2-1 Discussion: Risk Analysis Basics and Critical Thinking
In your own words, compare and contrast the risk assessment steps in Chapter 2 and provide an example of each while describing why critical thinking is important. In response to your classmates, provide two suggestions to their initial posts and discuss why you believe they should consider your suggestions.
To acess textbook
Peer post 1
Good evening class,
The first step in performing a risk assessment is characterizing your assets. For example, how many buildings does the company have? How many employees does the company have? The second step it identifying potential threats, this is an important step. By assessing the possible threats your company may encounter you are able to continue the risk assessment efficiently. For example, is your company at risk for financial fraud? Perhaps your company builds military equipment, would your company be at risk for terrorist attacks? The third step is criticality analysis. (Norman, 2016) This is where critical thinking is a valued skill. By being able to think critically about the potential threats the assessment is able to be clear, understandable, and concise. When thinking critically about threats it may be beneficial to seek the help of others and gain their insight as well. This step is important because without it the assessment would be a mute point. This step is where the research is shown and the threat becomes real.
The fourth step is consequence analysis, this step allows the potential consequences of an attack be shown. For instance, if a terrorist attack were to occur on a building in your company, how many lives would end? How much money would the company lose? Questions such as these can be answered in step four. Step five is vulnerability analysis. This is where the assets are analyzed and true vulnerability for the assets in found. For example, how likely is it your company will have a thief break in the backdoor and rob the company? How likely is it that someone may hack into the computer system and rob the company? Which of these threats is more likely based on the vulnerability of the assets? This goes right into step six, the likelihood assessment. How likely is it one of these threats will take place? Has it been recently occurring more often? Are companies similar to yours being attack in a specific way? Step seven is risk assessment. This is where each threat noticed for specific assets is analyzed individually. Step eight is prioritizing. Which threat is more likely to occur? Rank them from their likeliness to occur so the more important threats are addressed sooner. The final step is where recommendations to mitigate the threat are provided. This step is called, risk management. This final step is one that is important to begin fixing or making changes to protect company assets. (Norman, 2016) Without recommendations the report is incomplete. Everything would be laid out with what the threat is, how likely is the threat? Is the threat more important than other threats? When all of this is complete the logical step is to figure out how to fix it. Then the process of protecting your company can continue on.
Norman, CPP, T. L., PSP, CSC. (2016). Risk Analysis and Security Countermeasure Selection, Second Edition. [MBS Direct]. Retrieved from https://mbsdirect.vitalsource.com/#/books/9781482244205/
Peer post 2
Risk assessment involves an examination in the workplace to identify the impact of hazards, assess the likelihood of injuries and the implementation of control measures to reduce risks. Identification of the hazards is the first step of risk assessment, and it involves surveying the workplace to identify the issues that could cause harm. It consists of checking the common hazards in the workplace and dealing with them to curb present and future risks. For example, the manufactures or suppliers instruction may be checked to identify any obvious hazards. The second step identifies the group or the workers that may be harmed. The workers can also be asked for people who might be harmed by the hazards. For example, people working with new machines in the workplace are prone to accidents. Critical thinking is essential in helping the workers to express their ideas clearly to the management presenting the people who might be harmed by the hazards.
Risks evaluation and decision on control measures are done in step 3. It is the most engaging step in risk assessment more than the first and the second step. The controls that exist in the organization are followed, and the implementation is done according to the hierarchy and prioritization of the precautions. For example, new machines may be more hazardous than procedures introduced in the workplace. Critical thinking is vital in this stage because it helps in the creation of new ideas and creativity in dealing with risk evaluations and control measures. Step 4 deals with findings recording and implementation. The results are documented in a risk assessment template to facilitate sharing with other parties for implementation purposes. The stage is not engaging because it incorporates the risk assessment templates that are easy to understand. However, it does not include all groups of workers like the second step, and it only uses the key parties to implement the changes. For instance, it may use the technical department if it is the most affected by the risk. The last stage involves the review and update of the assessment. On this stage, a checkup of all assessments is done to make sure the controls have been fully incorporated and identify new hazards. For example, a review might be done to determine whether a new machine has the same risks recorded in the first experience or has developed new ones. Critical thinking is essential in this step because it helps in self-reflection to justify assessment criteria.