Information and Risk Management (IRM)
IRM entails procedures that are enacted by individuals or organizations in order to significantly reduce vulnerabilities, threats, and consequences of having unprotected data (Stevens, 2015). Following the rapid technology growth, cases of computer hacking are common. The crimes are facilitated by negligence in the management and handling of pertinent information.
Information can be stolen from the databases through physical or cyber means. Further, data loss is classified as either intentional or unintentional. Intentional threat occurs in situations where hackers invade organizations’ computer systems but with malicious intents. Unintentional threat, on the other hand, takes place where employees are negligent in handling information such as using weak passwords creating opportunities for cybercriminals to attack.
Managing information risks should start at a point where the organization understands all types of threats facing their databases. Additionally, firms should evaluate the types of vulnerabilities that their IT department could encounter. This should be followed by setting comprehensive IRM strategies: the approach should commence with creating awareness of the threats among the stakeholders.
Moreover, the firms should respond by employing technical controls; this entails features such as antivirus software, intrusion detection, and firewalls among others. The approaches could be reinforced through hiring a vendor risk management group that will be mandated to work closely with all third parties. The groups will be informed about the need to observe and abide by the set IRM policies (Whitman, Mattord, & Green, 2013).
In conclusion, in the contemporary world, information has been vulnerable to computer criminals such as hackers. It is thus upon the concerned firms to enact stringent measures that will increase data protection. Vigilant IRM policies should be put in place and observed by all stakeholders.
Has the organization managements played part in increase in information risk in the modern world?
Stevens, M. (2015). What is Information Risk Management?
https://www.bitsight.com/blog/what-is-information-risk-management Retrieved on 23/08/2019
Whitman, M. E., Mattord, H. J., & Green, A. (2013). Principles of incident response and
disaster recovery. Cengage Learning.
Explanation & Answer
please check the work
Running Head: INFORMATION RISK MANAGEMENT
Information Risk Management
INFORMATION RISK MANAGEMENT
To some extent, organizations management have contributed to the increase in the
information risks. Poor governance in an organization results in the reduced provision of
oversight, authoritative control, which are a vital foundation for the transparency in the
management of information. Blakley, McDermott and Geer (2011) notes that if the organization
management is not committed to maintai...