rephrase this. i need a professional

Mar 1st, 2015
Anonymous
Category:
Art Design
Price: $10 USD

Question description

Architectural Risk Analysis (ARA) is a key component of Risk Management Framework (RMF). One of the reasons is because 50% of security problems come from design flaws, which can be mitigated to a reasonable degree through a solid ARA, among other things. It is a process whereby you start at more of 10,000 foot view. An example given in the book pgs 151/152 was a financial application that ran a firm of 100 employees, yet only one person in the entire organization knew how it really worked. To mitigate risk, a forest-level view and relevant documentation was created to begin the ARA, before drilling down and prioritizing other risks.

There are three main steps (sub-processes) in the ARA:

1) Attack resistence analysis: using information of known attacks, patterns, vulernabilities based on similar systems and black-hat capabilities know today; how will the system fare given this knowledge?

2) Ambiguity analysis: trying to find new risks (typically 2 analysis with lots of experience); they will do their own analysis activities in parallel and then come back together to compare and decide what their finaly analysis and recommendations are for risks/concerns/gaps, together

3) Weakness analysis: are there any external software dependencies; what about outside code, middleware, distributed systems/code, etc.? This process looks for the weakest links based on these external linkages with off-the-shelf software, frameworks, network topologies, physical environments housing systems, etc.; this is difficult and considered "weakness" because some of this will be somewhat outside your control for security and risk management, but should still be known and documented and the business should still be advised on known weaknesses.

Having a solid ARA process regularly in place as part of your RMF and SDLC will mitigate overall risk in your projects, saving the company time and money. There should be fewer security breaches. You will be fostering very good documentation. You will have good summaries (forest-level) of your risks that can more easily be consumed by non-technical people.


Tutor Answer

(Top Tutor) Studypool Tutor
School: New York University
PREMIUM TUTOR

Studypool has helped 1,244,100 students

Review from student
Studypool Student
" Outstanding Job!!!! "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1831 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors