Essay Sample on Managing Risks in Information System

Published: 2024-01-11
Essay Sample on Managing Risks in Information System
Type of paper:  Essay
Categories:  Information technologies Risk management
Pages: 3
Wordcount: 626 words
6 min read


Generally, the risk mitigation plan entails identifying the cost to obtain the cost-benefit analysis and implementing all the approved countermeasures. In IT infrastructure, the management must review the risk assessment that it has completed and approved. The risk assessment team is tasked with identifying and evaluating threats, vulnerabilities, and countermeasures and developing recommendations for mitigating the risks an organization undergoes (Gibson & Igonor, 2020). In the process, the management should put in-place countermeasures that are being used and upgrade or replace them completely if need be. Further, there should be planned countermeasures documented in the risk assessment. Hence they are reviewed to determine their status and approve countermeasures added by the management into the implementation pipeline (Gibson & Igonor, 2020).

Trust banner

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

New Countermeasures

In the process, the management purchases the new countermeasures that are supposed to be replaced, or delegate and track the entire system for completion. Therefore, it is important to translate the risk assessment into an actual risk mitigation plan. Similarly, the management should determine if there are overlapping countermeasures. In that case, the countermeasure is reduced or made to solve more than one risk, and other risks are mitigated by more than one countermeasure (Gibson & Igonor, 2020). Several countermeasures are implementable for a single risk and used as defense-in-depth strategy to reduce the risk even when the countermeasure fails. However, overlap countermeasure may cause a problem. For instance, a vulnerability scanner and an IDS can be configured daily to protect the server (Gibson & Igonor, 2020). Unfortunately, the IDS will detect and recognize the scan as a threat and notify the administrator, investigating and reviewing the alert (Gibson & Igonor, 2020). Usually, the overlap countermeasure is mapped to check the threat or vulnerability.

The cost-benefit analysis helps in determining whether a countermeasure should be used. For instance, if countermeasure benefits are more than the cost, the countermeasure provides benefits (Gibson & Igonor, 2020). However, when a countermeasure cost is more than the benefits, the countermeasure does not provide the benefits (Gibson & Igonor, 2020). The management first identifies the losses upon implementing the countermeasure and then the countermeasure's cost from the projected benefits to determine its value(Ganin et al., 2020). A quantitative risk assessment involves the estimation of the annual loss expectancy due to risk.

Greatest Benefit

The management wants to determine the countermeasure that gives the greatest benefit. A CBA report contains recommended countermeasure in a failover where the cluster's details might include the two matrix servers' cost and other failover cluster hardware (Ganin et al., 2020). The likelihood and impact of the threat if the threat matrix method is used to prioritize the risk (Gibson & Igonor, 2020). Suppose the countermeasure is eliminating a vulnerability, which includes an overview of how it works. Annual projected benefits where a countermeasure can reduce the risk to zero as the management determine direct and indirect benefits as annual monetary value and the initial costs they use to determine the countermeasure (Ganin et al., 2020). Similarly, a CBA should compare the costs and the benefits as the management ensures that the costs are less than the benefits, and the countermeasure provides the benefits.


Generally, in implementing the risk mitigation plan, the management should put the countermeasure in place to stay with the budget and on schedule. The management tends to have plans to reduce the unknowns and surprises, especially in complex countermeasures. The planning identifies all the costs for implementing the plan, hence making the project run smoothly.


Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 40(1), 183-199.

Gibson, D., & Igonor, A. (2020). Managing risk in information systems. Jones & Bartlett Learning.

Cite this page

Essay Sample on Managing Risks in Information System. (2024, Jan 11). Retrieved from

Request Removal

If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:

Liked this essay sample but need an original one?

Hire a professional with VAST experience!

24/7 online support

NO plagiarism