Vulnerabilities And Threats

Great Essays
C Analyze risks
Identifying the mechanism that deal with the recognized risks and measure their strength. Based on this assessment, considering the risks in terms of possibility and significance, and the present risk level.
Risk analysis is the procedure of defining and analyzing the threats to personals, organization and government agencies posed by potential natural or human-caused adverse events. A risk analysis aids to integrate security program with the company 's goals and requirements. It also helps the company to assign a suitable budget for an effective security program and its components. After a company recognizes the significance of assets and the likely threats to be exposed, it can make good decisions on the amount of effort
…show more content…
An important question is the cost, which company might have to pay if not protecting the asset.
Identify vulnerabilities and threats
Once the assets have been known and their values allocated, all the possible vulnerabilities and threats has to be identified for each of them. The security team should identify the vulnerabilities which could affect confidentiality integrity, or availability requirements. All the obtained information need to be documented so that the required countermeasures can be applied.
As there might be a large number of vulnerabilities and associated threats that could disturb the assets, it is also important to be properly categorize them. The main objective is to find out which vulnerabilities and threats might cause the maximum damage so that the critical items can be taken care on the priority basis.
Measuring the possibility and impact of the potential threats on the business
To evaluate possible losses caused by threats, the following questions need to be
…show more content…
The goal of this step is to identify a list of system weakness, by using security test of system, audit comments and security requirements that could be exploited. These weaknesses generate the threat/vulnerability pair.
Control Analysis
For every threat/vulnerability pairs, identify all the possible existing and planned controls to decrease the risk of the threat to exploit vulnerability. Security controls involve the use of technical and non-technical approaches. Technical controls are protection that are combined with computer hardware, software, and firmware. In the other hand Non-technical controls are administrative and operational controls, for instance operation procedure, security policies and environmental security.
Likelihood:
Likelihood specifies the chance that a possible vulnerability may be exercised within the construct of associated threat environment, which may be very likely, probable, and improbable.
Impact

Related Documents

  • Superior Essays

    It will also analyze the change control process and identification needed for security for the specific business fields. Process to identify security needs and how it effects the foundation of the policy How can you possibly protect your IT infrastructure if you have no idea what you are protecting it against? That’s why it is important to identify the security needs and/or vulnerabilities thoroughly with a basic risk assessment. So a risk assessment is the process that should be completed first and it will help to identify the security needs. During this process you will be faced with some basic questions that will help to identify your security needs.…

    • 1045 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    Risk Assessment Answers

    • 708 Words
    • 3 Pages

    Answer 1 Risk assessments is a process where you distinguish risks. Investigate or assess the risk connected with that danger. Decide fitting approaches to dispose of or control the risk. In layman terms, a risk assessment is an in-depth look at your work environment to recognize those things, circumstances, forms, and so forth that may cause any particular harm, especially to individuals. After recognizable proof is made, you assess how likely and serious the risk is, and after that choose what measures ought to be set up to adequately keep or control the problem from happening.…

    • 708 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Risk management is the process of identifying the risk, represented in vulnerabilities and threats, to an organization’s information assets, and taking necessary steps in order to reduce the risk to an acceptable level. Risk is the possibility that something bad will happen to the organization’s information asset. To be more specific, risk is the likelihood of the vulnerability to be exploited multiplied by the value of the asset, after security controls were applied to mitigate it. Vulnerability is the weakness that allows exploitation in order to harm organization’s information asset. Threat is anything with potential to harm the organization’s information asset.…

    • 980 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    My main goal is to conduct a CIA Triad (Confidentiality, Integrity, and Availability) to the information system by providing and ensuring this is practiced by my employees. But before being able to manage these goals I would have to look deep into the company vulnerabilities and reduce any possible risk to an acceptable level. There are several decisions I can make upon the risk findings discover such as Risk Mitigation. In this process patches may be install to help reduce the risk or fix the problem that originated. With the standards, regulations, and policies implemented a guidebook will be form that will show the guidance to take if certain threats arise that can harm the company.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Before a security manager can “sell” a strategy, the manager must first have a keen awareness of what the organization does and how security fits into it. The security manager must fully understand the organizational mission and what processes within the organization are needed to accomplish the mission. The security manager must be able to identify organizational assets, liabilities and threats. The vulnerability of system processes are identified and rated on a scale as to likelihood. Conducting a proper risk assessment which focuses efforts on the greatest hazards will help mitigate the confrontation of risks which threatens an organization’s survival.…

    • 811 Words
    • 4 Pages
    Improved Essays
  • Decent Essays

    M1 Unit 3 Risk Analysis

    • 1198 Words
    • 5 Pages

    The first step is to establish system and security goals which will identify the system’s goals, security risks, and requirements. This step will perform a risk assessment and use it to produce a list of security requirements. The second step is to select security controls which is to recognize existing controls and additional ones required and construct the system containing the controls. The third step is to validate the information system, so that the controls work as required, approve the system for operation, and deploy it. Finally, the fourth step is to monitor security controls to watch for security incidents and address them and review the environment for any changes that affect security.…

    • 1198 Words
    • 5 Pages
    Decent Essays
  • Improved Essays

    The plans should be detailed enough to provide a comprehensive defense against an attack. Incident managers should be well versed with the emergency protocols such as coordination, information sharing and backup procedures that are necessary under such circumstances. These principles provide security strategists the necessary guidelines to implement an effective security apparatus. With data security becoming one of the top concerns for organizations that handle sensitive customer information, it is important that security analysts look at the holistic picture of the security landscape rather than having a narrow scoped approach to protect and improvise their security…

    • 810 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    Unless application security is an endeavor need, the disregard will probably prompt vulnerabilities. Notoriety is irreplaceable – officials may comprehend the most significant of all-encompassing application security yet think that it’s difficult to legitimize the expense. Furthermore, if unyielding organization will play with danger reward element of cutting expenses in application security, then it merits considering that those, are entirely immediate effects estimations; the long haul notoriety harm connected with basic security ruptures can regularly inflatable and lead to immaterial expenses or loss of…

    • 1555 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    Risk Management Plan

    • 1084 Words
    • 4 Pages

    Plan risk management: This talks about how to approach risk management activities and plan for them in the project. The main output of plan risk management is risk management plan. Risk management plan documents the procedures for managing risks throughout the project. The project team usually reviews documents such as corporate risk management policies, risk categories, lessons-learned reports, and templates for creating risk management plan. Also, it is important to review risk tolerances of stakeholders.…

    • 1084 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    First off, to identify events or risks that are the project is prone to. This could be as result of an operational risk, procedural risk or technical risk. Second is to transfer the risks to external stakeholders where necessary. For instance where one identifies supply chain issues as the potential risks, they should think towards transferring that risk to a firm procurement. The next step is to arrange the risks in a systematic manner in order to prioritize them.…

    • 1400 Words
    • 6 Pages
    Great Essays