A Risk Management Policy Brief
Lack of a uniform risk management strategy at Red Clay Renovations can lead to immense information security compromise, especially because of increased threats in the contemporary business environment. Immense deployment of Internet of Things (IoT) without a relevant information security risk mitigation strategy significantly increases the company’s risk of cyber-attack. Some IoT aspects, such as Bring Your Own Device (BYOD) arrangement, which enhances remote access, can considerably compromise information security, because an organization cannot explicitly manage devices connecting to the company network (Downer & Bhattacharya, 2015). Moreover, the company risks incurring immense financial costs on non-compliance fines from regulatory agencies, such as HIPAA (Chen & Benusa, 2017). For instance, allowing ‘Reality Media Services’ (RMS) to retain independence after acquisition considerably reduces transparency across the entire organization, hence Red Clay Renovations cannot guarantee compliance to information security policies and industry standards across the entire organization. Therefore, the company needs to implement a uniform information risk management strategy to enhance transparency, hence improve compliance, and reduce the high chance of information security incidences from the IoT system, especially devices.
The DHS Policy
A uniform risk management strategy consisting of training and a particular business process can significantly enhance information security threats and vulnerability, especially by improving compliance. Although DHS suggests that the ‘one-size-fits-all’ strategy is neither desirable nor feasible, the organization acknowledges that it can offer broad guidance, which can be tailored to meet specific risk management needs (Beer, 2011). In this regard, a uniform risk management approach can significantly reduce chances of cyber-attacks across the entire organization, by enhancing compliance, as well prioritizing the most significant risks. For instance, formulating a uniform risk management strategy can help Red Clay Renovations to improve compliance across the organization, by enhancing transparency, and prioritize reduction of risks from IoT devices that significantly increase the threat of cyber-attack to the firm (Yoon & Kim, 2017). Therefore, with a single business process-based strategy, Red Clay Renovations can considerably reduce the risk of incurring financial losses from non-compliance fines and law-suits after an information system compromise.
Regardless of its immense benefits, the DHS policy has some drawbacks that Red Clay Renovations must be ready to address to significantly improve organizational risk management. For instance, because the policy emphasizes a unity of effort, including immense synchronization, the firm must be prepared to incur an increased cost of implementation emanating from strategic, operational and institutional system differences between Red Clay Renovations and RMC. Moreover, as noted earlier, a uniform technique of risk management is neither feasible nor desirable, because it cannot totally eliminate chances of information system compromise (Beer, 2011). Therefore, Red Clay Renovations must supplement the uniform risk management approach with a risk avoidance strategy, including extensive focus on the most significant threats and vulnerabilities, to considerably reduce security risks,.
The Risk Control Strategy
Lack of transparency is one of the primary sources of risk management issues at Red Clay Renovations, especially because the organization cannot effectively implement a risk avoidance strategy, including activities, such as training and system integration. Specifically by allowing RMS to run independently, Red Clay Renovations cannot appropriately identify specific areas of improvement with regard to risk management. In this regard, the organization cannot conduct successful employee training to enhance compliance, as well as significantly reduce exposure. Because RMS employees are custodians of essential customer information and can access the company network, they pose a significant risk to the company information systems, as well as the functionality of smart homes delivered by Red Clay Renovations. With high level of non-compliance and delivery of products, with a significant information risk, the organization risks loss of revenue, because of reduced customer satisfaction, as well as immense financial losses from regulatory fines (Chen & Benusa, 2017). Therefore, the company must implement an institutional risk avoidance strategy, by integrating RMS into its organizational structure to improve compliance and deliver products with reduced information security risks.
Red Clay Renovation must implement a robust information security startegy to reduce the risk of information security compromise, especially from IoT devices and reduced compliancy to policies and industry standards. Despite adopting immense operational and organizational changes, the company is yet to implement an effective risk management approach to reduce chances of cyber-attacks. For instance, by allowing DMS to run independently, the organization lacks sufficient transparency to enhance information security management in the entire organization. The company cannot conduct institution risk mitigation activities and system integration to significantly support operational processes that ensure delivery of products with a reduced risk of attack. Therefore, Red Clay must implement a uniform risk management strategy which can significantly enhance transparency to improve implementation of an institutional risk mitigation strategy, such as avoidance, including training and system integration.
Beers, R. (2011). Risk management fundamentals: Homeland Security risk management doctrines. Retrieved from https://www.dhs.gov/xlibrary/assets/rma-risk-management-fundamentals.pdf
Chen, J. Q., & Benusa, A. (2017). HIPAA security compliance challenges: The case for small healthcare providers. International Journal of Healthcare Management, 10(2), 135-146.
Downer, K., & Bhattacharya, M. (2015, December). BYOD security: A new business challenge. In 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity) (pp. 1128-1133). IEEE.
Yoon, S., & Kim, J. (2017). Remote security management server for IoT devices. 2017 International Conference on Information and Communication Technology Convergence (ICTC). doi:10.1109/ictc.2017.8190885