subject: Risk Assessment And Security Management [print this page] Risks are any unwanted activities which could arise during the execution time of a business process. Introduction of risk in the execution adversely affects the business with inflated development time of a product, causing failure to whole development cycle. There could be a number of reasons which could introduce risk in an on-going activity such as miscommunication between teams, unavailability of resources for a long time etc. Risks could also be introduced due to indulgence of un-necessary activities, lag in scheduled activities sequence or, lack of or improper security management methods.
In order to save different business activities from risks, risk assessment and proper security management of different processes needs to be done. These techniques are practiced by many software development companies which follow the standard SDLC. This not only helps in identifying the weak points of the current operating procedure but also designs a back-up plan to match up with the proposed plan and schedule.
Risk assessment is the careful examination of the most vulnerable and other related processes among different operations, which can cause a failure in the project development or can cause harm to a business in terms of resources, finance etc.
Risk assessment is done in different stages, each having a goal of their own to identify state of risk.
Identify Risks: Firstly, risk which could be introduced during the execution process needs to be identified. Definition of risk helps to perform the processes with cautions so as to minimize effects of risk. Identification could be done with the experience of the workforce, by conducting walk-through and asking the employees who are working on a particular process and have the experience on the discrepancies which could be introduced in future.
Identify target: Once risks associated with each activity has been identified, the part of the workforce needs to be identified which would be affected with those risks.
Evaluate counter-measures: Now when the risks and their potential threats have been identified, it is desired to list down the counter-measures. In order to nullify these risks, certain actions or a back-up plan has to be prepared.
While risk assessment tools focus on influencing the risk conditions which would arise during the operational activities, security management on the other hand, focuses on protection. The scope of protection depends upon the parameter being protected for security reason. Like there could be information security management, which focuses on the protection of the corporate data, crucial for the operational and other management purposes for a business. Then there could be multi-domain security management, which basically divides the security management into multiple levels of domain based on geography, business unit or privileges held. Then there is end-point security management, which unifies all the end-points security capabilities into a single console which provides the ease of management, monitoring and policy enforcement with few clicks.
