Types of Risks in IT, Research Paper Example

In everything that people do there are always risks. Alvin Toffler said that, “Our technological powers increase, but the side effects and potential hazards also escalate.” What he meant is the farther that people go into innovating and creating new technologies the more risks and dangers that will increase. Risk are at every level within IT infrastructures including the seven domains that exist in a typical enterprise IT architecture such as workstation, user, IAN, LAN to Wan, Remote Access, System/Application, and WAN domain. When IT managers create risk management plans they must outline and plan for potential risks, impact, and the risk mitigated when cost do not outweigh the risk.

In typical IT infrastructure there are several risks that continue to threaten the security and safety of organizations and the people they employ. These risks include to an IT infrastructure include, “their constant availability is threatened by natural events, technical failure or human error and intentional acts of a terrorist or other criminal nature.” (Federal Ministry of Interior, 2008) As the threat of risks increase the vulnerability of infrastructures increases as well. Types of risks can include the modification, destruction, and illegal disclosure of information or data, errors and omissions, disruptions that are due to man-made or natural disasters, and failure on the part of employees to exercise diligence and due care of operation of the IT infrastructure. (Moteff, 2005) These risks can severely threaten and impact the level of security and function of IT infrastructures.

When creating risk mitigation plans it is essential for IT managers to assess the levels of risks, impacts, and costs they may arise in the seven domains of a typical IT infrastructure. Within the user domain the people that access the information system must be protected against unauthorized leak or breech of information. Workstation domain is where the employers connect to the IT infrastructure so data breech from desktop and other devices that connect to the network must be evaluated for viruses or data breeches. LAN (Local Area Network) includes all the computers connected to the network and must be outlined as they are connected through radio waves, wired, or fiber optic cables. In the LAN to WAN domain is where companies connect to the internet and where they are most vulnerable. WAN domain connects to remote locations which can connect to the internet through routers, and equipment that must require continuous management and monitoring. Remote Access Domain connects remote users to the IT infrastructure via the internet through VPN vendors. The system/application domain is the most critical and obtains information systems, data, and applications of the organization. (Kim, Solomon, 2012) When creating the risk plan it is important that the seven domains be evaluated to identify potential risks that may be costly to the organization.

The best practices in risk management planning including to identify risks that may potentially impact the IT infrastructure. In risks management recognition of risk can occur, by managing risks managers can avoid problems and control costs. Risk management process contains the procedure used in managing risks in the planning stage that include; risk identification, risk analysis, risk mitigation planning, and risk response. Responsibility for risk identification where the IT managers take the overall responsibility of tracking risks and developing risk and contingency plans during the planning stage. Contingency plans are developed as action plans to be implemented if the risks identified occur. These best practices used in risk mitigation and planning are an essential function for IT managers in order to properly identify, plan, monitor, and implement if needed within an IT infrastructure. Risks will happen but the plan is to be prepared and have procedures in place to control the impact and the cost to the organization.

References

Kim, David, Solomon, Michael. (2012). Fundamentals of information systems security. Sudbury, Mass.: Jones & Bartlett Learning.

Moteff, Jeff. (2005). “Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences.” CRS Report for Congress. Retrieved from http://www.fas.org/sgp/crs/homesec/RL32561.pdf

“Protecting Critical Infrastructures Risk and Crisis Management.” (2008) Federal Ministry of Interior. Retrieved from http://www.bmi.bund.de/SharedDocs/Downloads/EN/Broschueren/Leitfaden_Schutz_kritischer_Infrastrukturen_en.pdf?__blob=publicationFile

“Risk Mitigation Planning, Implementation, and Progress Monitoring.” (n.d) MITRE. Retrieved from http://www.mitre.org/work/systems_engineering/guide/acquisition_systems_engineering/risk_management/risk_mitigation_planning_implementation.html