Evaluating Risk Management and Compliance for IT Systems
Hello and welcome to today’s presentation on evaluating risk management and compliance for IT systems. The presentation will expound on various ways of risk management for IT systems. It will also explain two risk assessment methodologies.
We shall begin by explaining what risk management is and why it is important for an organization’s IT infrastructure. Then we shall discuss the various frameworks of risk management. The frameworks have different steps; therefore, an organization can choose a framework that best suits it. Consequently, we shall discuss certain factors that influence the choice of a risk management framework. The next point would be to discuss the qualitative and quantitative risk assessment methodologies
In IT systems, risk factors may include data loss, system failure, security breaches, natural disasters, and cyberattacks (Carlsson & Mattsson, 2019). Such risk would have adverse effects on an organization. For example, some regulations govern how an organization should protect data confidentiality, failure to which punitive measures would be imposed. Another example would be that of data loss and cyberattacks like the denial of service attack. This would result in crippling an organization’s day-to-day activities, which would, in turn, negatively affect the organization’s revenue. To mitigate the mentioned risks, an organization would resort to eliminating risk, reducing risk, sharing, or accepting risk. In risk avoidance, the organization would have a policy prohibiting system users from performing certain actions (Carlsson & Mattsson, 2019). This would include prohibiting the sharing of passwords and using names as a password. An organization can set up a data backup and educate its staff on safe cybersecurity practices to reduce risks. Risk acceptance would include budgeting for risks that cannot be eliminated. This would include investing in disaster recovery infrastructure. In risk-sharing, an organization would acquire risk insurance coverage.
Essentially, a risk management framework contains the steps used to manage risks in an organization (Amraoui et al., 2019). We shall discuss three frameworks of risk management. The frameworks are all effective and are chosen based on the needs of an organization. That is, how an organization prefers to handle their risk management process. The steps in a risk management framework work as a step by step guide on how to execute risk management.
The repetitive process framework contains four iterative steps. The first step is risk identification, which enables the organization to note all possible risk factors (Amraoui et al., 2019). In an IT systems environment, one risk factor would be cyberattacks. Risk assessment is the second step, where the identified risk factors are analyzed to identify their impact (Mohammad, 2020). The third step is risk mitigation. After identifying the impact that the assessed risk factors would cause, mitigation measures are implemented. This would include risk avoidance, reduction, sharing, and acceptance. The fourth step is monitoring results, where the implemented mitigation measures are assessed according to their performance (Amraoui et al., 2019).
The COSO framework has eight multidirectional steps (Amraoui et al., 2019). The internal environment describes the organization’s culture. Step two includes identifying the risk objectives that the organization could experience. Step three checks on the external and internal factors that could affect an organization. In an IT environment, this would identify cyberattacks that could be experienced from within and outside an organization. For instance, a virus attack could be facilitated internally by end-users unaware of the practices of not running files attached to emails sent by unknown persons.
Risk assessment is done to establish the likelihood of a risk and its impact (Amraoui et al., 2019). The risk assessment would determine how risks would be treated; risk avoidance, sharing, acceptance, or reduction. Policies would then be implemented in the activity control step based on the risk treatment decisions. After implementing the policies, information communication will be made available to all employees as a training and awareness tool. The last step, steering, would include monitoring and modifying the implemented measures according to their performance requirements.
The ISO framework has three parts (Amraoui et al., 2019). The first part focuses on risk management effectiveness. This ensures that all risk management principles are incorporated, including a structured plan for managing the outlined risks. The second part ensures that all risk factors are reported (Amraoui et al., 2019). This information facilitates decision-making for enhanced risk management. The third-party ensures that risk management implementations are continuously monitored and amended (Amraoui et al., 2019).
Before choosing a risk management framework, an organization should consider its needs (Amraoui et al., 2019). This would include how flexible the framework is. Like is it revisable? Scalability; Can it be amended to accommodate new findings and solutions? Simplicity; is it easy to understand? Are the steps in the framework easy to follow? Is it easy to implement? This means that the framework can be implemented within short notice if a new risk is identified. Based on these factors, the iterative framework would be the best because of its scalability and simplicity. It is also flexible because its steps can easily be repeated to accommodate new findings making it easy to implement.
In qualitative risk assessment, non-numerical values and descriptive analysis are used to analyze and assess risk factors (Taherdoost, 2021). For example, an IT security team could brainstorm on possible risk factors and design solutions based on the same brainstorming session. Interviews would be used to collect risk factor information from end-users. For example, end-users would be used to describe what the qualities of a strong password are. This will enable the IT team to identify if the end-users have strong combinations. Other interview questions would include; how can end-users spread computer viruses? What should an end-user do when requested to click on suspicious internet links or links sent via email by unknown persons?
The quantitative risk assessment methodology is used to provide numerical value results (Taherdoost, 2021). For example, an IT security team would check the NIST online database to identify common risk factors. Using that information, the team would analyze the numerical likelihood of a risk factor. Modeling and simulation would also be performed where a risk factor would be modeled against its likelihood, and a simulation of numerical values would be produced.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Provide a minimum 10-slide PowerPoint presentation, excluding the title and reference slides, that addresses the following:
Summarize risk management concepts. Include the different frameworks you could use and why you might choose specific frameworks.
Evaluating Risk Management and Compliance for IT Systems
Summarize the qualitative versus the quantitative risk analysis approaches and techniques for managing risk.
Provide voice narration as instructed.
Provide at least three outside references on the topic of risk management in addition to the text.
NB: Your narration will provide additional details of the points you have provided on each slide. You must have narration on every slide. Discuss and expand upon the points you have summarized on each slide by using the slide notes section on each slide to coincide with the narration. Do not just read what is on the slide. Remember, the slide should have minimal information so the audience will need to pay attention to your narration and to the supporting information you provide.
Written Parameters/Expectations
Include a title slide and reference slide.
Written work is provided in Standard English.
At least 10 slides in length, not counting the title slide and reference slide
Includes a highly developed viewpoint and purpose and exceptional written content.
Writing demonstrates superior organization and is well-ordered, logical, and unified.
Free of written grammar, punctuation, and spelling errors
No evidence of plagiarism
At least three outside references on the topic of risk management in addition to the text
Make sure that the reference slide is in the latest APA edition style.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.