M1 Unit 3 Risk Analysis

Decent Essays
R1: The three strategies people often use to make security decision are rule-based decisions, relativistic decisions, and requirements-based decisions. The first strategy rule-based decisions are made for people by external circumstances or established, widely accepted guidelines. The second strategy relativistic decisions are often use to outdo others who are faced with similar security issues. Lastly, the third strategy requirements-based decisions are based on a organized analysis of the security status.
R2: The hunter’s dilemma is when you and a few others are getting chased by angry bear through the wilderness, but you don’t have to defeat the bear. Furthermore, you just have to be harder to catch than the others. So, what this dilemma
…show more content…
The first step is to establish system and security goals which will identify the system’s goals, security risks, and requirements. This step will perform a risk assessment and use it to produce a list of security requirements. The second step is to select security controls which is to recognize existing controls and additional ones required and construct the system containing the controls. The third step is to validate the information system, so that the controls work as required, approve the system for operation, and deploy it. Finally, the fourth step is to monitor security controls to watch for security incidents and address them and review the environment for any changes that affect security.
R6: The risk management frameworks compare to continuous quality improvement because they are both ingredients for creating and preserving secure systems. The Continuous Improvement process is equivalent to the frameworks by it making a suggestion to adjust and this will enhance the result from becoming a poor one. Once we have made the change to secure the machine then we must resume with the process to manage any
…show more content…
The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advance to defend a computer system from any encounter with threats or risks.
R8: The relationship between assets and boundaries in a business is that the assets are secured by the boundaries. When these boundaries have open spots to expose they are called vulnerabilities. Therefore, threat agents will try to use their attacks to reveal those assets to expose the sensitive information that they are looking for. If we don’t want this to happen to our business, we need some sort of defense such as a countermeasure to safely protect our assets.
R9: Some typical information assets include personal computer systems and login information to those systems. Another would be banks accounts and the credentials for the accounts. Moreover, financial documents and the website that controls the

Related Documents

  • Improved Essays

    To protect my company assets from cyber threats/attacks many things must be taken into consideration because there is always a deeper internal issue in what we believe is secure. Risk assessment and risk management are both very important parts of planning to create a safe, secure work environment to protect my employees and company both on the inside and outside of the company. I would assure that my company conducts a risk assessment periodically. This helps to see what has failed in the past versus what improvements and corrective actions have been made to present day. Comparing and contrasting the effects of failures also helps to determine if the current improvement fall into the same category.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    d. Any files received either electronically sent or through removable media should be scanned for probable malicious software content. e. Electronic mail attachments and downloads should be checked for malicious software before use. The corporate email system should be protected against this and “SPAM”. f. An incident response procedures and team should be established to deal with the outbreak of this malicious software. g. User awareness and training should be periodically done to inform users of the risks associated with obtaining files and software either from non-trusted websites, or on any other medium, indicating what protective measures should be taken.…

    • 1344 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    Security Life Cycle

    • 1189 Words
    • 5 Pages

    Lastly, a security review is done, where the security measures are explained in terms of the end client’s stances and what and how the product is setup to withstand attacks in the future (Howard, 2005). The final phase is watching out for new vulnerabilities and implementing fixes patches and updates in a timely matter to alleviate future compromises. Also in this phase, reports are created of errors that have occurred and prevention of new errors from rising. The web server attack can cause harm to an organizations name and brand. The consequences can be website damage and destruction, compromised information, alteration of data (users ' personal data), and web server infringement.…

    • 1189 Words
    • 5 Pages
    Improved Essays
  • Superior Essays

    It will also analyze the change control process and identification needed for security for the specific business fields. Process to identify security needs and how it effects the foundation of the policy How can you possibly protect your IT infrastructure if you have no idea what you are protecting it against? That’s why it is important to identify the security needs and/or vulnerabilities thoroughly with a basic risk assessment. So a risk assessment is the process that should be completed first and it will help to identify the security needs. During this process you will be faced with some basic questions that will help to identify your security needs.…

    • 1045 Words
    • 4 Pages
    Superior Essays
  • Great Essays

    C Analyze risks Identifying the mechanism that deal with the recognized risks and measure their strength. Based on this assessment, considering the risks in terms of possibility and significance, and the present risk level. Risk analysis is the procedure of defining and analyzing the threats to personals, organization and government agencies posed by potential natural or human-caused adverse events. A risk analysis aids to integrate security program with the company 's goals and requirements. It also helps the company to assign a suitable budget for an effective security program and its components.…

    • 1790 Words
    • 8 Pages
    Great Essays
  • Great Essays

    Gamblebet Fraud Case Study

    • 1717 Words
    • 7 Pages

    Any loopholes and vulnerabilities identified in risk analysis would be considered and take care of. Any weaknesses of software would be highlighted by us during the investigation. Set of recommendations Recommendations for GambleBet company to secure their sensitive information from the hackers are as follows:- Access controls describe what activities a user can do or what objects an operator is permitted to access. Access controls are constructed upon the substance of elements designed to ease the matching of an operator to a development. These elements are identification, authentication and authorisation which are also called as…

    • 1717 Words
    • 7 Pages
    Great Essays
  • Improved Essays

    A Vulnerability Assessment needs to be completed to identify weaknesses in the network security configuration in order to suggest changes. We must keep in mind that documentation on how the network systems are configured is critical for the recovery process during a penetrating testing. Vulnerability Assessments are designed to identify network weaknesses and help coming with security improvements and remedies. Penetration testing is a testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it. (Kim, D. & Solomon, Michael 2014, page 486).…

    • 706 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Information security policy refers to measures taken by a company in an attempt to control the behavior of the labor force. The policy ensures that no inappropriate activities take place within the working environment. As part of the rules that the policy has to abide by is the compliance with the laws and regulation and the ability to create defense in the court (Peltier, 2016). The management must support and administer the policy in a suitable manner. It is imperative to tailor the policy as a way of meeting the needs of the company.…

    • 1257 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    • Custom implementation of authorization and authentication schemes should not be implemented unless they are tested properly [ ]. • Back up policies such as Continuous Data Protection (CDP) should be implemented in order to avoid issues with data recovery in case of a sudden attack [96]. • Additionally, they should be aware if the virtual network infrastructure used by the cloud provider is secured and the various security procedures implemented to ensure the same [25]. Paper [] discusses security challenges in IaaS and discusses identity/access management and multifactor authentication techniques in Amazon Web Service (AWS) cloud. In case of PaaS and SaaS model cloud provider has a responsibility to provide good level of security .Following aspects related to security must be considered.…

    • 745 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Cyber Terrorism is defined as an attack that targets the information held in computers, or a network that leads to a threat of violence against the property or a person (Weimann, 2004). The information that has been exposed on WikiLeaks has damaged careers and the reputation of organizations. These leaks have also exposed information that threaten the relationships of countries. The breaches can be considered acts of Cyber Terrorism, and understanding how to safe guard all organization from these threats is vital. The Reason behind the Breaches WikiLeaks has released information that has damaged many reputations, including organizations and countries.…

    • 723 Words
    • 3 Pages
    Improved Essays