IT Security Risk Mitigation Security Risk Assessment and Mitigation Planning
IT systems are largely used in today’s world compared to a decade ago. Therefore, more security risks involving cybercrime have sufficed, so proper IT security risk measures are needed. The benefits of increased use of IT systems outweigh the drawbacks, leading to the option of implementing secure IT systems. To mitigate IT security risk, risk identification, assessment, and mitigation must be done (Kuzminykh et al., 2021). The entire identification, assessment, and mitigation process is identified as risk management (Larrimore, 2018).
Identifying IT risks includes checking on the possible risks (Kuzminykh et al., 2021). For example, an e-commerce business would predict IT risks such as phishing and denial of service attacks. Phishing would include obtaining customer information during online cash transactions and using the information to masquerade as a legal customer. Denial of service attacks would make the resources of an IT system to users. This would lead to the sabotage of business. After identifying such risks, a risk assessment would be conducted to predict the probability of taking place (Kuzminykh et al., 2021). The security risks would be listed in descending order, starting with the risk with the highest probability.
The next step after producing a risk assessment document would be to mitigate the risks (Mohammad & Syed, 2020). These would include selecting the best mitigation measure for each risk. There are four types of risk mitigation: acceptance, transfer, reduction, and avoidance. The acceptance measure is implemented when the risk to be mitigated has a low possibility of occurring while the transfer is done by including a third party, such as an insurance company. This is mainly for a risk that would harm a business. The reduction technique is done to minimize the possibility of risk and impact. The avoidance measure includes eliminating the possibility of a risk. This would be important for risks that have a high likelihood and adverse impact. For example, a denial of service attack would adversely impact an e-commerce business. This is because the core business operations would be halted. Customers would be unable to order and pay for goods, leading to zero business income. Therefore, such a risk should be avoided at all costs. This would include implementing the latest security measures, such as network and software patches. It would also involve network monitoring software and skilled personnel.
Mitigation planning is done after mitigation measures have been decided upon. This would include implementing the mitigation measures (Irsheida et al., 2022). For example, a mitigation team and plan would be formed and documented. With the example of a denial of service attack, persons responsible for network monitoring and scanning would be trained always to protect the network and respond if the attack happens. This would include detailed steps from attack identification to mitigation and elimination. It would also indicate who is responsible for each mitigation step. Mitigation planning ensures that risk has a low probability; if it happens, a swift response is made to minimize impact.
The topic of risk management covers risk assessment, mitigating, and mitigation planning (Larrimore, 2018). This makes it an all-inclusive topic that is essential in IT security; hence, choosing it as a favorite. Therefore, covering the topic of risk management enables an organization to handle possible security risks comprehensively.
References
Irsheida, A., Murada, A., AlNajdawia, M., & Qusefa, A. (2022). Information security risk management models for cloud hosted systems: A comparative study. Science Direct, 204, 205-217. Retrieved from https://pdf.sciencedirectassets.com/280203/1-s2.0-S1877050922X00070/1-s2.0-S1877050922007633/main.pdf?X-Amz-Security-Token
Kuzminykh, I., Ghita, B., Sokolov, V., & Bakhshi, T. (2021). Information Security Risk Assessment. MDPI, 1(50), 1-16. Retrieved from https://www.researchgate.net/publication/353436973_Information_Security_Risk_Assessment
Larrimore, N. P. (2018). Risk Management Strategies to Prevent and Mitigate Emerging Operational Security Threats (Doctoral dissertation, Walden University). Retrieved from https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=6145&context=dissertations
Mohammad, S. M., & Syed, H. H. (2020). Risk Management In Information Technology. International Journal Of Innovations In Engineering Research And Technology [Ijiert], 7(5), 373-381. Retrieved from https://www.researchgate.net/publication/358443490_Risk_Management_in_Information_Technology
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
IT Security Risk Mitigation Security Risk Assessment and Mitigation Planning
Instructions: Choose a Lesson
Assignment Instructions
The key to this assignment is to demonstrate your understanding of the topics for the course, not to re-word the text or reference material. Please see Appendix A for the grading rubric on all written assignments.
Please complete the scenario below following these guidelines for your deliverable.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.