Risk Assessment Health and Environmental Risks

Question: Describe about the Risk Assessment for Health and Environmental Risks. Answer: Introduction: The risk identification in an organization is important to be considered, as it helps the organization in eliminating the risks and challenges that most of the projects usually have. It is highly important to understand and adopt the effective means of defending and protecting vital information of the organization. Hence, the aim of the report is to mitigate and resolve and overcome the issues and risks associated with the organization (Covello Merkhoher, 2013). Discussion: It should be remembered that the method of risk assessment is not about creating an enormous amount of paperwork, but it is rather about the identification of the sensible measures necessary for controlling the risks in the workplace. It should be remembered that the organization is required to introduce a systematic and organized approach to the issue of risk assessment in the organization (Faerbar et al., 2015). First, the organization is required to identify the possible risks that can potentially harm the organization. Hence, the first step that has to be taken is to check or cross check the data sheets of the manufacturer, and to gain a comprehensive knowledge about the general risks and threats that challenge the Information Technology system. The common threats that one usually comes across constitute, the failure of the hardware and the software, malware that can potentially disrupt the operation of the computer, virus, spam and scams, or even human error. Again, it is also i mportant to have a check on issues, such as criminal IT threats, that can also damage the important data of the organization (Haimes, 2015). Once the source of the threat is being identified, it is important to analyze how the organization is going to be affected by the respective threat. Followed by this, the risks are supposed to be evaluated and the resultant findings should be properly recorded for future reference. However, the organization chooses to adopt the IT-Grundschutz system. This is one of the most effective strategies adopted by the organization. As per this risk assessment method, the risk of the organization will be analyzed by identifying the risks, followed by categorizing the risks into the following threat catalogues such as the BSI Standard 100-1, BSI Standard 100-2, and others. Further, apart from identifying and classifying the risks involved, the organization will also require categorizing the protection requirements needed to mitigate and resolve the IT issues (Ergu et al., 2014). By defining and classifying the protection requirements, the organization will be able to trace the factors that are leading to such risks, and can accordingly take the necessary steps to resolve the issues. This will assist the organization to understand if the IT risk is caused by negative internal or external effects, violation of laws and norms, or is it because of any kind of impairment of duties (Theoharidou et al., 2013). Once the reason behind the risk is comprehended by the organization, it will focus on the safeguard methods that are required to be adopted in order to combat the issue. The safeguard measures the organization may reach at, may be various, such as change in infrastructure, or contingency planning. Finally, the organization will also regularly review and update the risk assessment procedures, so that it can take note of the significant changes, improvements or problems that have emerged as a result of the introduction of the new procedure (Vinnem, 2014). Conclusion: It is important to note here that there would be residual threats that cannot be prevented by ordinary safeguard measures. Hence, it would be important for the organization to ensure that it also introduces additional security measures as well that will help in reducing the risks to an acceptable level. However, it is important to note that the organization must make sure that it does not merely assess the risks, but necessarily reviews the risks. Reference List: Covello, V. T., Merkhoher, M. W. (2013).Risk assessment methods: approaches for assessing health and environmental risks. Springer Science Business Media. Ergu, D., Kou, G., Shi, Y., Shi, Y. (2014). Analytic network process in risk assessment and decision analysis.Computers Operations Research,42, 58-74. Faerber, A. E., Horvath, R., Stillman, C., OConnell, M. L., Hamilton, A. L., Newhall, K. A., ... Goodney, P. P. (2015). Development and pilot feasibility study of a health information technology tool to calculate mortality risk for patients with asymptomatic carotid stenosis: the Carotid Risk Assessment Tool (CARAT).BMC medical informatics and decision making,15(1), 1. Haimes, Y. Y. (2015).Risk modeling, assessment, and management. John Wiley Sons. Theoharidou, M., Tsalis, N., Gritzalis, D. (2013, June). In cloud we trust: Risk-Assessment-as-a-Service. InIFIP International Conference on Trust Management(pp. 100-110). Springer Berlin Heidelberg. Vinnem, J. E. (2014).Offshore Risk Assessment vol 2. London: Springer.