RM 357E Risk Management

1. Describe the purpose of a risk assessment, risk scope and identify critical areas for an assessment.

2. Select risk assessment methodology and give your rationale behind the one you chose.

Introduction

All the organisations must adopt the risk assessment procedures in their premises and Microsoft being a Fortune 500 is no exception and being a security consultant of the company it is his responsibility to analyse the risks’ scope, the purpose of risk assessment and selection of risk assessment methodologies and the report will showcase those.

1.Description of the purpose of a risk assessment, risk scope and identify critical areas for an assessment. 

The purpose of a risk assessment

The risk assessment is performed in Microsoft for the following benefits

1. Risk assessment saves important assets like time income and property of both the company and the customers (Leslie et al., 2016).
2. To developsecuresurroundings for all the company staffs and the customers so that they can get hassle free service from Microsoft.
3. It also saves the customers assets to be précised personal information from being hacked off.
4. It saves the company from all kind of security breaches like hacking of source code, hacking of services like Windows, Microsoft Azure and many others. If these get hacked, then they will face heavy loss and lose reputation.

Risk scope and identification of critical areas

The risk scope includes the following-

1. Leaking of accidental data:Sensitive data of the company can be accessed by unauthorised users.
2. Malware attack:Microsoft’s database can be hacked by various malware like Trojans, ransomware, worms and viruses attack.
3. The passwords given by customers are weak:There is a possibility their data can get hacked and the Microsoft will have to take the blame (Haimes, 2015).
4. Malicious access:The intruders can grant malicious access to any one’s personal device resulting in exposing personal information.
5. Outdated OS:The Windows OS must be regularly updated otherwise it may result in security breaches.
6. Unskilled users:The users are not fully used to Windows and other Microsoft software that is why the intruders or attackers can take advantage.

2.Selection of proper risk assessment methodology 

Microsoft has their individual risk and security assessment tools to secure their system and company. The Microsoft Security Assessment Tool analyse the threats and risks associated with people, procedures and the techniques and technology. All the analysis is done following the rules, regulations, standards and policies of the company.  After all the analysis is done, a report is prepared where the risks can be measured and compared and can provide solutions for mitigating the risks (Bahr, 2014). The Microsoft Security Assessment Tool focuses on five categories of the risk assessment- identification of the risks associated that may cause threat to the organization, the organisations and the individuals who may get harmed, assessing the risks and then taking action accordingly, preparing a report to keep hold of the record and finally reviewing of the risk assessments (Alfonsi et al., 2013).

Conclusion

It can be concluded from the above discourse Microsoft being a tech giant must be aware of all the security risks and threats and so they must maintain the security methodologies, the report highlighted all the security and risk scopes, the necessity of risk assessment in details. Microsoft being a renowned fortune 500 company must be aware of the risks all the time and so, they should focus on the assassination of the risks and then taking immediate actions, otherwise, any kind of security breach will cost them too much.

References

Alfonsi, A., Rabiti, C., Mandelli, D., Cogliati, J., & Kinoshita, R. (2013, May). Raven as a tool for dynamic probabilistic risk assessment: Software overview. In Proceeding of M&C2013 International Topical Meeting on Mathematics and Computation.

Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC Press.

Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.

Leslie, W. D., Majumdar, S. R., Lix, L. M., Josse, R. G., Johansson, H., Oden, A., ... & Kanis, J. A. (2016). Direct comparison of FRAXR and a simplified fracture risk assessment tool in routine clinical practice: a registry-based cohort study. Osteoporosis International, 27(9), 2689-2695.