Term Paper on "Security Risk Management Process Microsoft Company"
Term Paper 13 pages (3314 words) Sources: 1+
[EXCERPT] . . . .
Security Risk Management Process - Microsoft CompanySecurity Risk Management the Microsoft Way
Defining Risk and Risk Management
Value Risk Management
Risk Management Procedures and Processes
Key Success Factors For Security Risk Management
Risk Management Approaches
Risk Management Failure Reduction
An Analytical Review of Security Risk Management The Microsoft Way
Security risk management is a vital tool ensuring the continued success, productivity and stability of organizations across the globe. It is vital in an ever increasingly technology driven and global marketplace that organizations find ways to mitigate the increased risks associated with doing business in their environment. The purpose of this research paper is an analysis of the critical success factors related to security risk management at Microsoft Corporation. Specifically the researcher will attempt to understand what critical success factors Microsoft uses to successfully manage risk, and whether those practices might be useful or practical for other companies to adopt.
In recent years researchers and organizations have given security risk management more attention, in part because the level of risk has increased in recent years (Kimball, 2000). Multiple trends have contributed to an increased risk including globalization of trade and production and corporate investments in "volatile emerging markets" (Kimball, 3).
Risk management unfortunately however fails in many companies. In fact there are reputed
download full paper ⤓
Background to Problem
Historically as organizations have grown technologically new security risks have become imminent that must be addressed. Today organizations are connected through IT infrastructures that operate in an environment considered "increasingly hostile" where "attacks are being mounted with increasing frequency" and occurring over shorter periods of time (Microsoft, 2004). There are many factors that contribute to increased risk including higher levels of volatility within financial markets, rapid advances in technology and increasing globalization in the marketplace (Simons, 1996). The rise in transaction volume in markets has also contributed to increased threats and risk, though many risks can be calculated and prepared for (Simons, 1996).
Unfortunately in the past many organizations have been slow to respond to security threats, resulting in increased impact on business processes and procedures. Microsoft has concerned itself among other things with managing the security and safety of its infrastructure to ensure business values to customers both internal and external.
Significance of Study
Microsoft notes that a 'failure to proactively manage security may put executives and whole organizations at risk" because breaches in both fiduciary and legal responsibilities to internal and external customers become apparent when security is lacking (Microsoft, 1).
Corporations must learn to not only identify what risk is acceptable, but also learn to manage the risk. What works for one company may not necessarily work for another, based on the complexity of an organizations infrastructure, an organizations resources and management responsibilities (Microsoft, 2004).
Literature Review: Security Risk Management the Microsoft Way
Defining Risk and Risk Management
Microsoft has developed a security risk management process based on customer experience and the companies own experiences. This guide provides "actionable guidance" which promises to delivery corporations multiple benefits including (1) providing customers a "proactive security base" (2) allowing companies to measure security and place a value on risk management and (3) enabling customers to minimize large risks without deflating all possible resources in the process (Microsoft, 2004).
Barrese & Scordis (2003) suggest that risk management be viewed "as the management of the operations and activities of a corporation and its financing practices" to develop a collection of risks that "yield a corresponding average payoff" (26). Risk according to the researchers has the ability to impact all aspects of business function and personal activity (Barresse & Scordis, 2003). Risk management includes measuring the "variation of actual outcomes around an expected outcome" (Barresse & Scordis, 26).
Kimball (2000) defines risk as "the existence of uncertainty about future outcomes" and suggests it is a key factor in economic transactions because firms make real investments each day without understanding whether their investments will result in debt or improved capital (Kimball, 2000).
Value Risk Management
Risk involves negative consequences whether financial or otherwise. Risk management practices are worthwhile because they may mitigate side effects of a volatile business environment, protect future investments, prevent "erosion of the firm's finance" and ensure the productivity and success value of a corporation (Barrese & Scordis, 26).
While corporations recognize the inherent value in managing risk, many spend too little resources on risk management in part because they lack information regarding "the nature of vulnerabilities, potential loses or options to upgrade security" (Manila, 2005). Simons (1996) points out that risk management can mitigate substantial concerns and potential losses within an organization particularly with respect to an organizations value portfolio.
Risk Management Procedures and Processes
Barrese & Scordis (2003) define risk management as a process. There are many models of risk management including Microsoft's. The number of steps involved will vary from company to company, but there should be core inclusions such as (1) establishing "risk return goals," (2) identifying and valuing root causes of future revenue fluctuations or instabilities, (3) balancing loss control and assessing and implementing financial tools used to mitigate risk and (4) implementation of final processes, maintenance, monitoring and ultimately review (Barresse & Scordis, 2003). A company's exposure to risk varies with time thus it is vital corporations review and consistently update risk management processes to resolve unexpected risks that may arise with time (Miller, 1992).
Simons (1996) supports an approach to risk management called "value at risk" or VAR, which suggests organizations, determine how much money they will lose over a defined period of time if risk is not managed. More precisely the researcher asks, "how much could the value of the portfolio of an organization decline" (Simons, 3). The need to place value on risk management is confirmed by numerous other researchers who note that value helps translate ideas into reality.
Simon's ideas are in line with Microsoft's security risk management approach that suggests organizations must assign value to assets and calculate risks. To do so Microsoft suggest the organization asses the "immediate financial impact" that will be realized if an asset is lost" as well as indirect impacts of a lost asset (Microsoft, 2004). In addition to assessing the total revenue that an organization might lose during a single incident, an organization must also determine how likely a risk is to re-occur during a given year and the amount of money that an organization may lose if no action is taken to mitigate risk (Microsoft, 2004). Likewise the cost of managing a particular risk must be assessed.
Key Success Factors For Security Risk Management
Microsoft (2004) had identified multiple critical success factors that allow implementation of a successful security risk management program. These include: (1) executive and management support of risk management processes, (2) clearly defined roles and responsibilities with respect to security risk management, (3) proper identification of the impact of risk by business owners and (4) identification of risk probability by information security teams. In addition the company uses their information technology team to implement controls to minimize any unacceptable risk within the organization (Microsoft, 2004).
For a risk management program to succeed it also must be well defined with regard to roles and responsibilities; it must be well planned; it must address "critical business threats and vulnerabilities" and it must "articulate" organizational priorities (Microsoft, 2004).
Barresse & Scordis (2003) confirm Microsoft's approach to risk management. The researchers state that multiple elements contribute to the success of a risk management program. The key elements defined by the researchers including (1) management buy in, particularly senior management buy in, (2) an organizational culture that supports risk management, (3) direct communication that moves up and down as well as across hierarchical boundaries in an organization, (4) common language to define risk management and lastly (5) a "company wide responsibility center" accountable for risk management processes and procedures (Barresse & Scordis, 26). Organizations must ensure that risk management ideals, objectives, goals and processes are ingrained in every day affairs and that employees are adequately trained with respect to risk management procedures (Barrese & Scordis, 2003).
Risk Management Approaches
Microsoft identifies multiple risk management approaches including a reactive and a proactive approach. The reactive approach occurs in response to an identified threat where most efforts are concentrated at resolving a problem or threat that is already imminent (Microsoft, 2004). While this approach may be effective as a 'tactical approach to security risks that have been exploited" typically organizations can find better ways of managing risk without succumbing to risk in the first place (Microsoft, 2004). The reactive approach however does allow managers to assess an organizations risk history in an attempt to predict future security risk threats and take action to prevent them (Microsoft,… READ MORE
Quoted Instructions for "Security Risk Management Process Microsoft Company" Assignment:
Topic: Security Risk Management-Microsoft Company
Project Abstract: Project Title:
Purpose of study:
Research Methods and Procedures Used:
Conclusion:
Table of Contents: Please use Microsoft -Insert -reference for table of contents.
Body of paper: 10 pages
References:
How to Reference "Security Risk Management Process Microsoft Company" Term Paper in a Bibliography
“Security Risk Management Process Microsoft Company.” A1-TermPaper.com, 2005, https://www.a1-termpaper.com/topics/essay/security-risk-management-process/640515. Accessed 3 Jul 2024.
Related Term Papers:
Vendor Management IT Management Process Research Paper
![Paper Icon](https://www.a1-termpaper.com/images/term-paper-3.png)
Vendor Management
IT management process under the Vendor management system is a recent trend used by various organizations. Many organizations are using this centralized program to control their staffing. According… read more
Research Paper 15 pages (4065 words) Sources: 15 Topic: Management / Organizations
Inventory Management a in an Importer Industry Case Study
![Paper Icon](https://www.a1-termpaper.com/images/term-paper-3.png)
Inventory Management
The raw materials, goods in process, and finished products represent different forms of inventory. Every stage of production of commodity represents money tied up until the inventory finds… read more
Case Study 40 pages (12443 words) Sources: 40 Topic: Management / Organizations
Risk Assessment Document Term Paper
![Paper Icon](https://www.a1-termpaper.com/images/term-paper-3.png)
Risk Assessment
In the past thirty years there has been a sharp increase about the potential dangerous impacts, which from inadequate information security. But the scale of the problem has… read more
Term Paper 15 pages (5965 words) Sources: 1+ Topic: Management / Organizations
Top Cyber Security Risks Term Paper
![Paper Icon](https://www.a1-termpaper.com/images/term-paper-3.png)
Risk Management in Top Cyber Security Risks
The Top Cyber Security Risks
The process of identifying, assessing, and prioritizing of risks is referred to as risk management. After identifying risks,… read more
Term Paper 4 pages (1242 words) Sources: 4 Topic: Computers / IT / Internet
Distributed Order Management Systems Term Paper
![Paper Icon](https://www.a1-termpaper.com/images/term-paper-3.png)
Management
Distributed Order Management Systems
Theoretical or Conceptual framework
Questions addressed
Data analysis, discussion and results
Including discussion of any limitation(s))
DDSN Characteristics
SPSS Regression Statistics on DOM Investment by… read more
Term Paper 11 pages (4856 words) Sources: 1+ Topic: Management / Organizations
Wed, Jul 3, 2024
If you don't see the paper you need, we will write it for you!
We can write a new, 100% unique paper!