GISM FUNDAMENTALS of RISK MANAGEMENT

GISM FUNDAMENTALS of RISK MANAGEMENT: Planning and Assessment
Free Course.
Question 1
You have been recently employed by a Manufacturing Company as a Loss Control Officer.
The company has never employed one before. Take us through a Comprehensive Security
Risk Assessment and Planning, clearly indicating the stages in the assessment with clear
examples in each stage.
Manufacturing companies constantly need to manage their security risks using risk management
and planning. According to ISO 31000 risk management are the coordinated activities to direct
and control an organization with regard to risk. A security risk assessment identifies, assesses,
and implements key security controls in applications and data, information assets, and then
prioritizes the various risks that could affect those vulnerabilities. Conducting an assessment is
an integral part of an organizations risk management process.
As a new Loss Control officer it is important to carry out a security risk assessment and planning
to support managers in making informed resource allocation, tooling and security control
implementation decisions. The initial stage would be to carry out a pre-risk survey to identify
hazards that may adversely impact the business and understand the exposure to different types of
risks and their frequencies and severities. This would be done by holding meetings and
thoroughly inspecting the property and critical systems of the technology infrastructure and
documenting. It is important at this stage to determine all critical assets of the technology
infrastructure, and diagnose sensitive data that is created, stored and transmitted by these assets
and create a risk profile for each. For example in manufacturing access privileges being granted
on adhoc basis rather than using predefined roles. Checking of perimeters and access points may
also be done. A review of the existing security policies, standards, guidelines should be applied.
For example in manufacturing the use of the standard ISO27001 is important.
Assessment and analysis of the identified security risks for critical assets is next. This will be
done by analyzing the correlation between assets, threats, vulnerabilities and mitigating controls.
For example in manufacturing not having enforced regular password changes may pose a threat
of malicious computer crime and compromise of confidentiality and integrity of data and may
cause introduction of malicious software such as viruses. Assessment would include checking
the physical protection applied to computing equipment, server, and other network components,
checking physical assets including access cards for staff and visitors. It is important to ensure
housekeeping is properly observed and checking the perimeter protection and operational
condition of CCTV cameras and alarm systems.
After assessment a mitigation approach will be defined by reviewing and analyzing assessment
reports and determining how to effectively allocate time and resources towards mitigations.
Implementations of technical actions to address the vulnerabilities identified will be initiated to
reduce the level of security risk. Corrective actions and recommendations to appropriate
personnel for enforcement of security controls for each risk are assigned. For example in a
manufacturing company security assessment software like safety culture could be introduced to
the IT department, monitoring firewalls and renewing of access cards frequently. Also ensuring
that security checks are manned at exits could be a mitigation factor.
The final stage would be to implement tools and processes to minimize threats and
vulnerabilities from occurring and minimize occurrence. Ensuring preventative measures for
these risks. To prevent theft and loss recommendation of a CCTV camera that is observed all day
could reduce number of thefts. Another preventative measure is having those assigned to access
data constantly changing their passwords and signing up for confidentiality. Continuously
surveying the security risks is also an important way of preventing and eventually reducing risks
in a manufacturing company.
Question 2
Taking from Question 1above, What is the importance of this manufacturing company
having a proper and functional Risk Management Structure which is responsible for
dealing with all risks at the company?
A Risk Management plan is required to ensure that a company objectively identifies risks and
prevents essential risk elements being forgotten. Risk Management is a critical component of the
overall business continuity plan. The Risk Management structure involves five crucial
components which are identification, measurement and assessment, mitigation, reporting and
monitoring and governance. Effectively managing risk brings many benefits and could also bring
challenges.
It is important for the above mentioned Manufacturing company to have a proper structure as it
will protect the organization from unexpected events and reputational loss. It is essential for any
business to know the nature and extent of risk it is prepared to take and tolerate and
communicate the same to its employees at all levels so as to enable limited control in the
company enabling increased awareness of risk.
Planning and developing structures to address potential threats improves the chance of it
becoming a successful company. Implementation of a robust plan will help the company to build
policies and procedures around avoiding potential threats and measures to minimize the impact if
it occurs. The ability to understand risks enables the company to make confident business
decisions and enabling it to be a competitive differentiator in the marketplace.
A comprehensive risk plan will not only manage risk but will also enable the company to put out
an operational strategy. A risk management plan should be intertwined with a company’s
strategy by defining the amount of risk a company is willing to accept to realize its objectives.
The company’s compliance with regulatory standards and policies is effected as with risk
management compliance is coordinated. There will be improved operational efficiency through
more consistent application of risk processes and controls, also increasing value of the product
and producing financial success.
A comprehensive risk management structure will improve workplace safety and security for
employees and customers and improve on the organizational culture and governance. This will
help in addressing uncertainty and allows transparency. By actively seeking out problems and
looking to address them injury trends are analyzed and strategies are implemented to prevent
them. Incidents are less likely to occur and have less impact when they do hence saving the
company a lot of money.
Although it has so many benefits introducing a new risk management plan may have some
challenges.

GISM FUNDAMENTALS of RISK MANAGEMENT

Uploaded by

Copyright:

Available Formats

GISM FUNDAMENTALS of RISK MANAGEMENT

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GISM FUNDAMENTALS of RISK MANAGEMENT

Uploaded by

Copyright:

Available Formats

GISM FUNDAMENTALS of RISK MANAGEMENT: Planning and Assessment

You might also like