Risk

Analytics
Risk Assessment
for Organisation
Chapter 13
LOs
• Define the scope of risk within an organisation
• Explain legal and regulatory compliance issues in risk assessment
• Employ security countermeasures
Defining the Scope of
Risk
Identifying Critical
Business Activities
One of the tools that can help in identifying such activities is Business
Impact Analysis (BIA). BIA is a technique used to evaluate potential
financial, safety, regulatory, legal, contractual and reputational effect
of risk on business operations. A BIA requires the following 5
elements for its successful implementation:
Identifying Critical
Business Activities
Identifying Security
Gaps in Information
Systems
• The difference between the current security system and the one
which is required is known as information security gap. It refers to
the difference between reality and desirability.

• To identify the gap between current state and future state,

businesses conduct gap analysis. A gap analysis means determining
the difference between the level of security currently available in the
network and the level of security that is desired.
Identifying Security
Gaps in Information
Systems
Steps in gap analysis are
Examining Customer
Service Delivery
Customers expect high-quality services from a business. This level
of expectation is documented in a service level agreement (SLA).
SLA is a contract between a service provider and a customer
defining the level of service to be provided. A typical SLA includes
the following components:
Examining Customer
Service Delivery
Legal and Regulatory
Compliance Issues
Legal and Regulatory
Compliance Issues
Legal and Regulatory
Compliance Issues
Security
Countermeasures
• Information Technology (IT) forms an integral aspect of any type of
organisation, irrespective of its size and operations.
• There are separate laws and regulations to govern IT operations.
These laws help an organisation to protect the privacy of the data.
• In India, IT Act, 2000 was formed to regulate the IT-related
operations and check various unlawful activities, such as theft and
misuse of data, hacking, espionage, and malicious attacks. The Act
has been amended from time to time to keep up with the pace of
technology.
• Penalties for violating terms of the IT Act range from imprisonment
of three years to life imprisonment and monetary fines for
individuals. The violation at the corporate level may result in the
imposition of severe administrative penalties. It also leads to strict
monitoring that makes doing business difficult and burdensome
Security
Countermeasures
Compliance with the IT Act 2000
Security
Countermeasures
Summary
• The scope of risk management defines the goals and deliverables
expected from the risk management plan.
• The first step in risk assessment is to identify the business activities
that are most critical and will be highly impacted by the risk.
• Business Impact Analysis (BIA) is used to evaluate potential
financial, safety, regulatory, legal, contractual, reputational effect of
risk on business operations.
• A gap analysis means determining the difference between the level
of security currently in the network and the level of security that is
desired in the network.
• Service level agreement is a contract between the service provider
and the customer defining the level of service to be provided.
Summary
• There are many laws and regulations in the field of Information
Technology, which the organisations must comply with to protect
their data.
• Non-compliance with laws and regulations can lead to severe
consequences. Some laws have provisions to impose heavy fines on
organisations while others can result in imprisonment of
responsible individuals.