Risk Analysis and Policy Formulation

Thesis statement

Risk analysis is identifying and evaluating any possible vulnerabilities, dangers or threats that might affect a business entity and getting solutions of how to subdue them.


An analysis can both be qualitative or quantitative. Qualitative method is the most commonly used and thus more popular. It is describing the characteristics of the potential negative eventualities, evaluating how risky they are and coming up with mitigations or solutions, in case a hazardous event takes place. Quantitative analysis uses numbers to approximate the likelihood of uncertainties, risks and threats. It further put a figure on how much damage any of the above mishaps would cause in case any of them occurs. Risk analysis is a business tool which aids in the identification and formulation of the optimum and versatile security measures that will fully subdue the speculated risks. It is also supposed to direct business decision makers in putting in place the most appropriate budget on security issues which will give the best yields the nature of the risk notwithstanding (Broder, 2006).


The security problems faced in this corporation are intrusion of the corporation’s valuable data. The corporation also has substantial evidence that some customers’ credit card details were illegally accessed. Some employees might have, without authority, accessed personnel data because it had not been fully protected. Other probable risks are viruses, spam and remote hack attacks. This is an indication that the corporation’s operating software is unprotected and can even crash down unannounced in case an unforeseen attack occurs. However, the security of the hardware systems was reported intact and in good shape. The use of digital surveillance equipment and the competence of security personnel have made sure that no hardware parts of the information, communication and technology departments are taken out of the corporation’s building without verification.

A breach to information security will obviously call for a revision of security measures to fill in the loopholes which have been already earmarked. The first step that should be taken is to indefinitely retire the employees involved in stealing personnel information as well as prosecuting them, if the corporation deems it fit to do so. If they have not been identified, computer forensics can be initiated to kick start an investigation. Such a move will discourage other employees from intruding into private information without authorization. All employees should be made aware of the privacy act statutes covering the handling of confidential data and the penalties which accompany a violation of the same.

The software system should be further buffed up with programs that allow for restriction to and access of information by selected individuals. This will mostly be applicable to cases where personnel data is been stolen and remote hackers who are compromising confidential details of customers’ credit cards. Introductory levels of accessing classified information should be installed. All employees should be denied access to confidential information that is irrelevant to them and if in any case there would be need to access it, they should get clearance from the relevant authority.

All computers and servers should have passwords and methods of encrypting private information to lock out unauthorized access. This would also stop some employees from framing others by using their computers to do something illegal (Hoffman, 2003).


In conclusion, the computer security in this corporation has been compromised before. Future attacks cannot be ruled out. Therefore, it is imperative upon the management to institute mitigation measures. Security breach is a major threat that would bring down a corporation because it would lead to lose of clients. Similarly it is important to reduce the risks and have countermeasures implemented in case there is an adverse event which is to occur. Those employees or outsiders, who are guilty of crimes of compromising confidential information of the corporation, should be prosecuted to be an example to others who might have similar tendencies.

Order now

Related essays