rephrase this. i need a professional

Mar 1st, 2015
HelloWorld
Category:
English
Price: $10 USD

Question description

Architectural Risk Analysis (ARA) is a key component of Risk Management Framework (RMF). One of the reasons is because 50% of security problems come from design flaws, which can be mitigated to a reasonable degree through a solid ARA, among other things. It is a process whereby you start at more of 10,000 foot view. An example given in the book pgs 151/152 was a financial application that ran a firm of 100 employees, yet only one person in the entire organization knew how it really worked. To mitigate risk, a forest-level view and relevant documentation was created to begin the ARA, before drilling down and prioritizing other risks.

There are three main steps (sub-processes) in the ARA:

1) Attack resistence analysis: using information of known attacks, patterns, vulernabilities based on similar systems and black-hat capabilities know today; how will the system fare given this knowledge?

2) Ambiguity analysis: trying to find new risks (typically 2 analysis with lots of experience); they will do their own analysis activities in parallel and then come back together to compare and decide what their finaly analysis and recommendations are for risks/concerns/gaps, together

3) Weakness analysis: are there any external software dependencies; what about outside code, middleware, distributed systems/code, etc.? This process looks for the weakest links based on these external linkages with off-the-shelf software, frameworks, network topologies, physical environments housing systems, etc.; this is difficult and considered "weakness" because some of this will be somewhat outside your control for security and risk management, but should still be known and documented and the business should still be advised on known weaknesses.

Having a solid ARA process regularly in place as part of your RMF and SDLC will mitigate overall risk in your projects, saving the company time and money. There should be fewer security breaches. You will be fostering very good documentation. You will have good summaries (forest-level) of your risks that can more easily be consumed by non-technical people.


Tutor Answer

(Top Tutor) Daniel C.
(997)
School: UT Austin
PREMIUM TUTOR

Studypool has helped 1,244,100 students

8 Reviews


Summary
Quality
Communication
On Time
Value
Five Star Tutor
Dec 4th, 2016
" Outstanding Job!!!! "
kpcutie
Nov 21st, 2016
" Excellent job "
Joemoe
Nov 12th, 2016
" <3 it, thanks for saving me time. "
Hemapathy
Nov 7th, 2016
" all I can say is wow very fast work, great work thanks "
pmallory
Oct 29th, 2016
" Totally impressed with results!! :-) "
kevin12622
Oct 16th, 2016
" Goes above and beyond expectations ! "
kiln82
Oct 7th, 2016
" awesome work thanks "
likeplum4
Sep 23rd, 2016
" Excellent work as usual "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1820 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors