Normally if you don’t wish to abandon an activity completely, a common approach is reducing the risk that is associated with it. Steps should be taken to reduce the likeliness of a negative outcomes occurring. This is likelihood the common strategy is appropriate for different kinds of risks. Reducing the risk allows the continuity of the activity but there should be measures in place to reduce its dangers. If this is done well, you will definitely have the best results. However, the danger is that the controls are not effective and therefore you can end up being affected by the loss you were trying to reduce (Mathew, 2013).
The company can have a log of activities done by the users on its network. These logs will keep records of things that the users of the systems will be doing so that they can have a mechanism that can be used to manage the activities done on the network. These logs will help in understanding the way the network resources are done. Another action that can be adopted by the company is to have an access control and a firewall for the database. This will help in understanding who have access to what section of the database.
Risk acceptance strategies in the organization are very crucial essentials to the company’s statements of risk tolerance. The aim of establishing risk tolerance in an organization is to state in unambiguous and clear terms, the limit of a risk, how far a company can go concerning acceptance of risk to the operations of the company, individuals, organizational assets, the Nation, and other organizations. However, real world operations are never so simple such that it makes risk tolerance statements to be the end statement for the risk acceptance decisions. The strategies of organizational risk acceptance place risk acceptance into a framework of the perspective of the organization to deal with practical realities of operating with the risk and providing necessary guidance in order to ensure that the extent of accepted risk is in specific compliant situations with the direction of the organization.
The company can use acceptance strategy by putting control policies in place; it can use acceptable use policy in order to have a manner in which company assets will be used. It is very important to have ways that data can be used in the company for the users to be aware of the procedures to be followed when handling company resources.
Organizational risk avoidance strategies can be the most important way of achieving enough risk response compared to other risk response strategies. The pragmatic realities of tenacity information technology available to be used within the constraints of a common resource make good use of these arguably significant technologies, if not a significant risk response. Proper use of information technologies that include information systems of an organization is basically a form of risk avoidance; organizations alter the way information technologies are used to change the essence of the risk being incurred. These kinds of approaches can lead to great tension with the desires of the organization and also sometimes the mandate to fully automate business processes/ mission. Organizations address this dilemma proactively so that: senior executives/ leaders are held accountable on when the risk is within their ability to affect it; and decision makers of the organization can make risk decisions that are difficult that may be in the best organizations interest (Mathew, 2013).
The company can adopt avoidance strategy by implementing the use of access controls on its systems. This can be achieved by having an access control mechanism in place that includes the use of usernames and passwords for a user to be allowed access to the system.
Organizational risk transfer strategies and risk sharing strategies are very crucial elements for risk decision for organizations specific business functions/ missions at Tier 3 or information systems of the organization at Tier 2. Risk transfer and sharing strategies together consider and also take advantage of lessening of risk transfer/ sharing the potential impact of the risk across other internal elements of the organization or also with other external organizations, showing that some entities are wholly transferable or the organization can partly share accountability and responsibility for the risk. For risk transfer or risk sharing to be risk responses which effective, its impact on local environment such as information systems or business processes/ mission should be addressed by transferring or sharing. Moreover, risk transfer and risk sharing activities should be carried out according to inter- and intra-organizational realities and dynamics. This explains why risk transfer/ sharing strategies are important particularly for transfer and/ or sharing to be a productive risk response option (Loach, 2000).
The company can form a team that will be tasked with listing the users who access the system and also have ways of understanding the type of data that is being accessed by the system users. This information will therefore help in understanding how to achieve audit of the information systems.
De Loach, J. Enterprise-wide Risk Management: Strategies for linking risk and opportunity. London: Financial Times/Prentice Hall, 2000
Mathew, M. Risk Response Strategies, 2013. 9 July 2015 <http://www.fedramp.net/risk-response-strategies>