The goal of the company is to provide mortgage services at a fixed low rate of $1500 to approved applicants. In order to be able to optimally provide these services, it is necessary to calculate the organization risks and develop a plan to mitigate the risks. The risk assessment will identify the approaches to be implemented for elimination of avoidable risks and the minimization of the risks that are unavoidable. The discussions following will limit the risk assessment to IT related issues: security, auditing and disaster recovery.
Risk assessment is determining two quantities of the risk, the magnitude of the potential loss and the probability that the loss will occur. Risk assessment then is a step in the risk management process, http://en.wikipedia.org/wiki/Risk_Assessment. An organization has to have policies in place to identify and manage risks. Oldfield and Santomero (n.d.) developed the following guidelines to successfully implement the risk management policy set up by the business:
It has to be integral to the firm 's business plan.
It has to define a measure of risks in each business consistently across the firm.
Initiate procedures for risk managing at the point nearest to the assumption of risk.
Develop databases and measurement systems in accord with business practices.
Install comprehensive risk management system to evaluate individual, business, and firm level
References: Dean, T. (2002). "Network+ Guide to Networks, 2nd Ed" Thompson Course Technology Dubie, D. (2006). "Managing risk: new reality for IT security executives" Network World. http://www.iwar.org.uk/comsec/resources/sa-tools. https://ecampus.phoenix.edu/secure/aapd/CIST/VOP/Business/McBride/IT/McBrideITWeb001.htm Mackie, A. (2000). "Information Protection Centers – An Organizational Approach to Security." SecurityFocus.com [www.securityfocus.com/infocus/1451] Oldfield, G. S., and Santomero, A. M. (n.d) The Place of Risk Management in Financial Institutions http://www.gloriamundi.org/picsresources/goas.pdf Rodney G. (2005) "Hacker Mitnick preaches social engineering awareness," Computerworld Today (Australia) July 22. Sharick, P. (2002). Techniques for Establishing Highly Secure Systems, Windows IT Security, June 2002 Edition. Stoneburner, G., Goguen, A., and Feringa, A. (2002). "Risk Management Guide for Information Technology Systems." NIST. Van der Walt, Charl. (2002). "Assessing Internet Security Risk, Part 1: What is Risk Assessment?" SecurityFocus.com [www.securityfocus.com/infocus/1263] c