June 30, 2022

After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss.? After you define each term identify their role within an orga

After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss. After you define each term identify their role within an organizations secuirty posture. The initial post must be completed by Thursday at 11:59 eastern. You are also required to post a response to a minimum of two other student in the class by the end of the week. You must use at least one scholarly resource. Every discussion posting must be properly APA formatted.

500 words, APA format

PFA Chp 1

risk3e_ppt_ch01.pptx

CHAPTER 1

Risk Management Fundamentals

Learning Objective(s) and Key Concepts

Describe the components of and approaches to effective risk management in an organization.

Risk and its relationship to threat, vulnerability, and asset loss

Classifying business risk in relation to the seven domains of a typical IT infrastructure

Risk identification techniques

Risk management process

Strategies for handling risk

Learning Objective(s)

Key Concepts

What Is Risk?

Risk: The likelihood that a loss will occur; losses occur when a threat exposes a vulnerability that could harm an asset

Threat: Any activity that represents a possible danger

Vulnerability: A weakness

Asset: A thing of value worth protecting

Loss: A loss results in a compromise to business functions or assets.

Tangible

Intangible

Risk-Related Concerns for Business

Compromise of business functions

Compromise of business assets

Driver of business costs

Profitability versus survivability

Threats, Vulnerabilities, Assets, and Impact

Threats can be thought of as attempts to exploit vulnerabilities that result in the loss of confidentiality, integrity, or availability of a business asset:

Confidentiality: Preventing unauthorized disclosure of information

Integrity: Ensuring data or an IT system is not modified or destroyed

Availability: Ensuring data and services are available when needed

Vulnerabilities

A vulnerability is a weakness

A loss to an asset occurs only when an attacker is able to exploit the vulnerability

Vulnerabilities may exist because they’ve never been corrected

Vulnerabilities can also exist if security is weakened either intentionally or unintentionally

Assets

Tangible value is the actual cost of the asset:

Computer systems—Servers, desktop PCs, and mobile computers

Network components—Routers, switches, firewalls, and any other components necessary to keep the network running

Software applications—Any application that can be installed on a computer system

Data—Includes large-scale databases and the data used and manipulated by each employee or customer

The intangible value cannot be measured by cost, such as client confidence or company reputation:

Future lost revenue—Any purchases customers make with another company are a loss to the company

Cost of gaining the customer—If a company loses a customer, the company’s investment is lost

Customer influence—Customers commonly share their experience with others, especially if the experience is exceptionally positive or negative

Reputation—One customer’s bad experience could potentially influence other current or potential customers to avoid future business transactions

Impact

Very High

Indicates multiple severe or catastrophic adverse effects

High

Indicates a severe or catastrophic adverse effect

Moderate

Indicates a negligible adverse effect

Low

Very Low

Indicates a serious adverse effect

Indicates a limited adverse effect

Classify Business Risks

Risks posed by people:

Leaders and managers

System administrators

Developer

End user

Risks posed by a lack of process:

Policies

Standards

Guidelines

Risks posed by technology:

User Domain

Workstation Domain

LAN Domain

LAN-to-WAN Domain

WAN Domain

Remote Access Domain

System/Application Domain

Classify Business Risks (Cont.)

Seven Domains of a Typical IT Infrastructure

Risk Identification Techniques

Identify threats

Identify vulnerabilities

Estimate impact and likelihood of a threat exploiting a vulnerability

Identifying Threats and Vulnerabilities

Component	Type or Source
Threats	External or internal Natural or man-made Intentional or accidental
Vulnerabilities	Audits Certification/accreditation records System logs Prior events Trouble reports Incident response teams

Balancing Risk and Cost

Consider the cost to implement a control and the cost of not implementing the control

Spending money to manage a risk rarely adds profit; important point is that spending money on risk management can help ensure a business’s survivability

Cost to manage a risk must be balanced against the impact value

Reasonableness: “Would a reasonable person be expected to manage this risk?”

Balancing Risk and Cost (Cont.)

	Low Impact (0%—10%)	Medium Impact (11%—50%)	High Impact (51%—100%)
High-threat likelihood—100% (1.0)	10 × 1 = 10	50 × 1 = 50	100 × 1 = 100
Medium-threat likelihood—50% (.50)	10 × .50 = 5	50 × .50 = 25	100 × .50 = 50
Low-threat likelihood—10% (.10)	10 × .10 = 1	50 × .10 = 5	100 × .10 = 10

A threat-likelihood-impact matrix.

Risk Management Process

Risk Management

Risk: Probability of loss

Vulnerability: System weakness

Threat: Potential harm

Risk Management Process (Cont.)

Assess risks

Identify risks to manage

Select controls

Implement and test controls

Evaluate controls

Cost-Benefit Analysis

Principle of Proportionality

Cost-benefit analysis (CBA)

Cost of control

Projected benefits

The amount spent on controls should be proportional to the risk

Helps determine which controls, or countermeasures, to implement

Profitability Versus Survivability

Out-of-pocket costs

Lost opportunity costs

Future costs

Client and stakeholder confidence

Total cost of security

Risk-Handling Strategies

Various Techniques of Risk Management

Avoiding

Sharing or transferring

Mitigating

Accepting

Residual Risk

Summary

Risk and its relationship to threat, vulnerability, and asset loss

Classifying business risk in relation to the seven domains of a typical IT infrastructure

Risk identification techniques

Risk management process

Strategies for handling risk

10/8/2020

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.

After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss.? After you define each term identify their role within an orga

Related Posts

Compare and contrast predictive SDLC and adaptive SDLC. What are at least two advantages and two disadvantages of each approach? Explain why.

Write a review of the four major cloud service providers, identifying the key services of each. After the completion of the review, discuss the security str

With Lulubox Pro APK, users can access premium game features for free. More than 500 million gamers are connected to the service. https://thelulubox