Practice Strategic Environmental Assessment -Myassignmenthelp.Com

Question: Discuss About The Practice Strategic Environmental Assessment? Answer: Introducation Risk Management can be expressed as an undesirable act which leads to malicious activities which devoid the information is known as a risk. This leads to threaten the system and can expected harm to the system of the organization. Risk management includes the accessibility of identifying risks, dissolute them or eliminate them without causing any harm to the IT system of an organization. These harms contains all the risks such as leaking the information related to activities based on operation, ownership and investments of an organization Risk management done on real time basis (Armstrong Taylor, 2014). These risks can be overcome by using extra security features and technologies being used in the Aztek company or by using the various other network architecture which is a basic strategy to manage the risks. There are several other risks which can be overcome by other means of strategies. This risk management system would cover the entire reasons of outcome that can cause risks to th e organization. Risk management is highly managed so that clients can continue all there organizational activities in seamless manner and to update with the latest technologies to protect consumer data and information to avoid the threats. This covers all the business risks and security related technologies which will automatically .which will organize all business activities. The security policies of risk management can be applied which contains all fields of hardware, software, information and communications which help in creating the safe and secure environment for storage of information of an organization. Risk management includes the accessibility of identifying risks, dissolute them or eliminate them without causing any harm to the IT system of an organization. The main aim of risk management is help organisations for better completions of targets and avoid unnecessary risks to the system (Bodnar et al., 2016). Management of Risks When an undesirable act which is against the security policies of the system which is malicious and can provide harm to Information system known as risk. These risks held in a system leads to expected harm to system. Risk management prevents the breaches in a system.to manage the risk there is 3 things to be done that is risk assessment, mitigation and evaluation of risk. The risk assessment means to identification and evaluation of the risk, how it impacts on system and some risk reducing solutions whereas Risk mitigation means to prioritize the risk and solve the vulnerable ones first ,implementation of solution according to security policies on priority basis of risk and maintaining of appropriate risk reducing measures. Risk assessment is first in line of risk management (Bromiley et al., 2014). This is used to determine that how potential the threat is and vulnerability of risk associated with it in an IT system. Eliminating risk firstly include to identify the type of risk system is dealing with. The identification of risk helps in preventing and reducing the risk. Risk assessment process is updated at least in a year by respected organisations according to demand in newer versions (Therivel Paridario, 2013). Risk mitigation helps in prioritizing and evaluating the risk which helps in risk reducing controls recommending the proper solution for risk management. Whether it is impossible to eliminate all risks but at least the economic approach and an appropriate measure to decrease vulnerability of risk to a desirable level it helps in decreasing impact of risks. The risk mitigation held by mission owners after acknowledging all potential risks (Burke, 2013) Risk Evaluation is a process which leads to help the evolving network of an organisation because as the information expands the vulnerability of risk also increases and network is a place where database is automatically expanded and updated to protect the real time on going growing database security policies can be changed over real-time basis to make sure that risk management is evolving. Security Policies of an Organisation To manage the information of an organisation which includes the guidelines, procedure of unified tasks which is confidential in a most secure way to overcome all risks from all threatening elements which may cause harm to organization these security policies is used to handle the data in most secure way .This helps in preventing the security breaches which leads to cause harm to the system of the Organisation. A security policy encompasses risk assessment, mitigation and evaluation (Calomiris et al., 2016). These policies will work on identified risks and implements the most common and economic methods to eliminate the risks. These policies increase the secrecy of plans and procedure of organization. The most sensible information of an organization are its transactions, workers database, client database and personal data of an organization now these are the main targets which is to be breached .it is necessary for a security policy to pertain these information in right and protected servers and it would be accessible only by some authorised personnels to protect data. Security policy also says that database should be updated daily, once in a week or fortnightly to protect database from unwanted intrusions and breaches. The remote server can also be used in case of extra protection where data backups automatically at the end of the day to get an extra cover on the database (Chapman Ward, 2003). The main objective of the security is to maintain progress in IT system of organization which leads growth of company and an each individual works in it as well. Data Security and its accountability- It is essential to ensure the activities and to have the workforce and the management that is been brought up by the managing the accountability resources of an organisational behaviour. Response to Incidents- It is necessary to respond for the security breech so as to make the sudden reactions and to perform the urgent operations to overcome from the problems been made so that the organisation should not financial big loss (Chapman Ward, 2003). Monitoring Use- It is the good way for monitoring the system routinely so as to avoid the risk from occurrence in the organisational infrastructure. The schedule should be made in a proper manner so as to form the various strategies for not allowing the threats to enter. Acceptable Usage- The employees working in an organisation should have the proper knowledge regarding the acceptance to the policies and to follow the rules and regulations in the company Data Security in System- It is essential to prevent the organisation systems from the malicious activities. It basically aims to have the security configuration by viewing and the servers run on the company networks are not affected by any intrusions (Calomiris et al., 2016). Framework of an Organisation The scope of the organisational framework has been fully covered within the scope of the frameworks. Risks are the natural part of the business Processes. Risks and threats are the natural part of the business organisation. The business organisation needs to effectively manage the threats and the harmful activities to be detected so that benefits should be earned. The IT risk framework is the gap which is been built between the standard risk management and the management frameworks. It generally provides end-to-end communication which provides the visibility to view all the risks related to the IT organisational behaviour (Chapman Ward, 2003). The Framework is a powerful tool for every organisation which mainly focuses on the organisational structure, values and business activities that mainly focus on designing and implementation of the business operations. The main criterion of the framework is to have the teams and the individual performance which generally includes the interesting form of learning from the threats (Chitakornkijsil, 2010). Main Components of framework in IT risk management In an organization the databases are collected which leads to losing control over these large data mines this means the risk in achievements of objective hence internal control is a key to obtain targets in less time these controls needs investment of time and money both by securing the systems .Many things depends on control of data . If data is not controlled properly leads to failure, losses and scandals and it may affect the reputation of organization in their respective sector (Coso, 2004). Risks are always new and if not controlled problems can be created. Controls are based on criteria which are evaluated by auditors and management to achieve certain goals in data security. Internal auditors work with management to develop the appropriate criteria according to their evaluation. The report of internal audit decides state of control in a risk management and thats how the control framework is designed (Teixeira et al., 2015). Control Framework promotes the rightful environment an d inspires organization. Components involved to design framework are as follows:- Control Environment builds the tone of an organization which provides base for internal control by giving the respected structure and discipline. This includes ethical values and proper managements philosophy with operating style. Authorities are assigned with responsibility which helps in organizing people and developing. (DArcy Brogan, 2001). Control activities helps in ensuring management to carry the policies and procedures in rightful manner .some essential steps are taken to address risks in the system on all levels with all functions. This includes activities of approval and authorization followed by verifications and reconciliations and at last these activities improves the operating performance and practicing of segregation duties works better in this act (Sadgrove, 2016). Risk Assessment works on the internal and external sources of risks of the system. To analyse the risk and how it would be managed is done by this component of framework of risk management as the risk is analysed it works on how it can be managed and compares it with relevant risks that encountered earlier by the system. Risk management change according to the type of risk we are dealing with (Elbahar et al., 2016). Information and communication in a time frame the information is communicated, captured and communicated which enable individuals to pertain their responsibilities. This system helps in producing reports, making financial information which controls the organization to run the business. Effective communication leads to flowing down the information in broader sense. It helps in understanding the individual their roles and duties. By communicating with external communicating parties like customers, clients, regulators and stakeholders etc. (Flyvbjerg, 2013). Monitoring is done on all control systems it is basically a process that tracks the performance of systems quality by using real-time activity which separately evaluates the systems. These operations include regular management and activities and actions comprised on effectiveness of assessment of risks. Risk Assessment It is the process which mainly aims to implement the risk methodology. Organization structure uses the risk assessment for determining the ricks and the malicious activities associated with the IT management. The process made on the risk analysis has the appropriate tools and technologies used for detecting and mitigating the risks. It is the main function which is being used for possibility of a given risk sources exercising a particular potential exposure, and the subsequent impact of that opposing event on the organization. To determine the adverse effects of the organisational behaviour, various strategies are been implemented associated with the risks (Galliers et al., 2014). The responsibility made for determining the well-being of an adverse event for determining the likelihood of an event, the resources which is being used for detecting the threats from the systems and impact made on the vulnerability of the system. It is essential to regulate the well-being of an event occurred: Enthusiasm among the employees Nature of the Threats been detected Controlling the current threats Analysis made on the threats and the occurrence of the vulnerability, Threats can be detected from the various sources or from the various pores of the system which can be: System Hackers Intruders or Criminals Terrorists Spying Poor training which may lead to the malicious activities (Pritchard PMP, 2014). Identification of the Vulnerability or threats effected the various resources: Hardware Software Network Infrastructure System Interface Sensitivity to the Information Impacts made on an adverse event: Loss of Availability of the resources Loss of Integrity Loss in confidentiality of information (Glendon et al., 2016). Mitigation of the Risks The strategy is being used for mitigating the risks which mainly requires the following to reduce the threats so as to have the continuous process in an organisation. The main required components which are being used are the goals, actions and the implementation of an action plan. It basically provide the framework for the identification, prioritize and the action which are used for the reducing risk. The main step of mitigating the risks is to reduce the adverse effects for this risk mitigation strategies is been implemented to access to the business continuity and to have the appropriate disaster recovery plan (Hillson et al., 2012). The following are made on analysing of the mitigation strategies: Assumptions on the Risk- The potential risks and the operations made on the continue operating The IT system or to implement the lower the risks to the certain acceptance. Avoidance of Risks- It is essential to avoid the risk by eliminating the risk and consequences occur. Limitation of the Risks- It tends to limit the risks by implement the controls and minimizes the adverse impact on the threat and detecting the vulnerabilities (Olson Wu, 2015). Risks Planning- It is essential to manage the risks so as to continue process al the business activities and managing of the risks and creating the mitigation plan that mainly aim for implementation and managing controls. Research and Acknowledgement- To reduce the risks, it is important to make the research on what kind of threat has taken the place in an organisation so as to control the business continuity. Risk Transference- It plays a vital role for transferring of the risks which intends to compensate from the loss made to an organisation (Hoang Ruckes, 2017). Data Security Policies in Organisation Database is a most valuable asset to an organization data is collected after lots of hard work by spending money and manpower. To continue the work progressively without any interruption in growing of a company. But securing such kind of goldmine is an issue for an organization. Databases are complicated and whether sorted depending upon the need of the organization and to secure such databases need an essential security measures by the administrator. Database security is capped under information security which helps to protect the integrity, availability and confidentiality of companys data (Hopkin, 2017). There are 3 pillars on which database security works perfectly that is confidentiality, integrity and availability integrity is a very important factor of database security because it allows only authorized people to see and civil-engineering the valuable information in database. The control of database security is truly ensured by an UACS (User Access Control System). This system defines the access and permissions that who can access data and also keep the record of that log on real-time basis. It works on basically giving permissions deciding authentication protocols, some password policies and tracking of an each individual accounts of an employee whether locked, deleted or deactivated which strengthen the integrity of data (Hoyt Liebenberg, 2011). Confidentiality is another important aspect of database security this works on an end to end encryption of database which allows to send the data without being feeling unsecured that it may be stolen or misused this encryption can be d one within the transmitted data or data stored on a server . Availability is a need of databases that it can be accessed remotely every time when required .this is done to make the server up to date within the time so that data can be used easily all functional databases are dependable so it can planned and processed by authorized personnel in real time (Linkov et al., 2014). Database security Threats Every organization has its own risk in databases which depends on type on information and importance of information as well as amount of importance of database for the company .some common elements of this sensible database are company plans, finances, and information of an employee. To protect this kind of information some security practices are strictly followed which includes in identification of kind of subject that attacks databases and then kind of threat is logged to make sure that this wont happen again to the database of the organization (Malhotra, 2015). One of these threats are SQL injections which is more like web apps which can be directly launched in browser or a web app which act only as front end of database but actually it breaches the system to get the valuable database. SQL Injections actually associate with the permissions of the system as privilege and they directly attack on database when permissions are accepted and in severe cases it access over the system com mands to exploit the database itself (McNeil, 2015). Importance of the Database Security of an Organisation The 3 main components which are being used for the keeping the Aztek database secured. The trio of the Confidentiality, Integrity and Availability used in the database security for keeping the information security save and is generally requires the extreme attention in an organisation. Confidentiality- It is defined as the most important feature of a database security which is being used for keeping the data confidential within the organisation and is most commonly enforced through the encryption process for keeping the business process save and continuous. Encryption is used for both the data-in-transit and data in rest mode. Integrity- It is also the important criteria which is being used for implementation and it also the critical aspect in the database security, because it mainly aim and insure about the information regarding the people and the person who is genuine and would not harm to organisational behaviour have the full rights to view the company information. It is been enforced for the integrity database that would ensure the user access control which provide the permissions and accessibility to those who can have the access to the data. An important aspect of the integrity simply extend regarding to the permissions been made. The implementation on the security is been made on the authentication protocols, strong password policies and standards. Availability- It generally relates to provide the usability and availability to access over the database so as the need for the database should be dependable to perform the various functions and to perform various functionality operations. It mainly requires to have a proper implementation and the running process whenever the organisation wants to. For this it is essential to update and to maintain the availability according to the plans been made and to maintain the servers up to date routinely or weekly for the updating the systems and the database. Migrating of the Data To transfer data of an Aztek organisation from 1 source to another source or between various computer storage or file formats. The basic aim if data migration is system up gradation or consolidation of data. It is performed programmatically for automated migration and freeing the human resources from tedious tasks. A business may use various storage technologies to migrate data from one disk to another it helps in upgrading the database and adding furthermore to the database leads to more probability of risks of management of data .since the undermine data is also change frequently it also affects the system layers of storage, data manipulation is also required in this process with up gradation of security methods and if application is migrated which involves the substantial transformation of vendor or publisher is required (Merna Al-Thani, 2011). Conclusions The current scenario of the corporate world generally faces the risks and threats been detected in the organisation which leads to the big loss to the organisational behaviour. In this, the organisation designing plays a vital role for everyone to working in an organisation to successfully detect risk and the threats been detected so as to have the proper implementation and growth to an organisation. Seeing to the organisational structure sometimes it is very difficult to analyse the threat because they are ever-changing. In this organisation must ensure about the risks been affected and to make the employees aware from all the activities which is been made so as to make the current detection on the threats. The intent of the transformation to the overall services and delivering the essential information to the organisation on time may lead to the one step ahead from easily accessing and performing the certain operations to overcome from the risks, vulnerabilities and the threats so that organisation should work in the continuity business process. References Alexander, K. (Ed.). (2013).Facilities management: theory and practice. Routledge. Armstrong, M., Taylor, S. (2014).Armstrong's handbook of human resource management practice. Kogan Page Publishers. Bodnar, G. M., Giambona, E., Graham, J. R., Harvey, C. R. (2016). A view inside corporate risk management. Bromiley, P., Rau, D., McShane, M. K. (2014). Can strategic risk management contribute to enterprise risk management? A strategic management perspective. Burke, R. (2013). Project management: planning and control techniques.New Jersey, USA. Calomiris, C. W., Carlson, M. (2016). Corporate governance and risk management at unprotected banks: National banks in the 1890s.Journal of Financial Economics,119(3), 512-532. Chapman, C., Ward, S. (2003).Project risk management: processes, techniques, and insights. Wiley. Chitakornkijsil, P. (2010). Enterprise risk management.International Journal of Organizational Innovation (Online),3(2), 309. Coso, I. I. (2004). Enterprise Risk Management.Integrated Framework. DArcy, S. P., Brogan, J. C. (2001). Enterprise risk management.Journal of Risk Management of Korea,12(1), 207-228. Elbahar, E., El-Masry, A. A., AbdelFattah, T. (2016). Corporate governance and risk management in GCC Banks. Flyvbjerg, B. (2013). From Nobel prize to project management: getting risks right.arXiv preprint arXiv:1302.3642. Galliers, R. D., Leidner, D. E. (Eds.). (2014).Strategic information management: challenges and strategies in managing information systems. Routledge. Glendon, A. I., Clarke, S., McKenna, E. (2016).Human safety and risk management. Crc Press. Hillson, D., Simon, P. (2012).Practical project risk management: The ATOM methodology. Management Concepts Inc.. Hoang, D., Ruckes, M. (2017). Corporate risk management, product market competition, and disclosure.Journal of Financial Intermediation,30, 107-121. Hopkin, P. (2017).Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Hoyt, R. E., Liebenberg, A. P. (2011). The value of enterprise risk management.Journal of risk and insurance,78(4), 795-822. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Liebenberg, A. P., Hoyt, R. E. (2003). The determinants of enterprise risk management: Evidence from the appointment of chief risk officers.Risk Management and Insurance Review,6(1), 37-52. Linkov, I., Anklam, E., Collier, Z. A., DiMase, D., Renn, O. (2014). Risk-based standards: integrating topdown and bottomup approaches.Environment Systems and Decisions,34(1), 134-137. Malhotra, Y. (2015). Cybersecurity Cyber-Finance Risk Management: Strategies, Tactics, Operations, , Intelligence: Enterprise Risk Management to Model Risk Management: Understanding Vulnerabilities, Threats, Risk Mitigation (Presentation Slides). McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Merna, T., Al-Thani, F. F. (2011).Corporate risk management. John Wiley Sons. Olson, D. L., Wu, D. D. (2015).Enterprise risk management(Vol. 3). World Scientific Publishing Co Inc. Passenheim, O. (2010).Enterprise risk management. Bookboon. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Teixeira, A., Sou, K. C., Sandberg, H., Johansson, K. H. (2015). Secure control systems: A quantitative risk management approach.IEEE Control Systems,35(1), 24-45. Therivel, R., Paridario, M. R. (2013).The practice of strategic environmental assessment. Routledge.