30 Jun After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss.? After you define each term identify their role within an orga
After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss. After you define each term identify their role within an organizations secuirty posture. The initial post must be completed by Thursday at 11:59 eastern. You are also required to post a response to a minimum of two other student in the class by the end of the week. You must use at least one scholarly resource. Every discussion posting must be properly APA formatted.
500 words, APA format
PFA Chp 1
CHAPTER 1
Risk Management Fundamentals
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com.
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Learning Objective(s) and Key Concepts
Describe the components of and approaches to effective risk management in an organization.
Risk and its relationship to threat, vulnerability, and asset loss
Classifying business risk in relation to the seven domains of a typical IT infrastructure
Risk identification techniques
Risk management process
Strategies for handling risk
Learning Objective(s)
Key Concepts
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
What Is Risk?
Risk: The likelihood that a loss will occur; losses occur when a threat exposes a vulnerability that could harm an asset
Threat: Any activity that represents a possible danger
Vulnerability: A weakness
Asset: A thing of value worth protecting
Loss: A loss results in a compromise to business functions or assets.
Tangible
Intangible
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Risk-Related Concerns for Business
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Compromise of business functions
Compromise of business assets
Driver of business costs
Profitability versus survivability
Threats, Vulnerabilities, Assets, and Impact
Threats can be thought of as attempts to exploit vulnerabilities that result in the loss of confidentiality, integrity, or availability of a business asset:
Confidentiality: Preventing unauthorized disclosure of information
Integrity: Ensuring data or an IT system is not modified or destroyed
Availability: Ensuring data and services are available when needed
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Vulnerabilities
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
A vulnerability is a weakness
A loss to an asset occurs only when an attacker is able to exploit the vulnerability
Vulnerabilities may exist because they’ve never been corrected
Vulnerabilities can also exist if security is weakened either intentionally or unintentionally
Assets
Tangible value is the actual cost of the asset:
Computer systems—Servers, desktop PCs, and mobile computers
Network components—Routers, switches, firewalls, and any other components necessary to keep the network running
Software applications—Any application that can be installed on a computer system
Data—Includes large-scale databases and the data used and manipulated by each employee or customer
The intangible value cannot be measured by cost, such as client confidence or company reputation:
Future lost revenue—Any purchases customers make with another company are a loss to the company
Cost of gaining the customer—If a company loses a customer, the company’s investment is lost
Customer influence—Customers commonly share their experience with others, especially if the experience is exceptionally positive or negative
Reputation—One customer’s bad experience could potentially influence other current or potential customers to avoid future business transactions
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Impact
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Very High
Indicates multiple severe or catastrophic adverse effects
High
Indicates a severe or catastrophic adverse effect
Moderate
Indicates a negligible adverse effect
Low
Very Low
Indicates a serious adverse effect
Indicates a limited adverse effect
Classify Business Risks
Risks posed by people:
Leaders and managers
System administrators
Developer
End user
Risks posed by a lack of process:
Policies
Standards
Guidelines
Risks posed by technology:
User Domain
Workstation Domain
LAN Domain
LAN-to-WAN Domain
WAN Domain
Remote Access Domain
System/Application Domain
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Classify Business Risks (Cont.)
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Seven Domains of a Typical IT Infrastructure
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Risk Identification Techniques
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Identify threats
Identify vulnerabilities
Estimate impact and likelihood of a threat exploiting a vulnerability
Identifying Threats and Vulnerabilities
| Component | Type or Source |
| Threats | External or internal Natural or man-made Intentional or accidental |
| Vulnerabilities | Audits Certification/accreditation records System logs Prior events Trouble reports Incident response teams |
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Balancing Risk and Cost
Consider the cost to implement a control and the cost of not implementing the control
Spending money to manage a risk rarely adds profit; important point is that spending money on risk management can help ensure a business’s survivability
Cost to manage a risk must be balanced against the impact value
Reasonableness: “Would a reasonable person be expected to manage this risk?”
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Balancing Risk and Cost (Cont.)
| Low Impact (0%—10%) | Medium Impact (11%—50%) | High Impact (51%—100%) | |
| High-threat likelihood—100% (1.0) | 10 × 1 = 10 | 50 × 1 = 50 | 100 × 1 = 100 |
| Medium-threat likelihood—50% (.50) | 10 × .50 = 5 | 50 × .50 = 25 | 100 × .50 = 50 |
| Low-threat likelihood—10% (.10) | 10 × .10 = 1 | 50 × .10 = 5 | 100 × .10 = 10 |
A threat-likelihood-impact matrix.
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Risk Management Process
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Risk Management
Risk: Probability of loss
Vulnerability: System weakness
Threat: Potential harm
Risk Management Process (Cont.)
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Assess risks
Identify risks to manage
Select controls
Implement and test controls
Evaluate controls
Cost-Benefit Analysis
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Principle of Proportionality
Cost-benefit analysis (CBA)
Cost of control
Projected benefits
The amount spent on controls should be proportional to the risk
Helps determine which controls, or countermeasures, to implement
Profitability Versus Survivability
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Out-of-pocket costs
Lost opportunity costs
Future costs
Client and stakeholder confidence
Total cost of security
Risk-Handling Strategies
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Various Techniques of Risk Management
Avoiding
Sharing or transferring
Mitigating
Accepting
Residual Risk
Summary
Risk and its relationship to threat, vulnerability, and asset loss
Classifying business risk in relation to the seven domains of a typical IT infrastructure
Risk identification techniques
Risk management process
Strategies for handling risk
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
10/8/2020
21
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
Do you need help with this question?
Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.
WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.
With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Chat with us today! We are always waiting to answer all your questions.