The readings this week discuss the broad context of risk and investigative forensics. Part of risk management is to understand when things go wrong, we need to be able to investigate and report our findings to management. Using this research, or other research you have uncovered discuss in detail how risk and investigate techniques could work to help the organization. ERM helps to protect an organization before an attack, where as forensics investigate technique will help us after an attack – so lets discus both this week.
Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following:
- Ask an interesting, thoughtful question pertaining to the topic
- Answer a question (in detail) posted by another student or the instructor
- Provide extensive additional information on the topic
- Explain, define, or analyze the topic in detail
- Share an applicable personal experience
- Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA 7)
- Make an argument concerning the topic.
Example reasearch paper:
Chen, J. & Zhu, Q. (2019). Interdependent Strategic Security Risk Management With Bounded Rationality in the Internet of Things. IEEE Transactions on Information Forensics and Security, 14(11), 2958-2971.
Borek, A. (2014). Total Information Risk Management: Maximizing the Value of Data and Information Assets (Vol. First edition). Amsterdam: Morgan Kaufmann
Answer preview
There are basic procedures used to manage risks, including identifying risks, Risks analysis, risk evaluation and rank, treatment of risks, and finally, monitor and review the risks. The initial procedure taken by the organization is to identify the risk exposure to its operating environment. There are various types of risks, which include market, environmental, legal, and regulatory risks (Boerek & Zhu, 2014). However, organizations with risk management systems insert the system’s risks, which becomes visible for every employee. The second step is analyzing the threat. After the risk has been identified, the analysis procedure is performed. These involve determining the scope and the magnitude of the risk. Some risks may bring down an organization, and others would only be minor inconveniences.
[435 Words]