Project #55310 - Information System Security DQ and Risk Information Sheet

NO PLAGERISM!!! 

 

8 questions (250 words minimum each) with reference and a Risk Information Sheet (at the bottom) that much include 6 risks.  

 

#1 Answer DQ1 in a minimum of 250 words and Include reference:

 

DQ1: Discussthe possible differences in risk appetite between IT departments in a start-up smartphone app development company and a traditional Fortune 500 firm. 

 

Answer to #1: 

 

Reference for #1: 

 

#2 Respond to students answer to DQ1 in 250 words minimum and include reference: 

 

The differences between the risk appetite on an APP start-up development company and traditional Fortune 500 company draws on how much will they risk to stay ahead. The definition I found that is the best way to understand risk appetite is from "The Institute of Risk Management." It states, "While risk appetite is about the pursuit of risk, risk tolerance is about what an organization can deal with."(The Institute of Risk Management, 2015) Applying this definition to the IT departments is still relating to risk management. In an APP start-up development company they will be willing to take more risks due to the lack of being established and wanting to make a name for them. The Fortune 500 Company will not take as many risks because of their name and notoriety they are to the point that customers come to them. The IT department's main focus is to maintain strict security for the network within a Fortune 500 company. The APP start-up development company may take another approach. This company will need to advertise and sometimes deploy the APP to testers and customers through the network. There might be individuals who are not verified, accessing the network for testing. These are risks that the company may have to take to get the APP off the ground. The main concern for both these companies is balancing the risk appetite with the ability to manage the risks effectively.

An example is how each deal with natural disasters. Many small companies deal with disasters through disaster recovery and insurance plans to rebuild the network. A high performance business or Fortune 500 companies have plans in place to ensure that when a disaster occurs there will be minimal down time(Accenture, 2011). Time is money!

 

References

The Institute of Risk Management. (2015). Risk Appetite and Tolerance. Retrieved from

https://www.theirm.org/knowledgeableness's/thought-leadership/risk-appetite-and-tolerance/

Accenture. (2011). Risk Management. Retrieved from     http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture_Outlook_Its_all_about_balance_Risk_management.pdf

 

Answer to #2: 

 

Reference for #2:

 

#3 Respond to students answer to DQ1 in 250 words minimum and include reference: 

 

Risk appetite and tolerance must be high on the agenda for any organization.  Risk appetite is a core consideration in an enterprise risk management approach.  Risk appetite can be defined as the amount and type of risk that an organization is willing to take in order to meet their strategic objectives.  Risk appetites for organizations will be different.  It will depend on their sector, culture and objectives.  Many different appetites exist for different risks, and these may change over time.  A properly communicated and appropriate risk appetite can help and organization achieve goals and keep their operations afloat ("The Institute of Risk Management", 2015).

I believe that the IT department in a start-up smartphone app development company will be willing to take more risk than a traditional Fortune 500 firm because the start-up company has to get their name out there in order to stay in business.  They may try anything to be known and to generate revenue.  A Fortune 500 firm will not take as many because they are already established financially and competitively.  The do not need to take unnecessary risks to generate more revenue or to gain a competitive edge.  The IT department in a Fortune 500 firm will most likely focus on keeping the network up. 

However, the IT department of a start-up smartphone development company and a Fortune 500 need to understand risk appetite clearly and communicate it clearly.  They also need to determine which objectives must be pursued, and how those objectives can be managed within the organization's appetite for risk ("Metricstream", 2015).

 

References

The Institute of Risk Management. (2015). Retrieved from https://www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-and-tolerance/

 

MetricStream. (2015). Retrieved from http://info.metricstream.com/risk-appetite.html

 

Answer to #3: 

 

Reference for #3:

 

#4 Respond to students answer to DQ1 in 250 words minimum and include reference: 

 

First, I think one need to know the definition of what risk appetite is and it's meaning as it relates to an app startup company and a Fortune 500 company.   Risk appetite is the total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desired and expected outcomes. As such, risk appetite is inextricably linked with and may vary according to expected returns. Risk appetite statements may be expressed qualitatively and/or quantitatively and managed with respect to either an allocated individual initiative and/or in the aggregate. Think of risk appetite as the amount that an organization actively ventures in pursuit of rewards also known as its goals and objectives (https://www.rims.org/resources/ERM/Documents/RIMS_Exploring_Risk_Appetite_Risk_Tolerance_0412.pdf).

 

An App startup company appetite for risk is much different whereas with larger companies. The investment of startups is accompanied by certain risk factors and the need to be aware of and evaluate certain considerations. Loss of Capital is the main focus of the startup because investments in startups involve a high degree of risk. There is no guarantee that most startups will succeed. Therefore, it is imperative to consider their risk appetite as it is more likely that they may lose all of your invested capital than see a return on capital or a profit. (https://letsventure.com/risks).

 

At corporate level in a Forbes company this might involve a Total Shareholder Return (TSR) target. Many companies set targets for these and publicize them usually in terms of outperforming a peer group. If we turn this around and look at it from the risk perspective, it could be interpreted that management wishes to outperform its peers in assuming risk. We have yet to see a company set risk-adjusted TSR targets. If management, however, is clear about its risk appetite and develops a core competence in risk management it should, everything else being equal, be able to deliver superior returns to its shareholders.

(https://www.rims.org/resources/ERM/Documents/RIMS_Exploring_Risk_Appetite_Risk_Tolerance_0412.pdf).

 

So basically the difference is that both are generally the same with the exceptions of goals, opportunity, expectations, objectives and the amount of risk they are willing to lose.

 

Answer to #4: 

 

Reference for #4:

 

#5 Respond to students answer to DQ1 in 250 words minimum and include reference:

 

Risk appetite is a primary consideration in an enterprise risk management approach. Risk appetite can be defied as: the amount and type of risk that an organization is willing to take in order to meet their strategic objectives (The Institute of Risk Management, 2015). Risk appetite is used a method to help guide an organization's approach to risk and risk management. Risk appetite is important for any organization, large or small. There are three main areas in risk management which risk appetite focuses on: (1) Risks that are acceptable or on-strategy, (2) Risks that are undesirable or off-strategy, and (3) Strategic risk parameters (Protiviti, 2012). Some acceptable risks may include risks that will gain the organization more market growth. Risks that are undesirable may include any action or occurrence of a situation that results in a negative impact on an organization's reputation. Strategic risk parameters often include financial risk and operational risk parameters. Taken all together, the three elements give an organization a clear strategic direction and sets tolerances around controls (Protiviti, 2012). The main differences in risk appetite between IT departments in a startup smart phone app development company and a traditional Fortune 500 firm, can be found in the three main areas which risk appetite focuses on. Because the level of experience and business success will differ the risks that each seek to take and avoid will differ. The startup company may take more risks to gain more revenue and popularity, whereas a traditional Fortune 500 firm may avoid those risk because they are already financially sound and do not need to be as competitive because they dominate the market.  

 

 

 

References

Protiviti. (2012). Defining Risk Appetite. Retrieved from http://www.protiviti.com/en-US/Documents/White-Papers/Risk-Solutions/Defining-Risk-Appetite-Early-Mover-Protiviti.pdf

The Institute of Risk Management. (2015). Risk appetite and tolerance. Retrieved from https://www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-and-tolerance/

 

Answer to #5: 

 

Reference for #5:

 

#6 Respond to students answer to DQ1 in 250 words minimum and include reference:

 

Risk appetite is defined as The level of risk  that a person or corporation is willing to take in order to execute a strategy.  "During the height of the  recession, investors' risk appetite shifted to cautious following huge declines in the stock market" It is also the loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institution's activities. (August 2010). Whether it is a start-up company or a fortune 500 firm, the IT department along with the management and everybody involved, decide on what level of risk will be taken based on the importance of the project. Every project will follow the same procedure in order to expect success. Its scope contains every action that will be taken, the time frame in which it will be taken and its cost.

Due to the continuous and advanced scheme, attacks, reputation crises and regulatory compliance changes has the executive suite on full alert. Start-up as well as others takes the same steps to making that decision. By experience, I realized that the bigger the company, the bigger the risk. They have the human resource to attenuate the size of any threat based on their risk management system and all the means put together for that reason.

 

http://www.investorwords.com/8684/risk_appetite.html#ixzz3QAe2QaK9

 

Answer to #6: 

 

Reference for #7:

 

#7 Answer DQ2 in a minimum of 250 words and Include reference:

 

Your consulting organization has been hired to develop computer systems for the United Nations in the Middle East. Develop a list of man-made and natural risks that might apply to this particular situation. Explain each risk in detail.

 

Answer to #7: 

 

Reference for #7:

 

#8 Answer DQ3 in a minimum of 250 words and Include reference:

 

Find a current article about risk management and discuss its relevance to the Risk Information Sheet Below.

 

Answer to #8: 

 

Reference for #8:

 

Assignment: The Stevens Company is converting from the SQL Server database to the Oracle database. 

 

Using the sample shown below, create a Risk Information Sheet for at least SIX (6) risks that might be encountered during the conversion.

 

Risk Information Sheet

Risk id: PO2-4-32

Date: March 4, 2014

Probability: 80%

Impact: High

Description:

Over 70% of the software components scheduled for reuse will be integrated into the application. The remaining functionality will have to be custom developed.

Refinement/Context:

•Certain reusable components were developed by a third party with no knowledge of internal design standards.

•Certain reusable components have been implemented in a language that is not supported on the target environment.

 

Mitigation/Monitoring:

•Contact third party to determine conformance to design standards.

•Check to see if language support can be acquired.

 

Management/Contingency Plan/Trigger:

•Develop a revised schedule assuming that 18 additional components will have to be built.

•Trigger: Mitigation steps unproductive as of March 30, 2014

 

Current Status:

In process

Originator:

 

Jane Manager

 

Subject Computer
Due By (Pacific Time) 01/31/2015 12:00 pm
Report DMCA
TutorRating
pallavi

Chat Now!

out of 1971 reviews
More..
amosmm

Chat Now!

out of 766 reviews
More..
PhyzKyd

Chat Now!

out of 1164 reviews
More..
rajdeep77

Chat Now!

out of 721 reviews
More..
sctys

Chat Now!

out of 1600 reviews
More..
sharadgreen

Chat Now!

out of 770 reviews
More..
topnotcher

Chat Now!

out of 766 reviews
More..
XXXIAO

Chat Now!

out of 680 reviews
More..
All Rights Reserved. Copyright by AceMyHW.com - Copyright Policy