Introduction Risk assessment is the process of inspecting the things at the work place that may cause harm to those around them. The main objective of carrying out the inspection is to assess whether the concerned individual has taken the necessary safety measures or need to take more measures to prevent the occurrence of the harm. A risk is the impact of uncertainty on both positive and negative objectives. It is unexpected result form the set aims that may cause undesired results. Workers, students living together and family members have the right to be safeguarded from any harm that may result due to failure of taking the necessary risk control measures.
Occurrence of accidents and health problems caused by risk potential materials can mess up lives, properties and businesses. It is therefore a legal requirement for one to assess the potential risks at the work place so that the necessary risk control measures can be put in place (Kemshall & Pritchard, 1996). On the other hand, risk management is the identification, assessment and orderly arrangement of risks, and the use of economical resources to reduce, observe and control the likeliness of the occurrence of the undesired effects, or to increase the recognition of opportunities for risk occurrence. Methods of risk assessmentThe value of the identified potential risk is done quantitatively or qualitatively.
Quantitative risk assessment is where the single loss expectancy of an asset is calculated (SLE). This is the value of loss that can occur following one security incident. Another value that is calculated is the annualized rate of occurrence of the risk to a certain asset. This is an estimate data to consider the chances of the threat to succeed in exploiting a susceptibility of the asset.
From the data obtained from the two values, annualized loss expectancy is calculated. This is the calculation of a single loss expectancy, times the annualized rate occurrence. In other words, it is the value that an organization may lose on an asset following the occurrence of the risks, threats on the asset and its vulnerability. This helps in justification of the financial costs of implementing safety measures to protect the asset from the risk.
Quantitative risk assessment therefore entails the assessment of those variables that can be measured. Qualitative risk assessment is the method of calculating relative value. This is done by use of questionnaires and mutual workshops consisting of people from various groups in organizations such as business asset owners and users, information technology managers and member of staff, information security experts among others. The questionnaires that are used are collect information concerning threats, vulnerabilities and the control measures. Threats are the things that are likely to go wrong or attack the organization system for example fraud or fire.
Vulnerability is determined by the things that make an organization more prone to threats or things that may make the threat to have serious impacts. For example presence of flammable materials where there is a risk of fire. Controls are the prevention measures that reduce the chances of occurrence of attacks by the threats, reduce the vulnerability, and reduce the impact of the attack to the asset. When the security experts hold the workshops, they also come up with other control measures that may curb the chances of risk occurrences and also approximate the costs that may be incurred incase the threat occurs (Newman & Strojan 1998).