NEED A PERFECT PAPER? PLACE YOUR FIRST ORDER AND SAVE 15% USING COUPON:

Week 1 Discussion Post After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss.  After you define each t

Week 1 Discussion Post After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss.  After you define each t

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.

Week 1 Discussion Post After reading chapter 1, define the following terms risk, threat, vulnerability, asset, and impact of loss.  After you define each term identify their role within an organizations security posture. 

300-500 words

Please refer attached pdf files (Chapters 1 and 2) CHAPTER 1
Risk Management Fundamentals

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com.

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Learning Objective(s) and Key Concepts
Describe the components of and approaches to effective risk management in an organization.

Risk and its relationship to threat, vulnerability, and asset loss
Classifying business risk in relation to the seven domains of a typical IT infrastructure
Risk identification techniques
Risk management process
Strategies for handling risk
Learning Objective(s)
Key Concepts

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

What Is Risk?
Risk: The likelihood that a loss will occur; losses occur when a threat exposes a vulnerability that could harm an asset
Threat: Any activity that represents a possible danger
Vulnerability: A weakness
Asset: A thing of value worth protecting
Loss: A loss results in a compromise to business functions or assets.
Tangible
Intangible

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Risk-Related Concerns for Business

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Compromise of business functions

Compromise of business assets

Driver of business costs

Profitability versus survivability

Threats, Vulnerabilities, Assets, and Impact
Threats can be thought of as attempts to exploit vulnerabilities that result in the loss of confidentiality, integrity, or availability of a business asset:
Confidentiality: Preventing unauthorized disclosure of information
Integrity: Ensuring data or an IT system is not modified or destroyed
Availability: Ensuring data and services are available when needed

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Vulnerabilities

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

A vulnerability is a weakness

A loss to an asset occurs only when an attacker is able to exploit the vulnerability

Vulnerabilities may exist because they’ve never been corrected

Vulnerabilities can also exist if security is weakened either intentionally or unintentionally

Assets
Tangible value is the actual cost of the asset:
Computer systems—Servers, desktop PCs, and mobile computers
Network components—Routers, switches, firewalls, and any other components necessary to keep the network running
Software applications—Any application that can be installed on a computer system
Data—Includes large-scale databases and the data used and manipulated by each employee or customer

The intangible value cannot be measured by cost, such as client confidence or company reputation:
Future lost revenue—Any purchases customers make with another company are a loss to the company
Cost of gaining the customer—If a company loses a customer, the company’s investment is lost
Customer influence—Customers commonly share their experience with others, especially if the experience is exceptionally positive or negative
Reputation—One customer’s bad experience could potentially influence other current or potential customers to avoid future business transactions

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Impact

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Very High

Indicates multiple severe or catastrophic adverse effects

High

Indicates a severe or catastrophic adverse effect

Moderate

Indicates a negligible adverse effect

Low

Very Low

Indicates a serious adverse effect

Indicates a limited adverse effect

Classify Business Risks
Risks posed by people:
Leaders and managers
System administrators
Developer
End user
Risks posed by a lack of process:
Policies
Standards
Guidelines

Risks posed by technology:
User Domain
Workstation Domain
LAN Domain
LAN-to-WAN Domain
WAN Domain
Remote Access Domain
System/Application Domain

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Classify Business Risks (Cont.)

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Seven Domains of a Typical IT Infrastructure

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Risk Identification Techniques

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Identify threats

Identify vulnerabilities

Estimate impact and likelihood of a threat exploiting a vulnerability

Identifying Threats and Vulnerabilities

Component Type or Source

Threats External or internal
Natural or man-made
Intentional or accidental

Vulnerabilities Audits
Certification/accreditation records
System logs
Prior events
Trouble reports
Incident response teams

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Balancing Risk and Cost
Consider the cost to implement a control and the cost of not implementing the control
Spending money to manage a risk rarely adds profit; important point is that spending money on risk management can help ensure a business’s survivability
Cost to manage a risk must be balanced against the impact value
Reasonableness: “Would a reasonable person be expected to manage this risk?”

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Balancing Risk and Cost (Cont.)

Low Impact
(0%—10%) Medium Impact
(11%—50%) High Impact
(51%—100%)

High-threat likelihood—100% (1.0) 10 × 1 = 10 50 × 1 = 50 100 × 1 = 100

Medium-threat likelihood—50% (.50) 10 × .50 = 5 50 × .50 = 25 100 × .50 = 50

Low-threat likelihood—10% (.10) 10 × .10 = 1 50 × .10 = 5 100 × .10 = 10

A threat-likelihood-impact matrix.

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Risk Management Process

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Risk Management

Risk: Probability of loss

Vulnerability: System weakness

Threat: Potential harm

Risk Management Process (Cont.)

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Assess risks

Identify risks to manage

Select controls

Implement and test controls

Evaluate controls

Cost-Benefit Analysis

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Principle of Proportionality

Cost-benefit analysis (CBA)

Cost of control

Projected benefits

The amount spent on controls should be proportional to the risk

Helps determine which controls, or countermeasures, to implement

Profitability Versus Survivability

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Out-of-pocket costs

Lost opportunity costs

Future costs

Client and stakeholder confidence

Total cost of security

Risk-Handling Strategies

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Various Techniques of Risk Management

Avoiding

Sharing or transferring

Mitigating

Accepting

Residual Risk

Summary
Risk and its relationship to threat, vulnerability, and asset loss
Classifying business risk in relation to the seven domains of a typical IT infrastructure
Risk identification techniques
Risk management process
Strategies for handling risk

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

10/8/2020

21

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality