Risk Assessment

Chapter 10 of the course textbook discusses the importance of conducting risk assessments (RAs). Darril Gibson defines an RA as a point-in-time report used to compare current risks against the controls that are already in place. Although it is beneficial to conduct an RA often, there are challenges to conducting quantitative RAs. For this week's discussion, you will consider the benefits and challenges of risk assessments with your peers.

Part 1

· Using the internet, find an example of an adverse IT event that was likely a result of failed risk assessment and planning processes.

· As you write your post, consider the following:

· Would a qualitative or quantitative RA have been more effective in preventing the risk? Why?

· What controls would have been best to implement? Why?

· In what ways did senior management's attitude toward risk influence how the RA was conducted?

· How should the company change its RA in the future to prevent this risk from occurring again?

Part2

· Further expand on the claims of you might think

· Then explain why it is difficult to conduct a quantitative risk assessment (RA) for an IT infrastructure.

Ref: