Information security is a crucial concept in ensuring organizational performance and efficiency and effectiveness in service delivery. This is so, especially since the application of technology in delivering services is now a basic need to any organization that desires to compete favorably in the market economy, given the rise and move towards globalization (Whitman & Mattord, 2005).
Information security faces numerous issues, some of which seem effortless, but it is riveting how interestingly complex they can be, when it comes to handling them. One such issue is risk management. Complexities that come with automation in the information sector seem to be compromising on security, these include computer illiterate staff that cannot use the systems, how rapidly technology changes and the recently acquired technology are rendered obsolete just before it is fully utilized and the maintenance costs incurred in keeping the systems in place (Doherty, 2000).
Solutions to such challenges have been suggested, some of which are equally fascinating as the challenges themselves. A recommendation to employ people that are computer literate sounds reasonable, but the time they will take to be trained on risk management seems equally equal to that which could be used to train the illiterate staff. Then there is the adoption of new technology that seems to be recurring, each time new technology is adopted, another emerges and is too adopted making this solution a viscous cycle that seems not to end (Whitman & Mattord, 2005).
2) Discuss in-depth challenges regarding the belief/culture perspective in risk management
Risk management awareness as an information security issue faces many challenges. A crucial challenge is the difficulty experienced when measuring the occurrence rates. This is experienced since records on all previous happenings cannot be availed for analysis and review. It is also so tasking to evaluate and determine the extent to which a risk, especially one that involves tangible assets is severe.
Improper assessment and setting of priorities, as regards risk management, is another challenge facing this process in most organizations. This often results into wasting of so much time analyzing and trying to resolve risk related issues that are unlikely to be experienced. So much time and resources are, therefore, lost in this process, hindering other processes that could be beneficial in ensuring information security to the organization from proceeding (Kunreuther & Slovic, 1996).
Qualitative assessment in risk management also is less or entirely not consistent. This is mainly because it is a subjective process, prone to bias and entirely dependent on assumptions made by individuals. These compromises much in the security of information since the systems can be easily attacked, without such risks being noticed. So many legal issues and bureaucracies involved in information security add up to such inconsistency.
3) Suggest solutions to address the belief/culture perspective risk management
Some strategies are utilized in dealing with risks; risk avoidance, hazard prevention, risk reduction, risk sharing, risk retention, and creation of a risk management plan. Risk avoidance is all about utterly not taking a step that could lead to the occurrence of a risk. This may be viewed as a crucial solution to all risks, but it also means losing on potential gains and limitation of profit generation (Peltier et. al, 2005).
Hazard prevention is all about preventing risks when an emergency has occurred. Then there is the issue of risk reduction as a solution to risk management challenges. It is a process aimed at reducing the possibility of a risk occurring or in the event of an already experienced risk, limiting the losses incurred. These strategies are so compromising on the security of information, since they are applicable only after the risks have occurred and compromised information security. Creation of a risk management plan is such a solution suggested towards ensuring security of information. This is because a plan specifies on the procedures and controls to be used, making the process less complex (Crouhy et. al, 2000).
Crouhy, M., Galai, D., & Mark, R. (2000). Risk management. New York: McGraw Hill.
Doherty, N. A. (2000). Integrated risk management techniques and strategies for managing corporate risk. New York: McGraw-Hill.
Kunreuther, H., & Slovic, P. (1996). Challenges in risk assessment and risk management. Thousand Oaks, Calif.: Sage.
Peltier, T. R., Peltier, J., & Blackley, J. A. (2005). Information security fundamentals. Boca Raton, Fla.: Auerbach Publications.
Whitman, M. E., & Mattord, H. J. (2005). Principles of information security (2nd ed.). Boston, Mass.: Thomson Course Technology.