a) In terms of software risk,an event is any situation or happening or real/virtual object that
causes risk which is an expectation of loss or a potential problem that may or may not occur in
the future.
a threat according to information security is a possible danger that might exploit a vulnerability
to breach security and therefore cause possible harm.
So,when a threat is in action it becomes an event .( security breach event).
b)Risk management is the process of identifying vulnerabilities and threats to the information
resources used by an organization in achieving business objectives, and deciding what
countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the
information resource to the organization. Here the information resources are called the assets.
According to Information security,an asset is any data, device, or other component of the
environment that supports information-related activities. Assets generally include hardware,
software and confidential information.Assets should be protected from illicit access, use,
disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
The goal of information security is to ensure the confidentiality, integrity and availability of
assets from various threats. For example, a hacker might attack a system in order to steal credit
card numbers by exploiting a vulnerability.
If the assests are under risk ,the organization may be driven towards losses in terms of its
business objective ( say information of customers , information regarding customer money and
transactions which affects customer loyalty , damage to infrastructure whether software or
hardware etc).So an asset is not only monetary.
We can broadly classify assets in the following categories:
1. Information assets
Every piece of information about your organization falls in this category. This information has
been collected, classified, organized and stored in various forms.
Example :
Databases: Information about your customers, personnel, production, sales, marketing, finances.
This information is critical for your business. It\'s confidentiality, integrity and availability is of
utmost importance.
Data files: Transactional data giving up-to-date information about each event.
Operational and support procedures: These have been developed over the years and provide
detailed instructions on how to perform various activities.
Archived information: Old information that may be required to be maintained by law.
Continuity plans, fallback arrangements: These would be developed to overcome any disaster
and maintain the continuity of business. Absence of these will lead to ad-hoc decisions in a
crisis.
2. Software assets
These can be divided into two categories:
a) Application software: Application software implements business rules of the organization.
Creation of application software is a time consuming task. Integrity of application software is
very important. Any flaw in t.
a) In terms of software risk,an event is any situation or happening .pdf
1. a) In terms of software risk,an event is any situation or happening or real/virtual object that
causes risk which is an expectation of loss or a potential problem that may or may not occur in
the future.
a threat according to information security is a possible danger that might exploit a vulnerability
to breach security and therefore cause possible harm.
So,when a threat is in action it becomes an event .( security breach event).
b)Risk management is the process of identifying vulnerabilities and threats to the information
resources used by an organization in achieving business objectives, and deciding what
countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the
information resource to the organization. Here the information resources are called the assets.
According to Information security,an asset is any data, device, or other component of the
environment that supports information-related activities. Assets generally include hardware,
software and confidential information.Assets should be protected from illicit access, use,
disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
The goal of information security is to ensure the confidentiality, integrity and availability of
assets from various threats. For example, a hacker might attack a system in order to steal credit
card numbers by exploiting a vulnerability.
If the assests are under risk ,the organization may be driven towards losses in terms of its
business objective ( say information of customers , information regarding customer money and
transactions which affects customer loyalty , damage to infrastructure whether software or
hardware etc).So an asset is not only monetary.
We can broadly classify assets in the following categories:
1. Information assets
Every piece of information about your organization falls in this category. This information has
been collected, classified, organized and stored in various forms.
Example :
Databases: Information about your customers, personnel, production, sales, marketing, finances.
This information is critical for your business. It's confidentiality, integrity and availability is of
utmost importance.
Data files: Transactional data giving up-to-date information about each event.
Operational and support procedures: These have been developed over the years and provide
detailed instructions on how to perform various activities.
Archived information: Old information that may be required to be maintained by law.
Continuity plans, fallback arrangements: These would be developed to overcome any disaster
and maintain the continuity of business. Absence of these will lead to ad-hoc decisions in a
2. crisis.
2. Software assets
These can be divided into two categories:
a) Application software: Application software implements business rules of the organization.
Creation of application software is a time consuming task. Integrity of application software is
very important. Any flaw in the application software could impact the business adversely.
Example : Third party antivirus software
b) System software: An organization would invest in various packaged software programs like
operating systems, DBMS, development tools and utilities, software packages, office
productivity suites etc.
Most of the software under this category would be available off the shelf, unless the software is
obsolete or non-standard.
3. Physical assets
These are the visible and tangible equipment like:
a) Computer equipment: Mainframe computers, servers, desktops and notebook computers.
b) Communication equipment: Modems, routers, EPABXs and fax machines.
c) Storage media: Magnetic tapes, disks, CDs and DATs.
d) Technical equipment: Power supplies, air conditioners.
e) Furniture and fixtures
4. Services
a) Computing services that the organization has outsourced.
b) Communication services like voice communication, data communication, value added
services, wide area network etc.
c) Environmental conditioning services like heating, lighting, air conditioning and power.
Solution
a) In terms of software risk,an event is any situation or happening or real/virtual object that
causes risk which is an expectation of loss or a potential problem that may or may not occur in
the future.
a threat according to information security is a possible danger that might exploit a vulnerability
to breach security and therefore cause possible harm.
So,when a threat is in action it becomes an event .( security breach event).
b)Risk management is the process of identifying vulnerabilities and threats to the information
resources used by an organization in achieving business objectives, and deciding what
countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the
3. information resource to the organization. Here the information resources are called the assets.
According to Information security,an asset is any data, device, or other component of the
environment that supports information-related activities. Assets generally include hardware,
software and confidential information.Assets should be protected from illicit access, use,
disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
The goal of information security is to ensure the confidentiality, integrity and availability of
assets from various threats. For example, a hacker might attack a system in order to steal credit
card numbers by exploiting a vulnerability.
If the assests are under risk ,the organization may be driven towards losses in terms of its
business objective ( say information of customers , information regarding customer money and
transactions which affects customer loyalty , damage to infrastructure whether software or
hardware etc).So an asset is not only monetary.
We can broadly classify assets in the following categories:
1. Information assets
Every piece of information about your organization falls in this category. This information has
been collected, classified, organized and stored in various forms.
Example :
Databases: Information about your customers, personnel, production, sales, marketing, finances.
This information is critical for your business. It's confidentiality, integrity and availability is of
utmost importance.
Data files: Transactional data giving up-to-date information about each event.
Operational and support procedures: These have been developed over the years and provide
detailed instructions on how to perform various activities.
Archived information: Old information that may be required to be maintained by law.
Continuity plans, fallback arrangements: These would be developed to overcome any disaster
and maintain the continuity of business. Absence of these will lead to ad-hoc decisions in a
crisis.
2. Software assets
These can be divided into two categories:
a) Application software: Application software implements business rules of the organization.
Creation of application software is a time consuming task. Integrity of application software is
very important. Any flaw in the application software could impact the business adversely.
Example : Third party antivirus software
b) System software: An organization would invest in various packaged software programs like
operating systems, DBMS, development tools and utilities, software packages, office
productivity suites etc.
4. Most of the software under this category would be available off the shelf, unless the software is
obsolete or non-standard.
3. Physical assets
These are the visible and tangible equipment like:
a) Computer equipment: Mainframe computers, servers, desktops and notebook computers.
b) Communication equipment: Modems, routers, EPABXs and fax machines.
c) Storage media: Magnetic tapes, disks, CDs and DATs.
d) Technical equipment: Power supplies, air conditioners.
e) Furniture and fixtures
4. Services
a) Computing services that the organization has outsourced.
b) Communication services like voice communication, data communication, value added
services, wide area network etc.
c) Environmental conditioning services like heating, lighting, air conditioning and power.