FACULTY OF INFORMATION MANAGEMENT

FUNDAMENTAL OF INFORMATION SCIENCE

(IMC412)

GROUP: CDIM1B

PREPARED BY:
SITI NUR NAZIRA SHAFIQA BINTI RAMLI (2023622888)

PREPARED FOR: MAD KHIR JOHARI BIN ABDULLAH SANI

SUBMISSION DATE:
27 NOVEMBER 2023
 Table

1.0 INTRODUCTION

Information risk refers to the potential threat or harm that can occur due to the
inadequate protection, management, or misuse of information within an organization. In today's
digital age, where information is a critical asset for businesses, the concept of information risk
has gained paramount importance. This risk encompasses various factors, including the
confidentiality, integrity, and availability of information. Information risk management, or IRM, is
a method of reducing risk through technology, rules, and processes. It lowers the possibility of
cyberattacks from third-party vendors, vulnerabilities, and inadequate data protection. Data
breaches are extremely harmful to businesses and are frequently the result of inadequate data
security (Tunggal, 2023)

2
 Table
:

2.0 DISCUSSION

Information risk refers to the potential for harm or loss arising from the inadequate
protection, management, or use of information within an organization. It encompasses a range
of threats that can impact the confidentiality, integrity, and availability of information. In the
context of information security and risk management, information risk is a key consideration for
businesses and organizations that rely on digital systems and data.

Confidentiality risk is the risk that unauthorized individuals or systems may gain access
to sensitive or confidential information, leading to unauthorized disclosure. By only utilizing
sensitive data when authorized and required, the risk to confidentiality can be further
decreased. The privacy and confidentiality of sensitive data, as well as the people or groups it
represents, are violated when it is misused. Data confidentiality is about protecting data
against unintentional, unlawful, or unauthorized access, disclosure, or theft. The privacy of
information, including permissions to access, distribute, and use it, is related to confidentiality.
If disclosed to parties other than those intended, information with little confidentiality concerns
can be deemed "public" or otherwise not dangerous. High-confidentiality information is
regarded as secret and needs to be kept that way in order to avoid identity theft, account and
system compromise, reputational harm, legal trouble, and other severe outcomes.

Next, integrity risks are those that have the potential to enable integrity violations.
Certain hazards, like conflicts of interest, are commonplace, but others are unique to an
authority due to the nature of its operations. The risk profile of an authority is made up of
identified risks (Australia, 2021). Why are risk analysis and planning for integrity important?
In order to safeguard resources and the community, the public expects authorities to be
aware of hazards and take appropriate action. Planning is necessary for controlling integrity
risks to be effective. Iterative risk management is crucial for authorities to accomplish their
goals, formulate sound plans of action, and reach well-informed conclusions.

Operational risk is the possibility of suffering a loss as a result of personnel, systems,

internal processes, or external events that could impede the regular course of corporate
operations (Vicente, 2023). These operational losses may result in financial losses directly or
indirectly. For instance, a company's reputation may suffer indirectly from subpar customer
service, or a poorly trained employee may directly cost the organization a sales opportunity.

3
Operational risk encompasses the risks associated with running an organization as well as the
procedures management use to put policies into place, train staff, and enforce them.
Operational risk can be thought of as a series of interconnected problems. Ignored problems
and control shortcomings, no matter how big or small, can increase the likelihood that a risk
will materialize, which can lead to an organizational breakdown that could negatively impact a
company's earnings and reputation.

The term "strategic risk" describes the internal and external circumstances that could
make it difficult or even impossible for a company to accomplish its aims and objectives. These
hazards may have serious repercussions that affect companies over time (Glossop, 2021).
Similar to other types of risks like operational, financial, reputational, and regulatory risks,
strategic risk is also a type of risk. There are situations where operational and strategic risk are
confused with one another. Some of the example is, imprecise or poorly executed strategic
decisions, financial challenges and the introduction of new products or services.

Any hazard or danger that could harm your company's reputation with customers and
negatively affect your overall success as a corporation is known as reputational risk. These
hazards can materialize suddenly and are usually unanticipated. (Needle, 2022). Social media
users' ability to swiftly take to their accounts and share bad experiences with audiences around
the world has increased the potential of reputational risk scenarios for firms. Furthermore,
breaking news sources have little trouble sharing information across a variety of channels.

Any risk posed to a business by outside parties within its supply chain or ecosystem is
referred to as third-party risk. These parties could be contractors, partners, suppliers, vendors,
or service providers with access to sensitive data, systems, or customer or internal corporate
information. (chipeta, 2023). The term "third-party risk" describes the possible dangers and
weaknesses that could result from an organization's reliance on outside parties, including
suppliers, partners in business, vendors, and service providers. An organization runs the
danger of being held accountable for the deeds or inadequacies of external entities when it
depends on them to supply services, provide goods, or manage sensitive information. These
hazards have the potential to affect an organization's operations, data security, regulatory
compliance, and reputation, among other areas.

4
 Table
:

Last but not least, compliance risk. The legal, financial, and criminal risk that a business faces
when it disregards industry laws and regulations is known as compliance risk. Regulations are
formal guidelines that specify how things need to be done. Safeguarding individuals and
confidential information is the aim of numerous laws. Establishing best practices and tools is
necessary for organizations to ensure data security. For example, failure to report suspicious
transaction. Any unusual transaction needs to be noted and reported to the government's fraud
and treasury staff. A suspicious activity could be the unexpected inflow and outflow of huge
sums of money from an account.

5
3.0 CONCLUSION

In conclusion, information risk management is essential in the modern digital

environment. Because systems are interconnected and companies rely more and more on
technology, they are exposed to a wide range of dangers. Information risk management
requires a multifaceted strategy that takes human factors, technology, and policy into account.

Information risk management is ultimately a continuous process that calls for departmental
cooperation, flexibility in the face of changing risks, and a dedication to staying on the cutting
edge. Organizations must continue to be alert in their efforts to protect sensitive data as
technology develops and the threat landscape changes. This will help to ensure the resilience
and continuity of their operations in the face of any threats.

6
 Table
:

REFERENCES

Australia, T. G. (2021). Risk analysis and planning for integrity. intergrity risk.
chipeta, C. (2023). What is Third-Party Risk? third party risk.
Glossop, A. (2021). Strategic risk: a quick guide. What is strategic risk?
Needle, F. (2022). What Is Reputational Risk? [+ Real Life Examples]. reputational.
Tunggal, A. T. (2023). What is Information Risk Management? cyber security.
Vicente, V. (2023). What Is Operational Risk Management? A Complete Overview of
Operational Risk Management.

7
8