Risk assessment involves determining the exposure of organizational operations to threats that can interfere with the normal functions and missions of the organization through information systems. The risk assessment process consists of a measure of how well the IT system is working and the likelihood of a risk occurring that can cause adverse effects. Risk assessment involves qualitative and quantitative approaches that identify various risk factors that threaten the organization's IT system. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay Identify threats and various loopholes that can be used to penetrate your organization's data systems by unauthorized participants. These include the time domain, the target domain, the resource domain, and the attacker's attack method domain. Identification of existing vulnerabilities/weaknesses such as lack of effective risk management strategies, poor communication within the agency, organizational architecture misalignment, and poor architecture decisions (National Institute of Standards and Technology – NIST, 2012). Designing a response plan is important to protect your organization's compromised IT system. It involves identifying, evaluating and deciding on the most appropriate course of action to take to mitigate the adverse effects of the risk. They require a combination of Level 1, Level 2, and Level 3 activities such as risk avoidance, managing risk through data security, and sharing risk information with potential risk controllers (NIST, 2011). Information security uses a top-down approach because various aspects such as information access rights are taken into account. Normally, the culture of rights and powers in the organization follows the same pattern from top to bottom. For this reason, the mandates and responsibilities of elders are greater at the top of the hierarchy than at the bottom of the ladder. The need to have high confidence in organizational information is at the senior level rather than junior staff. Therefore, the authority to give direction and maintain trust is more concentrated with greater impact at the top, which results in greater effectiveness in using the top-bottom approach compared to a bottom-top approach. Senior management influences risk assessment and response plans by providing guidance on appropriate risk management decisions. The process involves various stages of risk detection through the identification of weaknesses in the organizational information system. Senior management provides both tactical measures to respond to risks, such as applying patches to identify vulnerabilities, and strategic measures to address threats. Management is responsible for identifying the organizational elements responsible for responding to risks and the measures to be taken. They offer a timeline for implementing risk measures and response, as well as identifying risk monitoring triggers (NIST, 2011). Management governs by monitoring compliance of risk control measures, ensuring the effectiveness of established measures and monitoring any changes that may be necessary for implementation. Please note: this is just an example. Get a custom paper from our expert writers now. Get a Custom Essay Designing IT Implementation Plans.