Sample Essay Paper on Risk Assessment

Risk Assessment

The current explode in global information systems worldwide necessitates for a proper mechanism in order to manage the various enterprise systems within organizations. The organizations also strive to employ different methods to prevent catastrophic events. These methods consist of organizational policies, human effort, and other risk management guidelines. One of the guideline key in risk management is a risk assessment process employed by organizations to try and learn various systems that have been put in place in order to ascertain the extent they may get vulnerable to attacks and penetration attempts. Risk assessment is the process of identifying and prioritizing risks to the organization (Vellani, 2006). It is one of the phases in risk management commonly used in providing organizations with proper control methods, measures and safeguards or even countermeasures in the event of the emergence of a risk in order to reduce the risk levels, which can be handled properly by the management. This also enables an organization to establish proper controls in order to reduce risks to the best possible minimum levels (Peltier, 2005).
Matrix solutions as an online company involved in selling and distributing softwares through the internet infrastructure needs a properly outlined and structured risk assessment methodology, which will help it to ascertain the integrity and availability of its online business. The risk assessment methodology will help the company to categorize the threats, and be able to respond well to the threats in case a threat emerges. In its quest to remain competitive, the company needs to implement this proposal in order to help it to identify and classify mission critical applications, which will need to be defined as per the level of engagement in supporting the online systems.


This risk assessment methodology will be an integral section in the risk management process since it will help the company in defining all possible threats as either qualitative or quantitative in order to reduce undesirable consequences (Bersani et al, 2008). Matrix solutions will need to characterize their systems in terms of technical capabilities both including the present hardware and software, which is used in supporting the overall Information systems infrastructure. This stage will be of great importance since it will enable the management of the company to have an in-depth understanding of the main critical information systems and other IT resources interfacing with the operational systems. This will enable the company to be able to document its IT resources, and assets through modeling and simulation in order to understand how information flows. In the documentation, information gathering will be key, covering the aspects of the operating systems, and other functional aspects of the online system.
Upon carrying out a system characterization, matrix solutions will need to perform a vulnerability analysis in its wider information system infrastructure. Vulnerability analysis will help in identifying, evaluating, and reporting any known security vulnerability within the technology infrastructure. It will report to enable the management be able to document any known vulnerability or weakness within the information system, which can be exploited by hackers. This will be done through employing system checklists, interviews, and the use of scanning softwares on software and administrative procedures.
The other useful stage will be the control analysis phase. This stage will be used to assess any existing and already implemented operational, technical, and management safeguards as pertains to security controls that are used to prevent hazardous events from destroying or interfering with key application systems.


This stage will entail an in-depth analysis on system controls, audit controls, disaster recovery capabilities, and others, such as security management capabilities.
This proposal on the other hand analyses the impact of the known threats on the information system. This will enable the company to understand the nature and potential threats, and to what extent they may devastate the infrastructure of the company. It will also enable the organization to be able to classify the threats and associated impacts as either, high, medium or low based on the analysis found on how the threats can damage the overall computing infrastructure. The company would also be able to understand the impact to which the threats would have as pertains integrity, availability and confidentiality of organizational information.
Once the above have been well defined, a risk mitigation strategy will be put in place to ensure that all identified and documented risks are well taken care of in terms of being able to prevent risks from re-occurring, being able to implement security controls to deter such risks, and being able to detect and respond accordingly once such risks have emerged in order to prevent destruction to the information system. The mitigation strategies will involve developing a plan, which will help in remediating the effects of the risk (Dubrawsky, 2009). This proposal uses standard guidelines in risk management that will help matrix solutions to be able to mitigate the risks.

This thus when implemented will help the company to have a proper mechanism on how to handle risks. Therefore, it will enable the organization to reduce any hazardous effects on the information system in the event a risk occurs.




Bersani, C. (2008). Advanced technologies and methodologies for risk management in the global transport of dangerous goods. Washington, DC: IOS Press.

Dubrawsky, I. (2009). CompTIA Security+ Certification Study Guide: Exam SY0-201 3E. Burlington: Elsevier.

Peltier, T. R. (2005). Information security risk analysis. Boca Raton: Auerbach Publications.

Vellani, K. H. (2007). Strategic security management: A risk assessment guide for decision makers. Amsterdam: Butterworth-Heinemann.