SlideShare a Scribd company logo

the world documentation.docx

Download as DOCX, PDF
B
bkbk37

course material

Education
1 of 2
(Mt) – the world documentation Risk management HW Part 1. Complete Ch. 4 Review Questions Part 2. Asset identification and classification – Complete table below 1. Assets a. Identify assets (column A) at Towson University, including at least one in each: ASSET Value – C,H,M,L people Data and information procedures software hardware b. Value- for each asset, list whether it is critical, high, medium, or low Asset Value Critical- compromise to assets would have grave consequences leading to loss of life, serious injury, or mission failure High – compromise to assets would have serious consequences that could impair operations for a significant period of time 10 7-9 Medium – compromise to assets would have moderate 5-6 consequences that could impair operations for a limited period of time Numeric Value 1-10 Low – compromise to assets would have little or no impact on the continuation of operations 1-3 c. Asset valuation – Determine the numeric value of identified assets – Use personal judgment – Keep mission of the school corporation in mind Asset Analysis: Valuation Elements to Consider: • Cost of Producing the Asset • Value of the Information/Service on the Open Market • Cost of Reproducing the Asset if Destroyed • Benefit the Asset Brings to the university in Meeting the Mission and Supporting Student Learning • Repercussion to the University if the Information and Services were not Readily Available • Advantage Given to Someone if They Could Use, Change, or Destroy the Asset • Cost if Information is Released, Altered, or Destroyed (Litigation) • Loss of Administration, Teacher, Student, Parent, and Community Confidence if Information is not Held & Processed Securely • Loss of General Credibility & Embarrassment 2. Threats a. List and identify actions threats, examples: • Act of human error or failure, • Compromise of intellectual property • Deliberate acts of espionage • Deliberate acts of information extortion • Sabotage, vandalism, theft • Software attacks • Forces of nature • Technical hardware failures • Software failures • Technological obsolescence THREAT Value – C,H,M,L Numeric Value 1-10 b. Value- for each threat, list whether it is critical, high, medium, or low. The threat rating is a subjective judgment based on existence, capability, history, intention, and targeting. Threat Value Critical- Known aggressors or hazards, highly capable of causing loss or damage exist. One or more vulnerabilities are present. The threat source is known to having intent and means. High – Known aggressors or hazards, capable of causing loss or damage to the school exist. One or more vulnerabilities are present and the aggressors are known or reasonably suspected having intent and means. Medium – Known aggressors or hazards that may be capable of causing loss or damage exist. One or more vulnerabilities may be present; however, the aggressors are not believed to have intent. Low – Few or no
aggressors or hazards exist. Their capability of causing damage is doubtful. 10 7-9 5-6 1-3 c. Threat valuation – Determine the numeric value of identified assets – Use personal judgment – Keep mission of the entity in mind 3. Vulnerabilities a. • • • • • List and identify vulnerabilities, examples: Human Operational – insufficient security procedures Informational vulnerabilities Facility – weak physical location and geographical Equipment VULNERABILITY Value – C,H,M,L Numeric Value 1-10 d. Value- for each vulnerability, list whether it is critical, high, medium, or low. The threat rating is a subjective judgment based on existence, capability, history, intention, and targeting. Vulnerability Value Critical- no known countermeasures and adversary capability exists High – no known countermeasures and adversary capability exists Medium – there are effective countermeasures in place, but adversaries can exploit a weakness Low – multiple levels of countermeasures exist and few or no adversaries could exploit the asset 10 7-9 5-6 1-3 e. Vulnerability valuation – Determine the numeric value of identified assets – Use personal judgment – Keep mission of the entity in mind Risk = Asset Value x Threat Rating x Vulnerability Rating Risk >260 141- 260 101-140 1-100 Risk Rating Critical High Medium Low Risk Assessment: Fill out the table below based on the asset value, threat, and vulnerability assessment examples presented earlier. All italic values should be replaced with your own data. After completing, color code using the table a Asset 1 Asset Value Rating Threat Rating Vulnerability Rating Asset 2 Asset Value Rating Threat Rating Vulnerability Rating Asset 3 Asset Value Rating Threat Rating Vulnerability Rating Threat 1 Threat 2 Asset*threat*vuln Asset*threat*vuln Threat Threat 3 Asset*threat*vuln Threat 4 Asset*threat*vuln Threat 5 Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset 4 Asset Value Rating Threat Rating Vulnerability Rating Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln

Recommended

Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
CapTech Talks Webinar April 2023 Joshua Sinai.pptx
CapTech Talks Webinar April 2023 Joshua Sinai.pptxCapTech Talks Webinar April 2023 Joshua Sinai.pptx
CapTech Talks Webinar April 2023 Joshua Sinai.pptxCapitolTechU
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Barry Caplin
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Assessing Quality in Cyber Risk Forecasting
Assessing Quality in Cyber Risk ForecastingAssessing Quality in Cyber Risk Forecasting
Assessing Quality in Cyber Risk ForecastingJack Freund, PhD
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsEnterprise Security Risk Management
 
Introduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskIntroduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskOsama Salah
 

Recommended

Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
CapTech Talks Webinar April 2023 Joshua Sinai.pptx
CapTech Talks Webinar April 2023 Joshua Sinai.pptxCapTech Talks Webinar April 2023 Joshua Sinai.pptx
CapTech Talks Webinar April 2023 Joshua Sinai.pptxCapitolTechU
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Barry Caplin
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Assessing Quality in Cyber Risk Forecasting
Assessing Quality in Cyber Risk ForecastingAssessing Quality in Cyber Risk Forecasting
Assessing Quality in Cyber Risk ForecastingJack Freund, PhD
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsEnterprise Security Risk Management
 
Introduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskIntroduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskOsama Salah
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxgertrudebellgrove
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxgertrudebellgrove
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxpoulterbarbara
 
Reliability
ReliabilityReliability
ReliabilityChellamuthu K
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructurejbasney
 
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)Pace IT at Edmonds Community College
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxChandan Singh Ghodela
 
Ir s 1_2_1_kovacs
Ir s 1_2_1_kovacsIr s 1_2_1_kovacs
Ir s 1_2_1_kovacsStefan Kovacs
 
Countering Violent Extremism In Urban Environments Through Design Issue
Countering Violent Extremism In Urban Environments Through Design IssueCountering Violent Extremism In Urban Environments Through Design Issue
Countering Violent Extremism In Urban Environments Through Design Issuezadok001
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesRoger Johnston
 
05-risk_assesment.ppt
05-risk_assesment.ppt05-risk_assesment.ppt
05-risk_assesment.pptKareemRasmy1
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical HackingUK Defence Cyber School
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
ch01.ppt
ch01.pptch01.ppt
ch01.pptsamsam693199
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topicsOlajide Kuku
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational contentOlajide Kuku
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxmadlynplamondon
 
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docxFEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docxmydrynan
 
Range of.docx
Range of.docxRange of.docx
Range of.docxbkbk37
 
Ralph Waldo Emerson.docx
Ralph Waldo Emerson.docxRalph Waldo Emerson.docx
Ralph Waldo Emerson.docxbkbk37
 

More Related Content

Similar to the world documentation.docx

Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxgertrudebellgrove
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxgertrudebellgrove
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxpoulterbarbara
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructurejbasney
 
Countering Violent Extremism In Urban Environments Through Design Issue
Countering Violent Extremism In Urban Environments Through Design IssueCountering Violent Extremism In Urban Environments Through Design Issue
Countering Violent Extremism In Urban Environments Through Design Issuezadok001
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesRoger Johnston
 
05-risk_assesment.ppt
05-risk_assesment.ppt05-risk_assesment.ppt
05-risk_assesment.pptKareemRasmy1
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topicsOlajide Kuku
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational contentOlajide Kuku
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxmadlynplamondon
 
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docxFEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docxmydrynan
 

Similar to the world documentation.docx (20)

Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docx
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
 
Reliability
ReliabilityReliability
Reliability
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
 
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptx
 
Ir s 1_2_1_kovacs
Ir s 1_2_1_kovacsIr s 1_2_1_kovacs
Ir s 1_2_1_kovacs
 
Countering Violent Extremism In Urban Environments Through Design Issue
Countering Violent Extremism In Urban Environments Through Design IssueCountering Violent Extremism In Urban Environments Through Design Issue
Countering Violent Extremism In Urban Environments Through Design Issue
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the Vulnerabilities
 
05-risk_assesment.ppt
05-risk_assesment.ppt05-risk_assesment.ppt
05-risk_assesment.ppt
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topics
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational content
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docx
 
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docxFEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
FEMARisk Management SeriesRisk AssessmentA How-To Gu.docx
 

More from bkbk37

Range of.docx
Range of.docxRange of.docx
Range of.docxbkbk37
 
Ralph Waldo Emerson.docx
Ralph Waldo Emerson.docxRalph Waldo Emerson.docx
Ralph Waldo Emerson.docxbkbk37
 
Raising Minimum An explanation of the its.docx
Raising Minimum An explanation of the its.docxRaising Minimum An explanation of the its.docx
Raising Minimum An explanation of the its.docxbkbk37
 
Rail Project A goal of the Obama administration.docx
Rail Project A goal of the Obama administration.docxRail Project A goal of the Obama administration.docx
Rail Project A goal of the Obama administration.docxbkbk37
 
Racism toward Indigenous peoples in Canada.docx
Racism toward Indigenous peoples in Canada.docxRacism toward Indigenous peoples in Canada.docx
Racism toward Indigenous peoples in Canada.docxbkbk37
 
Race and.docx
Race and.docxRace and.docx
Race and.docxbkbk37
 
R2P and Syria.docx
R2P and Syria.docxR2P and Syria.docx
R2P and Syria.docxbkbk37
 
Racial Disparities.docx
Racial Disparities.docxRacial Disparities.docx
Racial Disparities.docxbkbk37
 
Race and Technology.docx
Race and Technology.docxRace and Technology.docx
Race and Technology.docxbkbk37
 
QuickBooks uses windows API to follow orders to get updates.docx
QuickBooks uses windows API to follow orders to get updates.docxQuickBooks uses windows API to follow orders to get updates.docx
QuickBooks uses windows API to follow orders to get updates.docxbkbk37
 
Questions What are the purposes of Just.docx
Questions What are the purposes of Just.docxQuestions What are the purposes of Just.docx
Questions What are the purposes of Just.docxbkbk37
 
Questions to Each group you read about is.docx
Questions to Each group you read about is.docxQuestions to Each group you read about is.docx
Questions to Each group you read about is.docxbkbk37
 
Questions that must be answered in your plus other.docx
Questions that must be answered in your plus other.docxQuestions that must be answered in your plus other.docx
Questions that must be answered in your plus other.docxbkbk37
 
Questions for Brief Explicit Spiritual.docx
Questions for Brief Explicit Spiritual.docxQuestions for Brief Explicit Spiritual.docx
Questions for Brief Explicit Spiritual.docxbkbk37
 
Question Libya recently announced that it is claiming a.docx
Question Libya recently announced that it is claiming a.docxQuestion Libya recently announced that it is claiming a.docx
Question Libya recently announced that it is claiming a.docxbkbk37
 
Question Use the Internet or the IGlobal Resource.docx
Question Use the Internet or the IGlobal Resource.docxQuestion Use the Internet or the IGlobal Resource.docx
Question Use the Internet or the IGlobal Resource.docxbkbk37
 
Question Please define motivation and discuss why it is.docx
Question Please define motivation and discuss why it is.docxQuestion Please define motivation and discuss why it is.docx
Question Please define motivation and discuss why it is.docxbkbk37
 
Question share your perspective on personal data as a.docx
Question share your perspective on personal data as a.docxQuestion share your perspective on personal data as a.docx
Question share your perspective on personal data as a.docxbkbk37
 
QEP Assignment Death Penalty.docx
QEP Assignment Death Penalty.docxQEP Assignment Death Penalty.docx
QEP Assignment Death Penalty.docxbkbk37
 
Question In your what are the main workforce.docx
Question In your what are the main workforce.docxQuestion In your what are the main workforce.docx
Question In your what are the main workforce.docxbkbk37
 

More from bkbk37 (20)

Range of.docx
Range of.docxRange of.docx
Range of.docx
 
Ralph Waldo Emerson.docx
Ralph Waldo Emerson.docxRalph Waldo Emerson.docx
Ralph Waldo Emerson.docx
 
Raising Minimum An explanation of the its.docx
Raising Minimum An explanation of the its.docxRaising Minimum An explanation of the its.docx
Raising Minimum An explanation of the its.docx
 
Rail Project A goal of the Obama administration.docx
Rail Project A goal of the Obama administration.docxRail Project A goal of the Obama administration.docx
Rail Project A goal of the Obama administration.docx
 
Racism toward Indigenous peoples in Canada.docx
Racism toward Indigenous peoples in Canada.docxRacism toward Indigenous peoples in Canada.docx
Racism toward Indigenous peoples in Canada.docx
 
Race and.docx
Race and.docxRace and.docx
Race and.docx
 
R2P and Syria.docx
R2P and Syria.docxR2P and Syria.docx
R2P and Syria.docx
 
Racial Disparities.docx
Racial Disparities.docxRacial Disparities.docx
Racial Disparities.docx
 
Race and Technology.docx
Race and Technology.docxRace and Technology.docx
Race and Technology.docx
 
QuickBooks uses windows API to follow orders to get updates.docx
QuickBooks uses windows API to follow orders to get updates.docxQuickBooks uses windows API to follow orders to get updates.docx
QuickBooks uses windows API to follow orders to get updates.docx
 
Questions What are the purposes of Just.docx
Questions What are the purposes of Just.docxQuestions What are the purposes of Just.docx
Questions What are the purposes of Just.docx
 
Questions to Each group you read about is.docx
Questions to Each group you read about is.docxQuestions to Each group you read about is.docx
Questions to Each group you read about is.docx
 
Questions that must be answered in your plus other.docx
Questions that must be answered in your plus other.docxQuestions that must be answered in your plus other.docx
Questions that must be answered in your plus other.docx
 
Questions for Brief Explicit Spiritual.docx
Questions for Brief Explicit Spiritual.docxQuestions for Brief Explicit Spiritual.docx
Questions for Brief Explicit Spiritual.docx
 
Question Libya recently announced that it is claiming a.docx
Question Libya recently announced that it is claiming a.docxQuestion Libya recently announced that it is claiming a.docx
Question Libya recently announced that it is claiming a.docx
 
Question Use the Internet or the IGlobal Resource.docx
Question Use the Internet or the IGlobal Resource.docxQuestion Use the Internet or the IGlobal Resource.docx
Question Use the Internet or the IGlobal Resource.docx
 
Question Please define motivation and discuss why it is.docx
Question Please define motivation and discuss why it is.docxQuestion Please define motivation and discuss why it is.docx
Question Please define motivation and discuss why it is.docx
 
Question share your perspective on personal data as a.docx
Question share your perspective on personal data as a.docxQuestion share your perspective on personal data as a.docx
Question share your perspective on personal data as a.docx
 
QEP Assignment Death Penalty.docx
QEP Assignment Death Penalty.docxQEP Assignment Death Penalty.docx
QEP Assignment Death Penalty.docx
 
Question In your what are the main workforce.docx
Question In your what are the main workforce.docxQuestion In your what are the main workforce.docx
Question In your what are the main workforce.docx
 

Recently uploaded

Championnat de France de Tennis de table/
Championnat de France de Tennis de table/Championnat de France de Tennis de table/
Championnat de France de Tennis de table/siemaillard
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxPoojaSen20
 
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17Celine George
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project researchCaitlinCummins3
 
philosophy and it's principles based on the life
philosophy and it's principles based on the lifephilosophy and it's principles based on the life
philosophy and it's principles based on the lifeNitinDeodare
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnershipsexpandedwebsite
 
Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...
Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...
Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...Sumit Tiwari
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppCeline George
 
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinhĐề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinhleson0603
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....Ritu480198
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...EduSkills OECD
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppCeline George
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文中 央社
 
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxheathfieldcps1
 
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING IIII BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING IIagpharmacy11
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...Nguyen Thanh Tu Collection
 
The Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxThe Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxVishal Singh
 
MOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptxMOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptxPoojaSen20
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjMohammed Sikander
 

Recently uploaded (20)

Championnat de France de Tennis de table/
Championnat de France de Tennis de table/Championnat de France de Tennis de table/
Championnat de France de Tennis de table/
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
philosophy and it's principles based on the life
philosophy and it's principles based on the lifephilosophy and it's principles based on the life
philosophy and it's principles based on the life
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...
Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...
Chapter 7 Pharmacosy Traditional System of Medicine & Ayurvedic Preparations ...
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge App
 
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinhĐề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
 
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING IIII BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
 
“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE .“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE .
 
The Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxThe Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptx
 
MOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptxMOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptx
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 

the world documentation.docx

  • 1. (Mt) – the world documentation Risk management HW Part 1. Complete Ch. 4 Review Questions Part 2. Asset identification and classification – Complete table below 1. Assets a. Identify assets (column A) at Towson University, including at least one in each: ASSET Value – C,H,M,L people Data and information procedures software hardware b. Value- for each asset, list whether it is critical, high, medium, or low Asset Value Critical- compromise to assets would have grave consequences leading to loss of life, serious injury, or mission failure High – compromise to assets would have serious consequences that could impair operations for a significant period of time 10 7-9 Medium – compromise to assets would have moderate 5-6 consequences that could impair operations for a limited period of time Numeric Value 1-10 Low – compromise to assets would have little or no impact on the continuation of operations 1-3 c. Asset valuation – Determine the numeric value of identified assets – Use personal judgment – Keep mission of the school corporation in mind Asset Analysis: Valuation Elements to Consider: • Cost of Producing the Asset • Value of the Information/Service on the Open Market • Cost of Reproducing the Asset if Destroyed • Benefit the Asset Brings to the university in Meeting the Mission and Supporting Student Learning • Repercussion to the University if the Information and Services were not Readily Available • Advantage Given to Someone if They Could Use, Change, or Destroy the Asset • Cost if Information is Released, Altered, or Destroyed (Litigation) • Loss of Administration, Teacher, Student, Parent, and Community Confidence if Information is not Held & Processed Securely • Loss of General Credibility & Embarrassment 2. Threats a. List and identify actions threats, examples: • Act of human error or failure, • Compromise of intellectual property • Deliberate acts of espionage • Deliberate acts of information extortion • Sabotage, vandalism, theft • Software attacks • Forces of nature • Technical hardware failures • Software failures • Technological obsolescence THREAT Value – C,H,M,L Numeric Value 1-10 b. Value- for each threat, list whether it is critical, high, medium, or low. The threat rating is a subjective judgment based on existence, capability, history, intention, and targeting. Threat Value Critical- Known aggressors or hazards, highly capable of causing loss or damage exist. One or more vulnerabilities are present. The threat source is known to having intent and means. High – Known aggressors or hazards, capable of causing loss or damage to the school exist. One or more vulnerabilities are present and the aggressors are known or reasonably suspected having intent and means. Medium – Known aggressors or hazards that may be capable of causing loss or damage exist. One or more vulnerabilities may be present; however, the aggressors are not believed to have intent. Low – Few or no
  • 2. aggressors or hazards exist. Their capability of causing damage is doubtful. 10 7-9 5-6 1-3 c. Threat valuation – Determine the numeric value of identified assets – Use personal judgment – Keep mission of the entity in mind 3. Vulnerabilities a. • • • • • List and identify vulnerabilities, examples: Human Operational – insufficient security procedures Informational vulnerabilities Facility – weak physical location and geographical Equipment VULNERABILITY Value – C,H,M,L Numeric Value 1-10 d. Value- for each vulnerability, list whether it is critical, high, medium, or low. The threat rating is a subjective judgment based on existence, capability, history, intention, and targeting. Vulnerability Value Critical- no known countermeasures and adversary capability exists High – no known countermeasures and adversary capability exists Medium – there are effective countermeasures in place, but adversaries can exploit a weakness Low – multiple levels of countermeasures exist and few or no adversaries could exploit the asset 10 7-9 5-6 1-3 e. Vulnerability valuation – Determine the numeric value of identified assets – Use personal judgment – Keep mission of the entity in mind Risk = Asset Value x Threat Rating x Vulnerability Rating Risk >260 141- 260 101-140 1-100 Risk Rating Critical High Medium Low Risk Assessment: Fill out the table below based on the asset value, threat, and vulnerability assessment examples presented earlier. All italic values should be replaced with your own data. After completing, color code using the table a Asset 1 Asset Value Rating Threat Rating Vulnerability Rating Asset 2 Asset Value Rating Threat Rating Vulnerability Rating Asset 3 Asset Value Rating Threat Rating Vulnerability Rating Threat 1 Threat 2 Asset*threat*vuln Asset*threat*vuln Threat Threat 3 Asset*threat*vuln Threat 4 Asset*threat*vuln Threat 5 Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset 4 Asset Value Rating Threat Rating Vulnerability Rating Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln Asset*threat*vuln