Security Risk Assessment

Anonymous
timer Asked: May 10th, 2017
account_balance_wallet $19.99

Question Description

You are a senior information technology analyst at your company, or at a company you are familiar with. You have been charged with the task of developing a detailed risk assessment methodology. For this assignment, you should submit a report in which you discuss various risk assessments methodologies, then adopt a methodology and strongly justify your selection.

Your well-written paper should meet the following requirements:

  • Be 3-4 pages in length, not including the title and reference pages.
  • Include two external references in addition to the textbook. The Saudi Digital Library is a good source for resources.
  • Your paper must follow APA style guidelines, citing references as appropriate.

Unformatted Attachment Preview

Running head: 1 Module 11: IT Security Controls, Plans, and Procedures Risk Assessment (100 points) You are a senior information technology analyst at your company, or at a company you are familiar with. You have been charged with the task of developing a detailed risk assessment methodology. For this assignment, you should submit a report in which you discuss various risk assessments methodologies, then adopt a methodology and strongly justify your selection. Your well-written paper should meet the following requirements: • • • Be 3-4 pages in length, not including the title and reference pages. Include two external references in addition to the textbook. The Saudi Digital Library is a good source for resources. Your paper must follow APA style guidelines, citing references as appropriate. Below the nots and requirement we have to meet. Risk assessment methodology. Chapter 14 & 15 mostly have all the answers have a look there to them please. Please read carefully the below notes highlighted with green color, and make sure you give an answers with full details for each one of them I received from the professor. Find appropriate place for each question and note. -The question is; what can they do to mitigate risk? Consider outsourcing and having another company take the risks. -Insuring against the risk, just like we purchase car, home and health insurance. -Risk cannot be avoided. The company wants to understand all the possible risks and categorize them, so they can be mitigated. -Sometimes we get a group together and have posits and ask the question: “what if”. This helps us to think outside the box and look at risks that we did not initially consider. -The company can look at best practices like NIST. -Consider what you can do with risk: Assume the risk, avoid it, mitigate and/or transfer it. -Even the lowest risk can be exploited by hackers. All the risks should be addressed and mitigated. Please follow the headlines below if you see it’s a good or you can make better one. Support all your answers from the 4 below standards with details. Risk Assessment Methodologies 2 Give a good Introduction about the 4 below Standards, and provide more details about "Risk Assessment" in the other section in the CT. 1-National Institute of Standards and Technology (NIST) 2-Facilitated Risk Assessment Process (FRAP) 3-ISO/IEC Standards 4-Operationally, Critical, Threat, Asset and Vulnerability Evaluation (OCTAVE) Identification of Threats/Risks/Vulnerabilities: 1- Analyzing System Threats Support the answers from the 4 above standards Risk = (Probability that threat occurs) * (Cost to organization) • • • • Natural Threats: Human Threats: Environmental and Physical Threats: Evaluate Risks: How to treat the risk if accrue Risk Treatment: Give introduction o Risk acceptance: o Risk avoidance: o Risk transfer: o Reduce consequence: o Reduce likelihood: 2- Analyze Existing Controls • Table 14.2 Risk Likelihood in the Book • • • Management Controls Operational Controls Technical Controls REFERENCES Please add 3 modern REFERENCES which is after 2014-2016 3 And 3 REFERENCES 2005-2010 ...
Purchase answer to see full attachment

Tutor Answer

Robert__F
School: Carnegie Mellon University

Good luck in your study and if you need any further help in your assignments, please let me know Can you please confirm if you have received the work? Once again, thanks for allowing me to help you R

Running head: RISK ASSESSMENT METHODOLOGIES
Topic: Risk Assessment Methodologies
Student name:
Instructor name:
Instructor name:
Course name:
Date:

Risk Assessment Methodologies

2
Contents

Introduction .................................................................................................................................................. 3
Risk management.......................................................................................................................................... 3
National Institute of Standards and Technology (NIST)................................................................................ 3
Facilitated Risk Assessment Process (FRAP) ................................................................................................. 4
ISO/IEC Standards ......................................................................................................................................... 5
Operationally, Critical, Threat, Asset and Vulnerability Evaluation (OCTAVE) ............................................. 5
Selection of risk methodology approach ...................................................................................................... 6
Conclusion ..................................................................................................................................................... 6
References: ................................................................................................................................................... 7

Risk Assessment Methodologies

3

Introduction
There exist different companies across the world. the development of technology has
made it possible for the different companies to thrive and improve their daily operations that they
undertake on their daily basis. However, there has been a rise of a new threat that has faced the
existing companies that have embraced the use of different computer systems within their
different application areas. This has been characterized by the different security flaws that have
been brought about by the rise of a new era and a new generation of elite group of people who
have made significant steps in conducting the different researches on different security areas of
the given computer systems ensuring that they have gotten the security flaws thus exploiting
them for their different personal usage.

Risk management
Risk management involves the processes geared towards the assessment, mitigation and
monitoring the risks that occur in an organization. The risk assessment involves the
development of an assessment base, determination of the apparent risks and treatment of the
apparent risks that occur. The report dwells on the risks management methodologies because
they are the ones that a firm can utilize when protecting its data and database against attackers.
The attackers use the slightest vulnerabilities; therefore, it’s the role of a company to use
methodologies that yield results for the company.

National Institute of Standards and Technology (NIST)
Kouns, and Minoli, (2011) argued that the NIST is an assessment methodology offered
by the Federal government of America aimed at protecting firms against potential information
technology risk. According to Boltz, (2014) the NIST approach relies on the technologically
advanced security analyst’s ability to collaborate with various personnel to implement the

Risk Assessment Methodologies

4

security of a given activity. For instance the analyst can deal with the network and computer
owners and their expert teams. The analysts engage with the information technology managers,
making sure that the system gets maintained.
According to Boltz, (2014) the NIST methodology ensures a comprehensive and
extensive implementation when dealing with the security issues. The NIST can for example spot
and eliminate possible security threats to the system. The NIST methodology ensures that the
security evaluation gets implemented by the experts check the system for security breaches and
assesses the security level which the company requires, o...

flag Report DMCA
Review

Anonymous
Thank you! Reasonably priced given the quality not just of the tutors but the moderators too. They were helpful and accommodating given my needs.

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors