rephrase this. i need a professional

Mar 1st, 2015
Price: $10 USD

Question description

Architectural Risk Analysis (ARA) is a key component of Risk Management Framework (RMF). One of the reasons is because 50% of security problems come from design flaws, which can be mitigated to a reasonable degree through a solid ARA, among other things. It is a process whereby you start at more of 10,000 foot view. An example given in the book pgs 151/152 was a financial application that ran a firm of 100 employees, yet only one person in the entire organization knew how it really worked. To mitigate risk, a forest-level view and relevant documentation was created to begin the ARA, before drilling down and prioritizing other risks.

There are three main steps (sub-processes) in the ARA:

1) Attack resistence analysis: using information of known attacks, patterns, vulernabilities based on similar systems and black-hat capabilities know today; how will the system fare given this knowledge?

2) Ambiguity analysis: trying to find new risks (typically 2 analysis with lots of experience); they will do their own analysis activities in parallel and then come back together to compare and decide what their finaly analysis and recommendations are for risks/concerns/gaps, together

3) Weakness analysis: are there any external software dependencies; what about outside code, middleware, distributed systems/code, etc.? This process looks for the weakest links based on these external linkages with off-the-shelf software, frameworks, network topologies, physical environments housing systems, etc.; this is difficult and considered "weakness" because some of this will be somewhat outside your control for security and risk management, but should still be known and documented and the business should still be advised on known weaknesses.

Having a solid ARA process regularly in place as part of your RMF and SDLC will mitigate overall risk in your projects, saving the company time and money. There should be fewer security breaches. You will be fostering very good documentation. You will have good summaries (forest-level) of your risks that can more easily be consumed by non-technical people.

Tutor Answer

(Top Tutor) Daniel C.
School: UT Austin

Studypool has helped 1,244,100 students

Review from our student for this Answer

Mar 8th, 2015
"Thank you, Thank you, for top quality work, this is your guy!!"
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1830 tutors are online

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors