | Very High | |
STEP 4 – TREATING THE RISK OCCURRED:
Risk Treatment identifies the range of options for treating the risk, preparing the risk treatment plans and applying those plans. Options for treatment need to be proportion to the significance of the risk.
According to the standard, there are various options existed:
- Accepting the risk
- Avoiding the risk
- Reducing the risk
- Transferring the risk
- Retaining the risk
- Financing the risk
STEP 5 – REVIEW ASSESSMENT
Reviewing is an ongoing part of risk management which is the integral step of the process. It is also an essential part of all business functions which need to monitor and treated. Monitoring and reviewing the risk is to make sure that the information which generated by the risk management process is logged, used and maintained.
CONCLUSION :
The Risk Assessment and Mangement procedure above should be implemented by organisations to secure the work activities. However, some other methods contain activities, where the work procedure covers employees undertaking work experience within the organisation. The risk management process which need be implemented in the operations and governance of every organization. However, no ‘one size fits all’ way of embedding the risk management. Preferably the process must be enhanced to fit the size, complexity, industry competition and environmental uncertainty faced by the organization.
Briskinfosec offers a comprehensive approach to manage the risk and compliance in the organization more effectively. Our customized solution meets the policies, procedure, technologies and competencies in several stream of work across the risk management categories of governance, process and technology.
AUTHOR :
Dharmesh B
Security Engineer
Briskinfosec Technology and Consulting Pvt Ltd.,
https://www.linkedin.com/in/dharmeshbaskaran/
Posts
No comments:
Post a Comment