Tuesday, December 10, 2019

Quantitative Risk Techniques and Concepts †Free Samples to Students

Question: Discuss about the Quantitative Risk Techniques and Concepts. Answer: Introduction: Managing information within an organisation is the most crucial part of the management. Information flow is crucial for conveying the message from the higher authority to the grassroots level employee. It is also important to be mentioned here that in the context of the contemporary social set up, information can be categorised into two kids namely physical as well as electronic. Now for the proper flow of the information the organisation structure as well as environment also responsible. Cloud computing has been becoming extremely popular across all organisations. The availability of information and the access to information from anywhere, anytime and through multiple devices has been lucrative. However, there are several risks associated with a cloud migration project. In this report the focus will be on a cloud migration project and the report will illustrate the risks that are associated with such project and how these risks are to be communicated. Amburst et al. (2009) stated that elasticity is one of the major benefits of cloud computing and as it saves infrastructure costs thus is beneficial for smaller organisations. In the recent past organisations like twitter.com have been capable of extensive growth due to cloud computing. This report is based on the case study of a UK based SME which provides IT support services to the Oil and Gas Industry. The organisation is focused on switching over to Amazon EC2 platform. The organisation is providing services of data acquisition and this will be shifted to real time data acquisition and the following diagram illustrates how the organisation plans to shift to a cloud platform The following is the system overview for this information system Now the major concern is the cost versus the benefits. The following illustrates the same It can be seen from the above tables that this cloud project would be beneficial for the organisation but there would be risks associated with this project as the cloud migration would lead to newer technologies. The next section will analyse the risks and thereby provide the recommendations A formal risk assessment: Risk assessment is a five step process that ensures the identification of the risky situation and its management for security of both the organisation as well as the people involved in the situation. Step one of the risk management process comprises identification of risk; the risk can be defined as anything that might cause any sorts of damage to system (Anand and Goyal, 2009, p.451). In the given case, information leak is the main risk that can id addressed in the given process. In this step the contextual organisation need to identify the way that makes the information vulnerable. In the second step the risk management process identify the vulnerable group who are at risk (Peppard and Ward, 2016, p .113). In the first stage the following are the risk areas that have been identified This step ensures who or what are harmed in the due course of the information breach. Until the person or situation or the business process in risk are identified then; it is next to impossible to eradicate the risk and make the process hazard free (Anand and Goyal, 2009, p.451). This stage requires the development of a risk matrix and following is the risk matrix for this project. The risk matrix has been developed according to the risks identified Vulnerability Name Risk Description Threat Source Existing Controls Likelihood of Occurrence Impact Severity Risk Level Cloud provider security risk Information is compromised Adverserial, accidental, structural, environmental, etc. None High High High The cloud provider does not have a proper administrative control Confidentiality is compromised Adverserial, accidental, structural, environmental, etc. None High High High Unauthorized access Intrusion Adversarial outsider (e.g., hacker) Information sent to cloud provider is encrypted in transit Low High Low Password is weak Hacking Adversarial insider or outsider Vendor default password and no administrative password policy Moderate High Moderate Unlimited password attempts for cloud services Hacking Adversarial outsider (e.g., hacker) Vendor default does not limit password attempts Moderate High Moderate In the third step the assessment of the risks is done and the appropriate action is taken to eradicate the risk. In order to do this the whole process of risk management is segmented and each of the tasks is separately managed. So, the entire risk can be eliminated from the root (Bromiley et al. 2015, p.270). In the Step 4 the risk is managed but the contextual risk managementpersonnelneed make a record of the findings for the future purpose. So in case the same problem arises in future, it can be managed with proper efficiency and with less time (Stancich and Curry, 2016, p.251). It is also seen that the risky sometimes snowballs its effects as the time flows. Right decision in right time is able to minimise the effects of the risky situation and manage it properly. Furthermore, if previous experience regarding a risky situation is recorded them this will help to make the decision more swiftly and accurately without losing valuable. Ultimately in the final step that is step 5 the evaluation or revision of the entire risk assessment is done (Marcelino-Sdaba et al. 2014, p.334). This will reveal whether the process that is used for the risk management is effective or not. However, it is also important to keep a record of the entire process so appropriate action can be taken and the loss is gauges and managed in appropriate time (Lederer, 2013). Based on the above the organisation needs to follow the flowchart that has been illustrated below so as to ensure that the cloud migration is successful Communication of the risk: Once the risk is determined there needs to be effective communication of the risk so that the risk can be mitigated. In this case the following will be the risk communication The different communication risk that prevails in the contextual organisation is poor development practices which risk the organisational culture. According to the famous saying rolling stone do not acquire any moss (Lederer, 2013). Hence, development is an inevitable process for the contextual organisation. In the due course of the development it is crucial to follow the proper developmental process, poor developmental process for maintaining the communication is hazardous for the growth of the organisation. Now the next risky circumstances are the impropersuppositionsin the context of the requirements of the system. This system is used for managing the intranet of the contextual organisation. Intranet is helpful for managing communicational gap prevails within an organisation. The next problem that can arise while using the intranet system is the poor user interface (Stancich and Curry, 2016, p.251). Faulty hardware is another major risk involved for the communication establishment in the organisation. the management needs to verify the hardware compatibility with the current system for the identification of any fault in the hardware system. Periodic maintenance and inspection is needed for the assessment of the hardware condition and identification of the need for change or replaces (Galliers and Leidner, 2014, p.76). Inadequate user training or user error could a significant factor for communication failure in the contextual organisation (Marcelino-Sdaba et al. 2014, p.334). Therefore, user assessment and non-allowance of users with proper training while operating the hardware and software could help to establish the communication in the organisation (McNeil et al. 2015, p. 89). Lack of operational knowledge indulges a scope of faulty handling process which could create issues in the hardware and software. This would create a hindrance in the communication procedure of the organisation (Peppard and Ward, 2016, p .113). Poor fit between systems and organization is the very significant factor for communication failure in the contextual organisation (Teller et al. 2014, p.69). The organisational structure and work process is needed to be identified for the understanding of the communication requirement between the departments and the employees. Unclear understanding of the organisational structure and key nodes of the organisation would create a gap between the communication network established and the actual organisational structure (Bromiley et al. 2015, p.270). Therefore it creates a point where no communication could be established in the organisation. therefore proper understating of the organisation and identification of the nodes will create a clear picture of the organisation and successful establishment of the communication has been done (Beske and Seuring, 2014, p.327.). Recommendation Understanding of the system requirement: The management needs to evaluate the organisational structure and hardware and software requirement in accordance with the organisational structure for developing an outline of the system requirement.Therefore identification of the system required would help to develop a communication structure suitable for the organisation (Marcelino-Sdaba et al. 2014, p.334). Identification of the system suitable for the organisation: this is another important step for establishing effective communication system in the organisation. Suitable hardware and software need to be identified for the organisation and implementation of the proper system components would be helpful for identification of the communication network (Anand and Goyal, 2009, p.451) . Proper maintenance and inspection: periodic maintenance and inspection process need to be implemented for the understanding of the faulty hardware and software installed in the system which may cause communication interruption (Marcelino-Sdaba et al. 2014, p.334). Therefore, in this method communication barriers could be removed and an establishment of the smooth communication network could be established (Stancich and Curry, 2016, p.251). Proper training staffs and employees need to be trained and briefed on the newly installed communication system for avoiding faulty handling process and hardware damage (Marcelino-Sdaba et al. 2014, p.334). Therefore, periodic training sessions and inspection would help to maintain the proper communication network within the contextual organisation (Marcelino-Sdaba et al. 2014, p.334). Reference list: Galliers, R.D. and Leidner, D.E. eds., 2014.Strategic information management: challenges and strategies in managing information systems. Routledge. McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press. Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a digital strategy. John Wiley Sons. Teller, J., Kock, A. and Gemnden, H.G., 2014. Risk management in project portfolios is more than managing project risks: A contingency perspective on risk management. Project Management Journal, 45(4), pp.67-80. Bromiley, P., McShane, M., Nair, A. and Rustambekov, E., 2015. Enterprise risk management: Review, critique, and research directions. Long range planning, 48(4), pp.265-276. Beske, P. and Seuring, S., 2014. Putting sustainability into supply chain management. Supply Chain Management: an international journal, 19(3), pp.322-331. Marcelino-Sdaba, S., Prez-Ezcurdia, A., Lazcano, A.M.E. and Villanueva, P., 2014. Project risk management methodology for small firms. International Journal of Project Management, 32(2), pp.327-340. Anand, K.S. and Goyal, M., 2009. Strategic information management under leakage in a supply chain. Management Science, 55(3), pp.438-452. Stancich, L., and Curry, A. 2016. The intranetan inherent constituent of strategic information management. International journal of information management, pp.249-268. Lederer, A.L., 2013. The Information Systems Planning Process Meeting the challenges of information systems planning.Strategic Information Management,216.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.