Applying risk management

Risk Assessment and control deals with identifying, analyzing, and planning all types or risks. It must also account for any newly rising risks and keep track of them and what they can do to a system. This paper will explain some possible risks and how to avoid them, but only as an example that can be extrapolated to the entire concept of Risk Management. It will also cover ideas that be applied to other businesses, not just Huffman Trucking.

Before we can create a plan to assess risk to the company, we must first learn what the risks are. In the case of Huffman Trucking, the risks can be from data loss from inside or outside sources, hackers, corporate espionage, and natural disasters. This is all part of the planning stage of Risk Management.

The avoidance concept is one whereas the company creates a plan or policy to prevent security issues from arising. The first step that can be taken is to increase physical security. This will be done by securing the building that Huffman Trucking uses for their offices. All doors will need to have security keycard access, which will have to be installed. This way, it is easy to actively manage who is allowed in what section, and keep unauthorized people away.

These keycards will also allow for tracking of which employee was trying to access, or did access what room on what date and at what time. In case the physical security is breached, this data will help investigators to track all employees in an attempt to find out if it was an internal issue. A side benefit to the keycard access control is that if someone inside the company wanted to steal company or employee data, or was working as a spy, they could be deterred from attempting to steal. Sometimes the simple sight of security will deter people from even thinking about stealing data.

Building upon the idea of increased physical security, as Huffman is in the trucking industry, and there is a warehouse involved, it is recommended that security guards be hired to patrol the premises 24 hours a day, 7 days a week. This show of physical protection will help to secure the vehicles and the large warehouse. This will also help to act as another layer of defense to keep watch on the vehicles that are used, from trucks to forklifts, that could be stolen or broken into.

Transference is when the company (Huffman Trucking) hires an outside firm to control and manage the systems that are at risk. The first step of Transference is the hiring of a security company. The next stage would include computer security and network security. An outside firm would be in charge of creating and implementing both software and hardware security systems to prevent an outside attack from happening.

This outside firm would manage all computers and servers. Included with the service would be software updates of installed software, installation of malware and antivirus protection and fine tuning of said software, and increasing the security of the network.

Mitigation deals with reducing the impact what happens when the network or computers are attacked. Since Huffman Trucking is moving towards more electronic data use, it is paramount that this data is secured and backed up as much and as often as possible. If there is an issue that causes the data to be lost, Huffman Trucking would be out of business. Creating a proper backup plan and implementing it properly is essential to allow the company to recover the lost data and continue on with business. This allows the business to continue to operate and recover from any data loss.

Acceptance understands what will happen when something is breached, and considering it either more cost effective or resource effective to not deal with it until it is breached. It is not recommended to use this course of action for Huffman Trucking.

Once the plan is created and implemented; only half the work is done. A Risk Management plan is one that needs to be living and breathing. It must be able to change and be adaptable to new risks of any kind. Using a power loss as an issue, it might make sense to only have battery backups on site. However, as the company grows, or power outages happen more frequently, it would be wise to install a generator to create and supply the needed power when the local power utility can’t.

In terms of network security, when new style networks are created, especially on the wireless side, the security policy needs to adapt to meet the new needs of network security. The Risk Management plan will always need to be reviewed, mainly on a yearly basis. If part of the plan is put into action, for example a network breach, the plan must be reviewed to make sure that it accounts for what happened, and create a plan to prevent it from happing again.

When understanding what the risks are, we can work to plan to overcome them. This paper talked about three different forms of Risk that Huffman Trucking can and will face. It also gave some ideas on how to overcome these risks, albeit at a high level view. These concepts can be built upon and thought out to help secure Huffman Trucking from a lot different types of risks that they face.