Answered You can hire a professional tutor to get the answer.
Complete 10 page APA formatted essay: UAE Academy.The risk management process includes: Risk Management Process The risk manager of UAE Academy will align with the key stake holders to ensure that ris
Complete 10 page APA formatted essay: UAE Academy.
The risk management process includes: Risk Management Process The risk manager of UAE Academy will align with the key stake holders to ensure that risks are actively identified, addressed, and managed throughout critical assets, networks and databases. It is better for UAE academy to address risks as early as possible in order to limit the impact of a threat afterwards. However, along with risk management, the risk manager will also implement a periodic risk management program that will address risks on continuous basis. Identifying Risk Risk identification is a joint effort, as UAE academy wants to protect the data network, email services, protection from the WWW and external sources and protection of shared storage resources. Likewise, this process will incorporate key stake holders or system owners to identify risks pertaining to their systems and applications. Moreover, a risk management log must be maintained that will be maintained electronically at a specific location. Risk Analysis This process involves the measurement and calculating the impact of identified risk based on quantitative or qualitative risk analysis. Quantitative risk analysis includes numeric values such as costs of information assets. Qualitative risk analysis is associated with organization reputation and customer satisfaction such as intangible assets i.e. university rankings of ‘UAE academy’. However, data classification scheme must be defined at this point so that effective risk analysis can be conducted. Likewise, data classification scheme is defined by application and system owners, as they have insights of their systems and applications. Risk assessment is carried out on the basis of the three fundamental triads of information security i.e. Confidentiality, Integrity and Availability. However, risk assessment comprises of four options i.e. Risk transfer, risk acceptance, risk avoidance and risk mitigation. A comprehensive risk assessment template is demonstrated below in fig 1.1, 1.2, 1.3, and 1.4 respectively. Asset Valuation Scheme Scale 1 2 3 Definition Loss of C/I/A is acceptable Loss of C/I/A is acceptable. If it occurs, workaround can be arranged Loss of C/I/A is acceptable. Need preventive measures on immediate basis Figure 1.1 Risk Assessment Threat Name Affected Assets CIA Asset Value = C+I+A Likelihood of Occurrence Level of Impact Risk Exposure Counter Measures Controls Poor System Performance Virus Attacks Unauthorized Access Figure 1.2 Likelihood of Occurrence Levels 1- Very low 2- Low 3- Medium 4- High 5- Very High Figure 1.3 Impact Classification Levels Potential Business Impacts Business Operational and Financial Impact Legal and regulatory obligations Loss of Reputation Personal Information 1- Very low 2- Low 3- Medium 4- High 5- Very High Figure 1.4 Risk Calculation Formula: Risk Exposure = Asset Value x Likelihood x Impact Level Disaster Recovery Plan Description Likelihood and Impact Detection Immediate Action Later Action Effect on Users Mitigation and Contingency Single Disk Failure Medium Warning Replace failed disk Order new disks. Have existing disks destroyed. No effect Monitoring of RAID volumes. Keep replacements drives available. Unauthorized Access Low Periodic Auditing of logs along with application logs Restore modified content. Repair security breach. Determine root
