Vulnerabilities And Threats

Great Essays
C Analyze risks
Identifying the mechanism that deal with the recognized risks and measure their strength. Based on this assessment, considering the risks in terms of possibility and significance, and the present risk level.
Risk analysis is the procedure of defining and analyzing the threats to personals, organization and government agencies posed by potential natural or human-caused adverse events. A risk analysis aids to integrate security program with the company 's goals and requirements. It also helps the company to assign a suitable budget for an effective security program and its components. After a company recognizes the significance of assets and the likely threats to be exposed, it can make good decisions on the amount of effort
…show more content…
An important question is the cost, which company might have to pay if not protecting the asset.
Identify vulnerabilities and threats
Once the assets have been known and their values allocated, all the possible vulnerabilities and threats has to be identified for each of them. The security team should identify the vulnerabilities which could affect confidentiality integrity, or availability requirements. All the obtained information need to be documented so that the required countermeasures can be applied.
As there might be a large number of vulnerabilities and associated threats that could disturb the assets, it is also important to be properly categorize them. The main objective is to find out which vulnerabilities and threats might cause the maximum damage so that the critical items can be taken care on the priority basis.
Measuring the possibility and impact of the potential threats on the business
To evaluate possible losses caused by threats, the following questions need to be
…show more content…
The goal of this step is to identify a list of system weakness, by using security test of system, audit comments and security requirements that could be exploited. These weaknesses generate the threat/vulnerability pair.
Control Analysis
For every threat/vulnerability pairs, identify all the possible existing and planned controls to decrease the risk of the threat to exploit vulnerability. Security controls involve the use of technical and non-technical approaches. Technical controls are protection that are combined with computer hardware, software, and firmware. In the other hand Non-technical controls are administrative and operational controls, for instance operation procedure, security policies and environmental security.
Likelihood:
Likelihood specifies the chance that a possible vulnerability may be exercised within the construct of associated threat environment, which may be very likely, probable, and improbable.
Impact

Related Documents

  • Great Essays

    Strategic Financial Plan Team B FIN/486 September 30th, 2014 Daniel Konzen Strategic Financial Plan The Huffman Trucking Corps strategic planning is the reason why they have been in business since 1936. The financial portion of the strategic plan is crucial for the company’s continued growth and existence. The statements will be from the last 3 years consisting of income statements, balance sheets, and cash flow statements. All three statements will explain major assumptions and identifies areas of risk.…

    • 1313 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    Hazard Identification Nvq

    • 299 Words
    • 2 Pages

    First is hazard identification. This is the process of examining each work area and work task for the purpose of identifying all the hazards which are “inherent in the job”. Work areas include but are not limited to machine workshops, laboratories, office areas, agricultural and horticultural environments, stores and transport, maintenance and grounds. Second is risk identification, once a hazard to health and safety has been identified, the risk associated with that hazard must be examined. As a prelude to Risk Assessment, it is useful to identify factors that may be contributing to the risk.…

    • 299 Words
    • 2 Pages
    Improved Essays
  • Improved Essays

    IT security threats and cryptography 7/A. P1: Explain the different security threats that can affect the IT systems of originations. 7/A.M1: Assess the impact that IT security threats can have on organization's IT systems and business whilst taking account of the principles of information security and legal requirements In today's society data is a very valuable thing companies have to take in to account how to protect that data from the threats, Threats is a way in which the data is vulnerable and therefore rules and regulations have been put in place to stop these potential threats for example all will have adhere to the principles of information security this is a way in which data is protected, I have been working for a start-up company…

    • 1332 Words
    • 6 Pages
    Improved Essays
  • Superior Essays

    Kroger's Risk Analysis

    • 1142 Words
    • 5 Pages

    The first task in the Risk Management Process is risk identification, which must be accomplished to determine what if any risk levels exist and the controls needed to mitigate potential damages (Fraser & Simkins, 2010). Risk Identification can be achieved using several tools or application checklists to identify and describe exposures, which are: Risk Analysis Questionnaire, Financial Statement Method, Flowchart Method, On-site Inspections, and Environmental Scanning (Bethel, 2016). Additionally, there are measurement tools, such as Key Risk Indicators, which indicates whether the risk exists or is emerging (Fraser & Simkins, 2010). So, why is risk analysis important?…

    • 1142 Words
    • 5 Pages
    Superior Essays
  • Improved Essays

    Quantitative Risk Analysis

    • 1299 Words
    • 5 Pages

    Quantitative risk analysis is the one which follows the Qualitative analysis, and gives a numerical priority rating to project risks (PMI, 2009). Based on the PMBOK (PMI, 2013) quantitative risk analysis “… is the process of numerically analyzing the effect of identified risks on overall project objectives (p. 333).” This is also a process for the PM and project team to get risk data to support making decisions, which can help to reduce project uncertainties (PMI, 2013, p. 333). Based on the prior researchers’ statement, the Quantitative Risk Analysis is more complicate and even the most difficult part within risk management since it requires statistical and mathematical methods to be operated (Purnus & Bodea, 2013, p. 145). Inputs of this…

    • 1299 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Risk Assessment Definition

    • 1802 Words
    • 8 Pages

    Introduction Risk is everywhere. Risk assessment is everywhere. Think about almost everything you do today, you are thinking a million miles a minute in your brain about the risk. Your thinking, “is this safe? How safe is this?…

    • 1802 Words
    • 8 Pages
    Improved Essays
  • Improved Essays

    General Liability Policy

    • 846 Words
    • 4 Pages

    The team needs to have a realistic risk analysis that weighs the probability the event will occur against the potential severity the risk could have. Risk Categories: Time, Value, Event, Threshold Respond to Risks - A) mitigate the risk by lowering the impact or probability B) transfer the risk to another party C) avoid the risk entirely and do not take on the project Monitor Risks - a continuous activity necessary to track the state of identified risks and making sure appropriate risk response plans are being…

    • 846 Words
    • 4 Pages
    Improved Essays
  • Brilliant Essays

    (2006, February). Special Publication 800-18 REV 1: Guide For Developing Security Plans For Information Technology Systems. Retrieved October 30, 2015 from http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf NIST - National Institute of Standards and Technology. (2012, September). Special Publication 800-30 REV 1: Guide for Conducting Risk Assessments.…

    • 1450 Words
    • 6 Pages
    Brilliant Essays
  • Improved Essays

    Understanding how important information security is to the business world today this issue must be addressed. While this may appear to be like David vs Goliath there are always measures that can be done to make informational assets of the organization as safe as possible. One such measure is to understand the value of information security. That means everyone within the organization has a firm understanding that informational assets are the bloodline of the future of the organization. The second…

    • 967 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    The Homeland Security Vision is: “A homeland that is safe, secure, and resilient against terrorism and other hazards, where American interests, aspirations, and way of life can thrive.” To ensure this vision is met there are five missions that have been updated as per the last quadrennial review: prevent terrorism and enhance security, secure and manage our borders, enforce and administer our immigration laws, safeguard and secure cyberspace; and strengthen national preparedness and resilience (DHS 2014, 14). The relationship between risk, threat and consequence is one with very fine lines and a very critical necessity for stern and sound decision making. Risk is a factor which includes the potential impacts, both negative and…

    • 416 Words
    • 2 Pages
    Improved Essays
  • Improved Essays

    In unit 3, Kroger’s risk was identified to determine what, if any risk levels existed and the controls needed to mitigate potential damages. Risk Identification can be achieved using several tools or application checklists to identify and describe exposures, which are: Risk Analysis Questionnaire, Financial Statement Method, Flowchart Method, On-site Inspections, and Environmental Scanning (Fraser & Simkins, 2010). Additionally, Key Risk Indicators, which indicates whether the risk exists or is emerging and the consequences can vary from minor to catastrophic (Bethel, 2016). Ultimately, the risk analysis process helps identify and manage potential problems or focus on key business initiatives (Manktelow, 2007).…

    • 464 Words
    • 2 Pages
    Improved Essays
  • Decent Essays

    First, it is important to understand that through the application of some of the NIST security control mechanisms, the threat in the case can be substantially minimized. Some of the main approaches and methods that may be used towards minimizing the threat described include enhanced security awareness and training of the users of the system, access control into the system under consideration, frequent system maintenance and upgrades, occasional audits into the system, protection of the system from non-secured program codes, application of intrusion detection systems to detect any form of intrusions into the system and the protection of the system from spywares and spam. 14.5 The first and perhaps the most important value of the threat is that…

    • 252 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    Hsc300 Case Study

    • 483 Words
    • 2 Pages

    ID Risk / description Category Probability (1-5) Impact (1-5) Risk Factor (P*I) /Rank Potential Responses Owner Trigger R1 Too many patients may use the application, causing performance disturbance. As of now it holds good for 200 patients.(Unsustainable User growth) Technical 4 3 12/3 M-…

    • 483 Words
    • 2 Pages
    Improved Essays
  • Improved Essays

    Identifying and managing risks is a critical responsibility of project managers. Risk is defined as the probability of a specified threat and the subsequent impact that the event produces (Vaidyanathan, 2013). Risks can also bring about either positive or negative outcomes for a project or organization. A project manager must identify potential risks and evaluate each one to determine the severity and likelihood of each event. Only by completing the risk management process, a project manager can determine what approach would work best to avoid, mitigate, and/or transfer the risk.…

    • 730 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    .The cardinal reasons responsible for hazardous activities as per these code of conducts are emission of inflammable or toxic fluids due to leakage problem, lost control over controlled operational processes, sudden fires or explosion on working site due to short circuits and last but not the least is damage to structure of transportation ships and carriages due to collision leads to total failure of ship or carriage. In order to support these rational facts, some incidents can be analyzed from the past that will provide a crystal clear view to the scenario (Godoy et al. 2012). In year 2009, a very strong and reputed company of India ,Indian Oil Company has its plant in south side of Jaipur where during a particular operation of transferring…

    • 1227 Words
    • 5 Pages
    Improved Essays