Personal Assignment 1

Session 2
1. Please explain in your own words, what is the IT Risk Management.
2. Please list and explain the threats to information security.
3. How do we calculate the risk?
4. How do we control the risk? And explain the four risk control strategies.

Answer
1. IT Risk management is a process or activity that is performed to support the company in
achieving their goals by protecting all IT systems and data involved in it.
2. In my opinion, a threat to the information for the next few years are
The amount of data involved. The greater the amount of data involved then
there will be a big problem as well, especially in managing it. Because each year
the company's transaction data increases. therefore, the company should have a
system that can analyze large amounts of data to help process the data so it can be
used in making decisions
Mobile apps become the main route for cybercrime. Development of mobile
technology today is very fast. Various mobile applications easily obtained
because it is free. But this rapid growth is not accompanied by security in mobile
applications. Therefore, users of mobile applications being the main target on
cybercrime.
3. Our way to measure risk is by analyzing and identifying the components involved in a
system (risk assessment). After that we can take into account the risks that may occur and
also to prepare the way to handle it.
4. Once we know what components are involved, then we will be easier to determine the
exact solution of the risks that arise. The four risk control strategies are
Identification. Strategies to control or manage the risk of the first is
identification. That we should be able to identify and categorize risks.
Evaluation. The second is the evaluation. categorization of the results that have
been done next is an evaluation to determine whether the categorization process is
done correctly and to determine the next steps to be taken/
Mitigation. After evaluating all the risks that exist. The next is to determine the
next step to be taken. In general there are four ways in dealing with risks. The first
is accept these risks. The second is prepare a plan to reduce the risk. The third is

to let someone else handle it or other parties (e.g. insurance). The last one is if
aware that the risks taken are too large then do not take the risk, cancel projects or
activities related to these risks.