Risk Management (Firms and organisations within the healthcare sector) Essay

Risk management (Firms and organisations within the healthcare sector) - Essay ExampleUpon questioning our Chief Information Officer regarding risk appraisal and management in our organization, I was informed that we had a very well-developed system in place, one whose force and effectiveness were an outcome of trial and error.At the end of the 20th century, we have witnessed the massive transition from isolated, unlogical computers to networked computer clusters all everyplace the world. At present time, there are an estimated 250 million networked hosts world-wide (Telcordia, 2002). This global pervasive connectivity has been a boon for consumers, businesses and organisations alike due to the ease, convenience and speed of electronic data exchange. However, the ease of determination and relative anonymity that the Internet affords has been leveraged by criminal elements, as well. Indeed, no private, commercial or government agency is completely safe or has been un touch by t he proliferation of this kind of cyber-crime. E-Commerce Times reported that the ILOVEYOUcomputer virus affected 45 million hosts and inflicted monetary damages to the tune of estimated $2.6 billion (Enos, 2000). The infamous Melissa macro virus caused an estimated $300 million in damage in 1999 and several prominent e-commerce sites were hit by Distributed defence mechanism of Service attacks in the beginning of 2000 (Committee on Science, 2000). The estimated worldwide damage caused by automated digital attacks over $30 billion for 2002 (Economic Damage, 2002). These estimated damage figures have to be taken with a grain of salt, but the disposition is clear. Moreover, in just a dozen years time, the propagation speed, as well as the estimated damages has change magnitude by five, and two orders of magnitude, respectively.The healthcare organization in question has been affected by both viruses and body politic attacks. As the Chief Information Officer noted, each virus or DoS incident turn out extremely costly, whether calculated in terms of financial loss or the cost of resolving the problem. Therefore, to prevent, or limit, the possibility of future attacks, the organization has adopted a rather comprehensive information security framework. fall upon components of this framework, according to the CIO, are risk assessment and risk management. 3Risk AssessmentRisk is normally defined as the product of probability and severity of adverse effects, and the most common approach to measure out risk is a single figure - its expected assess Hai98, p. 29. Mathematically speaking, given a random variable with probability function and loss function , the expected risk value in the trenchant case is equal to . It is apparent that these are generic probability weighed averaging formulas. As further explained by the CIO, its semantic specialization into an expected value of risk occurs through the loss function. The unit of the expected risk value is the unit u sed by the loss function and could be downtime, cost, credibility, etc.As a preceding example, the simplified risk of attack consequences on a host that is running one application is shown in the table belowHypothetical Risk Confronted by the Healthcare