Risk Assessment And Risk Analysis

Good Essays
To protect my company assets from cyber threats/attacks many things must be taken into consideration because there is always a deeper internal issue in what we believe is secure. Risk assessment and risk management are both very important parts of planning to create a safe, secure work environment to protect my employees and company both on the inside and outside of the company. I would assure that my company conducts a risk assessment periodically. This helps to see what has failed in the past versus what improvements and corrective actions have been made to present day. Comparing and contrasting the effects of failures also helps to determine if the current improvement fall into the same category. When checking for vulnerabilities in Information …show more content…
My main goal is to conduct a CIA Triad (Confidentiality, Integrity, and Availability) to the information system by providing and ensuring this is practiced by my employees. But before being able to manage these goals I would have to look deep into the company vulnerabilities and reduce any possible risk to an acceptable level. There are several decisions I can make upon the risk findings discover such as Risk Mitigation. In this process patches may be install to help reduce the risk or fix the problem that originated. With the standards, regulations, and policies implemented a guidebook will be form that will show the guidance to take if certain threats arise that can harm the company. It will also show what is expected of the employees, their rights and the consequences that follow. But in order for me to do this I will provide training to my employees so they are aware and have a better visual of what the company is about and the expectations. Another important thing is assigning roles and responsibilities for the employees, and what each department is expected to conduct in order to keep asset and information …show more content…
I will pass policies that show employees how to construct strong passwords to log in to the system such as P0c0nt@s2132, in which shows not only letters but upper case, symbols, and numbers. As well as, a secret question and password must be provided to provide reassurance that the person logging in is who they say they are. Next would be to have the right and updated anti-virus and malware protections. This will help detect threats that enter the system. Locking your network and applying wired networks, which involves plugging into physical outlets or hacking modem ports. If a wireless network is needed disabling the SSID broadcasting to work on a wireless router for a hidden network. Another important policy would be the internet policy that involves what site are to be blocked, and only company emails are to be open for work purposes. If dealing with secret assets or information, encrypting the information attach with password will be

Related Documents

  • Decent Essays

    Cyber Attack Case Study

    • 956 Words
    • 4 Pages

    1a. Strategic planning to prevent and/or fight off cyber attacks Preventing Cyber Attack-Identifying Top Risks Strategic planning begins with the prevention or minimizing the attack to a business. Businesses are a value and because a business has value, there will always be a threat for business information, and this is what makes a business vulnerable. Businesses need to be aware of what risks are available and how that information can be protected. Once the critical business information is identified, a planned response needs to be identified as to how to protect that information.…

    • 956 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    M1 Unit 3 Risk Analysis

    • 1198 Words
    • 5 Pages

    The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advance to defend a computer system from any encounter with threats or risks. R8: The relationship between assets and boundaries in a business is that the assets are secured by the boundaries. When these boundaries have open spots to expose they are called vulnerabilities. Therefore, threat agents will try to use their attacks to reveal those assets to expose the sensitive information that they are looking for.…

    • 1198 Words
    • 5 Pages
    Decent Essays
  • Decent Essays

    Cyber Security Failure

    • 802 Words
    • 4 Pages

    The Pentagon I has seen this that with the changing times that they need to put in places masseurs that would be able to counter acts of hackers. One way that they are using to counter the hackers is a use the idea of a Forceful backup. The idea behind Forceful backups is that in order to do anything that would be deemed high value in order to access it, it must be performed by two officials. This is a great idea that we could implant in the protection of our most secure servers. By needing to high up Agents we would be able to secure and watch over the use of sensitive information…

    • 802 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    The significant step taken by most of the Organizations or firms recently is the use of ethical hacking process or techniques to evaluate the success or failure of their current security measures. Ethical hacking is usually done by the computer professionals who legally break into the computer system to report the owners about the vulnerabilities found. This paper is based on the “Ethical Hacking”, which has now become an essential part of any business organizations, which needs to deal with high level of security and severe malicious…

    • 1032 Words
    • 5 Pages
    Decent Essays
  • Decent Essays

    Internal Security Threats

    • 1296 Words
    • 6 Pages

    What this means is that the company is taking every precaution to have the right people on the job when it comes to security as well as the most up-to-date security systems available. A breach may happen, but knowing that your company has done everything to protect against an attack should allow some peace of mind. Two ways that resource allocation translates into the workplace are: 1. Adding further encryption to already secure sites. 2.…

    • 1296 Words
    • 6 Pages
    Decent Essays
  • Decent Essays

    Security Domains and Strategist Multi-Layered Security Plan An Actionable Plan A sound security plan is the first step towards a multi-layered defense. To develop a plan, the company must assess its most important assets, identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan into action. Email is a prime example. It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting email against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies.…

    • 967 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    Risk Analysis Assignment

    • 1273 Words
    • 6 Pages

    They typically take which sequence of steps? The steps involved in risk analysis are; (1) identifying any potential risks, (2) assessing the risks the risks that are found, and (3) controlling threats to an organization 's IT infrastructure in hopes of lowering or eliminating security threats. Two factor authentication is another method for attempting to block unauthorized access to a system, network, or general sensitive information. Two factor authentication requires "something you know"; a password or PIN, and "something you have"; a card, dongle, cellphone, or other piece of hardware. Finally, it is possible to reduce an attacker 's chances by keeping systems up to date with items such as security patches and system software and hardware…

    • 1273 Words
    • 6 Pages
    Decent Essays
  • Decent Essays

    Further, organizations need to have a recovery process in place to replace data that may be compromised. National policies are also needed. These should include stiffer penalties for computer crimes. In addition, there should be one site that all organizations and national officials can go to and report a security incident. These steps will help secure data moving into the…

    • 723 Words
    • 3 Pages
    Decent Essays
  • Decent Essays

    It will also analyze the change control process and identification needed for security for the specific business fields. Process to identify security needs and how it effects the foundation of the policy How can you possibly protect your IT infrastructure if you have no idea what you are protecting it against? That’s why it is important to identify the security needs and/or vulnerabilities thoroughly with a basic risk assessment. So a risk assessment is the process that should be completed first and it will help to identify the security needs. During this process you will be faced with some basic questions that will help to identify your security needs.…

    • 1045 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    Information technology experts should install antivirus software that will detect threats to the system. Supervisors should conduct network monitoring to identify areas of risk. Security officers should ensure that only people with approval access the control room. Once the management approves the mechanism of putting a firewall in place, implementation through the use of security codes and key cards for high level authorized personnel (Johnson, 2014). Workers will get training on ways of using the system and detecting threat to ensure that there is no loop hole for data manipulation.…

    • 1257 Words
    • 6 Pages
    Decent Essays