Sci/275 Week 3 Risk Analysis Paper

Upon determining what should be in the intranet, what risk is the organization willing to tolerate should be tackled. An assessment of the privacy controls and security controls can be determined by using NIST Special Publication 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations, Building Effective Assessment Plans as a guide along with NIST Special Publication 800-30, Rev-1, Guide for Conducting Risk Assessments (NIST SP 30-1, 800-53A). To truly understand this publication is prohibitive to fully explain; however, this step is critical and will impact your intranet dramatically. To simplify: you cannot always have the risk metric you desired because by doing so would make your system so slow and unusable you could not accomplish much. A balanced tradeoff keeping in mind your most sensitive resources will help to find a good balance. …show more content…
It is true that the total dollars and cents costs are very important, but so is the talent pool that is increasingly becoming hard to find that is limited by many factors such as few skilled workers with experience and the high cost of living in areas that have the most jobs. Costs that shall be considered include items like the location(s) of the intranet. For example, does the intranet span two buildings, is it in an older structure with concrete walls, or small area but in the middle of a high traffic area. Take the intranet that has two buildings which has an outside space between them. If fiber optic cable ran between the buildings, special attentions should be taken to house the cable in some material that could not easily be penetrated, not easily dug up, and material(s) that could cover the cable in grassy area between the