SlideShare a Scribd company logo

We need Paper on Risk Assessment for the organization (NASA). Th.docx

Download as DOCX, PDF
C
celenarouzie

We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links. http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf The following sections are missing: • Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? • Training: specify a training frequency • Plan testing: How (and how often) will you test the plan? • Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. • Incident Notification: What happens when an incident is detected? • Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? Read about the Final Project, "Inclusive Voices," Instructions Purpose: to show how a not-so-well-known person or movements’ emergent truth pushes back against dominant cultures’ non-inclusive or discriminatory narrative through using their voice and actions to disrupt, and create positive change. Method: 1. Conduct research and write an APA formatted Research Essay using 3-5 sources 2. Then from the content of the Research Essay create your Final Presentation. Your Final Presentation, "Inclusive Voices," will teach your reader/viewer what you discovered from conducting your research through a recorded poster presentation, video presentation, or voice-narrated PowerPoint presentation.  3. Create a Script that you will use to present your Final Presentation Ultimately, you will use the questions below to write your paper and drive the content and organization of your presentation. Completing your research should be organized in the following way and answer the following questions about your person/movement: The introduction should briefly introduce and state the issue to be examined. It should start with creative, attention-getting hook then state why you chose the person/movement, show how you will critically evaluate the person or movement you chose, and provide a clear thesis statement. The body of your paper contains information that explains who the person/movement is, what they did, and then provides a status update. The sub-headers used in APA formatting provide your divisions.  (Sub-header:) Who are/were they? This sections answers the question who are they? This defines them and their power and limitations in the culture of the time. This section provides any historical information that is relevant about them personally. (Sub-header:) What was happening in culture of the time? Here you will give some perspective about events and attitudes of the time and what happened that allowed a space for their voice. What was going on in dominant culture at the time that allowed for their entry point into the cultural narrative? (Sub-header:) What did they do? This.

Education
1 of 25
We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links. http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf The following sections are missing: • Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? • Training: specify a training frequency • Plan testing: How (and how often) will you test the plan? • Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. • Incident Notification: What happens when an incident is detected? • Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? Read about the Final Project, "Inclusive Voices," Instructions Purpose: to show how a not-so-well-known person or movements’ emergent truth pushes back against dominant cultures’ non- inclusive or discriminatory narrative through using their voice and actions to disrupt, and create positive change. Method: 1. Conduct research and write an APA formatted Research
Essay using 3-5 sources 2. Then from the content of the Research Essay create your Final Presentation. Your Final Presentation, "Inclusive Voices," will teach your reader/viewer what you discovered from conducting your research through a recorded poster presentation, video presentation, or voice-narrated PowerPoint presentation. 3. Create a Script that you will use to present your Final Presentation Ultimately, you will use the questions below to write your paper and drive the content and organization of your presentation. Completing your research should be organized in the following way and answer the following questions about your person/movement: The introduction should briefly introduce and state the issue to be examined. It should start with creative, attention-getting hook then state why you chose the person/movement, show how you will critically evaluate the person or movement you chose, and provide a clear thesis statement. The body of your paper contains information that explains who the person/movement is, what they did, and then provides a status update. The sub-headers used in APA formatting provide your divisions. (Sub-header:) Who are/were they? This sections answers the question who are they? This defines them and their power and limitations in the culture of the time. This section provides any historical information that is relevant about them personally. (Sub-header:) What was happening in culture of the time? Here you will give some perspective about events and attitudes of the time and what happened that allowed a space for their voice. What was going on in dominant culture at the time that allowed for their entry point into the cultural narrative? (Sub-header:) What did they do? This section should specifically explain what was their action that disrupted dominant culture.
(Sub-header:) Where are they now? Here you will explain what happened as a result of their action or voice. What is the trajectory or lasting effects?; provide a status update about them or their movement. (Sub-header:) Conclusion The conclusion of the paper should cover the three major parts. · Answer: the thesis statement, revisited. · Summary: main points and highlights from the body paragraphs. · Significance: the relevance and implications of the essay's findings and what further actions could still be taken. More details of Requirements and Execution: 1. Your essay should be typed and double-spaced on standard- sized paper (8.5" x 11"), with 1" margins on all sides. 2. Title Page is required. The title page should contain the title of the paper, the author's name, and the institutional affiliation including course name, professor's name, and date. (centered) 3. NO ABSTRACT REQUIRED 4. Page number on each page 5. Acceptable fonts are 11-point Calibri, 11-point Arial, and 10- point Lucida Sans Unicode as well as serif fonts such as 12- point Times New Roman, 11-point Georgia 6. For citation information take a look at this particular page of the Perdue OWL site. (Links to an external site.) Risk Assessment In this assignment, you will perform a qualitative risk assessment, using a template that has been provided below. Your last assignment in the course will be to take one of these risks and develop a section for your Incident Response Plan or Disaster Recovery Plan that address that risk. 1. Groups will work on a risk assessment using one of the agencies as assigned, below: Organization
Link to Audit Reports Groups National Aeronautics and Space Administration (NASA) http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf 1, 8, 15 Veterans Administration (VA) http://www.va.gov/oig/pubs/VAOIG-12-01712-229.pdf http://www.va.gov/oig/pubs/VAOIG-11-01823-294.pdf https://www.va.gov/oig/pubs/VAOIG-13-01391-72.pdf https://www.va.gov/oig/pubs/VAOIG-16-01949-248.pdf 2, 9, 7 Securities and Exchange Commission (SEC) http://www.sec.gov/about/offices/oig/reports/audits/2013/512.p df 3, 10 USPS https://www.uspsoig.gov/sites/default/files/document-library- files/2015/usps_cybersecurity_functions.pdf https://www.uspsoig.gov/document/mobile-system-review https://www.uspsoig.gov/sites/default/files/document-library- files/2017/IT-AR-17-007.pdf https://www.uspsoig.gov/sites/default/files/document-library- files/2015/usps_cybersecurity_functions.pdf 4, 11 Office of Personnel Management (OPM) https://www.opm.gov/our-inspector- general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf https://www.opm.gov/our-inspector- general/reports/2015/federal-information-security- modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15- 011.pdf https://www.opm.gov/our-inspector-
general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf 5, 12, 14 FTC https://www.ftc.gov/system/files/documents/reports/oig-fy- 2016-independent-evaluation-federal-trade-commissions- information-security-program- practices/oig_fisma_evaluation_fy_2016_redacted.pdf https://www.oversight.gov/sites/default/files/oig- reports/OIG%20FISMA%20FY%202017%20- %20FINAL%20REDACTED%203-8-2018.pdf 6, 13 You will read through the report and look for findings and recommendations from the GAO’s audit of the agency’s security practices. Your job will be to develop a risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below: Threat Origination Category Type Identifier Threats launched purposefully P Threats created by unintentional human or machine errors U Threats caused by environmental agents or disruptions E Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category. Some threat types are more likely to occur than others. The following table takes threat types into consideration to help
determine the likelihood that vulnerability could be exploited. The threat table shown in Table 2-2 is designed to offer typical threats to information systems and these threats have been considered for the organization. Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are. ID Threat Name Type ID Description Typical Impact to Data or System Confidentiality Integrity Availability T-1 Alteration U, P, E Alteration of data, files, or records. Modification T-2 Audit Compromise P An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event. Also applies to a purposeful act by an Administrator to mask unauthorized activity. Modification or Destruction Unavailable Accurate Records
T-3 Bomb P An intentional explosion. Modification or Destruction Denial of Service T-4 Communications Failure U, E Cut of fiber optic lines, trees falling on telephone lines. Denial of Service T-5 Compromising Emanations P Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information. Disclosure T-6 Cyber Brute Force P Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities. Disclosure Modification or Destruction Denial of Service T-7 Data Disclosure P, U An attacker uses techniques that could result in the disclosure
of sensitive information by exploiting weaknesses in the design or configuration. Also used in instances where misconfiguration or the lack of a security control can lead to the unintentional disclosure of data. Disclosure T-8 Data Entry Error U Human inattention, lack of knowledge, and failure to cross- check system activities could contribute to errors becoming integrated and ingrained in automated systems. Modification T-9 Denial of Service P An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems. Denial of Service T-10 Distributed Denial of Service Attack P An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems. Denial of Service T-11 Earthquake
E Seismic activity can damage the information system or its facility. Please refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF08- 1128_v1.1.pdf . Destruction Denial of Service T-12 Electromagnetic Interference E, P Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra- high frequency (UHF) communications devices (jamming) or sun spots. Denial of Service T-13 Espionage P The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information . Disclosure Modification T-14 Fire E, P Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires. Destruction Denial of Service T-15 Floods
E Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation should be considered. Destruction Denial of Service T-16 Fraud P Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system. Disclosure Modification or Destruction Unavailable Accurate Records T-17 Hardware or Equipment Failure E Hardware or equipment may fail due to a variety of reasons. Denial of Service T-18 Hardware Tampering P An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides. Modification Denial of Service T-19 Hurricane E A category 1, 2, 3, 4, or 5 land falling hurricane could impact
the facilities that house the information systems. Destruction Denial of Service T-20 Malicious Software P Software that damages a system such a virus, Trojan, or worm. Modification or Destruction Denial of Service T-21 Phishing Attack P Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source. Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information. Disclosure Modification or Destruction Denial of Service T-22 Power Interruptions E Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout). Denial of Service T-23 Procedural Error
U An error in procedures could result in unintended consequences. This is also used where there is a lack of defined procedures that introduces an element of risk. Disclosure Modification or Destruction Denial of Service T-24 Procedural Violations P Violations of standard procedures. Disclosure Modification or Destruction Denial of Service T-25 Resource Exhaustion U An errant (buggy) process may create a situation that exhausts critical resources preventing access to services. Denial of Service T-26 Sabotage P Underhand interference with work. Modification or Destruction Denial of Service T-27 Scavenging P Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data. Disclosure
T-28 Severe Weather E Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornados, or snowfall. Destruction Denial of Service T-29 Social Engineering P An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities. Disclosure T-30 Software Tampering P Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions. Modification or Destruction T-31 Terrorist P An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations. Modification or Destruction Denial of Service
T-32 Theft P An adversary could steal elements of the hardware. Denial of Service T-33 Time and State P An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state). Disclosure Modification Denial of Service T-34 Transportation Accidents E Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo should be determined when considering the probability of local transportation accidents. Destruction Denial of Service T-35 Unauthorized Facility Access P An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability. Disclosure Modification or Destruction
Denial of Service T-36 Unauthorized Systems Access P An unauthorized user accesses a system or data. Disclosure Modification or Destruction Analyze Risk The risk analysis for each vulnerability consists of assessing security controls to determine the likelihood that vulnerability could be exploited and the potential impact should the vulnerability be exploited. Essentially, risk is proportional to both likelihood of exploitation and possible impact. The following sections provide a brief description of each component used to determine the risk. Likelihood This risk analysis process is based on qualitative risk analysis. In qualitative risk analysis the impact of exploiting a threat is measured in relative terms. When a system is easy to exploit, it has a High likelihood that a threat could exploit the vulnerability. Likelihood definitions for the exploitation of vulnerabilities are found in the following table. Likelihood Description Low There is little to no chance that a threat could exploit vulnerability and cause loss to the system or its data. Medium There is a Medium chance that a threat could exploit vulnerability and cause loss to the system or its data. High There is a High chance that a threat could exploit vulnerability and cause loss to the system or its data.
Impact Impact refers to the magnitude of potential harm that could be caused to the system (or its data) by successful exploitation. Definitions for the impact resulting from the exploitation of a vulnerability are described in the following table. Since exploitation has not yet occurred, these values are perceived values. If the exploitation of vulnerability can cause significant loss to a system (or its data) then the impact of the exploit is considered to be High. Impact Description Low If vulnerabilities are exploited by threats, little to no loss to the system, networks, or data would occur. Medium If vulnerabilities are exploited by threats, Medium loss to the system, networks, and data would occur. High If vulnerabilities are exploited by threats, significant loss to the system, networks, and data would occur. Risk Level The risk level for the finding is the intersection of the likelihood value and impact value as depicted the table depicted below. The combination of High likelihood and High impact creates the highest risk exposure. The risk exposure matrix shown in the table below presents the same likelihood and impact severity ratings as those found in NIST SP 800-30 Risk Management Guide for Information Technology Systems. Impact
Likelihood High Medium Low High High Medium Low Medium Medium Medium Low Low Low Low LowRisk Assessment Results This section documents the technical and non-technical security risks to the system. Complete the following risk assessment table, ensuring that you have addressed at least 10 risks. You will be graded on your ability to demonstrate knowledge that the risks are relevant to the company you have identified, as well as that the security controls are appropriate to the controlling the risks you have identified. The following provides a brief description of the information documented in each column: · Identifier: Provides a unique number used for referencing each vulnerability in the form of R#-Security Control ID. · Source: Indicates the source where the vulnerability was identified (e.g., System Security Plan or Audit.) · Threat: Indicates the applicable threat type from the table of threats.. · Risk Description: Provides a brief description of the risk.
· Business Impact: Provides a brief description of the impact to the organization if the risk is realized. · Recommended Corrective Action: Provides a brief description of the corrective action(s) recommended for mitigating the risks associated with the finding. · Likelihood: Provides the likelihood of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Impact: Provides the impact of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Risk Level: Provides the risk level (high, Medium, low) for the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. Your deliverables, as a team, will consist of the following 2 documents (and presentation): 1. You will complete and submit the following completed table for grading. Organization/Agency Selected: Organization/Agency Mission: Identifier Source Threat ID Risk Description Business Impact Recommended Corrective Action Likelihood Impact Risk Level
R-01. Audit T-1, T-8, T-23, T-24, T-36 Notification is not performed when account changes are made. The lack of notification allows unauthorized changes to individuals who elevate permissions and group membership to occur without detection. Enable auditing of all activities performed under privileged accounts in GPOs and develop a process to allow these events to be reviewed by an individual who does not have Administrative privileges. Medium Medium Medium R-02. R-03.
R-04. R-05. R-06. R-07.
R-08. R-09. R-010. R-011.
R-012. R-013. R-014. R-015.
2. You will prepare a presentation in which your team presents 1) overview 2) summary of findings 3) drill down on the high risks - discuss why you felt they presented a greater risk to the agency 4) Recommendations for all of your significant findings (don’t worry about the low ones). 5) Research a technical solution (a product), that can help the agency “get healthy”. Describe (in your own words, not the vendor’s words) how the tool can help solve the risk it is intended to address. Incident Response Paper Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections: · Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? · Training: specify a training frequency · Plan testing: How (and how often) will you test the plan? · Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. · Incident Notification: What happens when an incident is detected? · Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? · Procedures: Select one of your security risks identified in your Risk Assessment. Prepare procedures for addressing the incident in the event that the incident actually happens. In this section, address the following subsections specific to your risk
that you are identifying. · Preparation · Detection and Analysis · Containment · Eradication · Recovery and Post-Incident Activity (see Appendix A) Note: there are several scenarios in the appendix of the NIST document. You can use, for instance, Scenario 11: Unknown Wireless Access Point to help develop the response procedures for wireless access, as an example. Use any of these to help flesh out your procedures but the procedure you agreed to use must be one that addresses a risk you identified in your Risk Assessment. Grading Criteria Criteria Document is at least 5 - 7 double-spaced pages. Paper is well- written with minimal typing, spelling, or grammatical errors. 10% Required sections (above) are appropriately addressed. 25 points (5 each), 50 points for the Procedures Section. 75% Procedures provide sufficient information to enable recovery and mission restoration. 15%
We need Paper on Risk Assessment for the organization (NASA). Th.docx

Recommended

College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
RegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docx
RegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docxRegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docx
RegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docxaudeleypearl
 
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docxRead the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docxfterry1
 
erm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docxerm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docxmealsdeidre
 
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docxaryan532920
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxChandan Singh Ghodela
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoMatthewTennant613
 
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxCOM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxcargillfilberto
 

Recommended

College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
RegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docx
RegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docxRegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docx
RegisterRisk Register#RiskImpact on ProjectCost $LikelihoodImpact .docxaudeleypearl
 
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docxRead the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docxfterry1
 
erm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docxerm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docxmealsdeidre
 
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docxaryan532920
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxChandan Singh Ghodela
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoMatthewTennant613
 
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxCOM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxcargillfilberto
 
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxCOM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxdrandy1
 
Cmgt 400 cmgt400
Cmgt 400 cmgt400Cmgt 400 cmgt400
Cmgt 400 cmgt400GOODCourseHelp
 
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docxTitle of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docxherthalearmont
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Instructions Need task completed for Ds portion of the pr.docx
Instructions Need task completed for Ds portion of the pr.docxInstructions Need task completed for Ds portion of the pr.docx
Instructions Need task completed for Ds portion of the pr.docxnormanibarber20063
 
Report Writing
Report WritingReport Writing
Report WritingAkhtarHussain141
 
Chapter9Investigative ReportsGoals· Develop a trip report .docx
Chapter9Investigative ReportsGoals· Develop a trip report .docxChapter9Investigative ReportsGoals· Develop a trip report .docx
Chapter9Investigative ReportsGoals· Develop a trip report .docxchristinemaritza
 
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docx
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docxDue 12 10 2016Week 10 Term PaperClick the link above to submit.docx
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docxsagarlesley
 
Electoral College Votes Explained What Are The Pros And Cons
Electoral College Votes Explained What Are The Pros And ConsElectoral College Votes Explained What Are The Pros And Cons
Electoral College Votes Explained What Are The Pros And ConsLori Mathers
 
Risk Assessment Report InstructionsINFA 610BackgroundThi.docx
Risk Assessment Report InstructionsINFA 610BackgroundThi.docxRisk Assessment Report InstructionsINFA 610BackgroundThi.docx
Risk Assessment Report InstructionsINFA 610BackgroundThi.docxinfantkimber
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxLeilaniPoolsy
 
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docxBaker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docxrock73
 
Reading and summarizing a research article Authors’ last name.docx
Reading and summarizing a research article Authors’ last name.docxReading and summarizing a research article Authors’ last name.docx
Reading and summarizing a research article Authors’ last name.docxaudeleypearl
 
Saucier_Jonathon_Resume
Saucier_Jonathon_ResumeSaucier_Jonathon_Resume
Saucier_Jonathon_ResumeJonathon Saucier
 
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docxRisk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docxSUBHI7
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
CYB610 Project Common computing platforms.docx
CYB610 Project Common computing platforms.docxCYB610 Project Common computing platforms.docx
CYB610 Project Common computing platforms.docxwrite5
 
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docx
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docxCase StudyIn March 1994, Randal Schwartz was indicted on three f.docx
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docxwendolynhalbert
 
Essay about kindnessChoose any three consecutive days. During th.docx
Essay about kindnessChoose any three consecutive days. During th.docxEssay about kindnessChoose any three consecutive days. During th.docx
Essay about kindnessChoose any three consecutive days. During th.docxSALU18
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxpoulterbarbara
 
Attaining ExpertiseYou are tr.docx
Attaining ExpertiseYou are tr.docxAttaining ExpertiseYou are tr.docx
Attaining ExpertiseYou are tr.docxcelenarouzie
 
attachment Chloe” is a example of the whole packet. Please follow t.docx
attachment Chloe” is a example of the whole packet. Please follow t.docxattachment Chloe” is a example of the whole packet. Please follow t.docx
attachment Chloe” is a example of the whole packet. Please follow t.docxcelenarouzie
 

More Related Content

Similar to We need Paper on Risk Assessment for the organization (NASA). Th.docx

COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxCOM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxdrandy1
 
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docxTitle of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docxherthalearmont
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Instructions Need task completed for Ds portion of the pr.docx
Instructions Need task completed for Ds portion of the pr.docxInstructions Need task completed for Ds portion of the pr.docx
Instructions Need task completed for Ds portion of the pr.docxnormanibarber20063
 
Chapter9Investigative ReportsGoals· Develop a trip report .docx
Chapter9Investigative ReportsGoals· Develop a trip report .docxChapter9Investigative ReportsGoals· Develop a trip report .docx
Chapter9Investigative ReportsGoals· Develop a trip report .docxchristinemaritza
 
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docx
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docxDue 12 10 2016Week 10 Term PaperClick the link above to submit.docx
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docxsagarlesley
 
Electoral College Votes Explained What Are The Pros And Cons
Electoral College Votes Explained What Are The Pros And ConsElectoral College Votes Explained What Are The Pros And Cons
Electoral College Votes Explained What Are The Pros And ConsLori Mathers
 
Risk Assessment Report InstructionsINFA 610BackgroundThi.docx
Risk Assessment Report InstructionsINFA 610BackgroundThi.docxRisk Assessment Report InstructionsINFA 610BackgroundThi.docx
Risk Assessment Report InstructionsINFA 610BackgroundThi.docxinfantkimber
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxLeilaniPoolsy
 
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docxBaker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docxrock73
 
Reading and summarizing a research article Authors’ last name.docx
Reading and summarizing a research article Authors’ last name.docxReading and summarizing a research article Authors’ last name.docx
Reading and summarizing a research article Authors’ last name.docxaudeleypearl
 
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docxRisk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docxSUBHI7
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
CYB610 Project Common computing platforms.docx
CYB610 Project Common computing platforms.docxCYB610 Project Common computing platforms.docx
CYB610 Project Common computing platforms.docxwrite5
 
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docx
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docxCase StudyIn March 1994, Randal Schwartz was indicted on three f.docx
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docxwendolynhalbert
 
Essay about kindnessChoose any three consecutive days. During th.docx
Essay about kindnessChoose any three consecutive days. During th.docxEssay about kindnessChoose any three consecutive days. During th.docx
Essay about kindnessChoose any three consecutive days. During th.docxSALU18
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxpoulterbarbara
 

Similar to We need Paper on Risk Assessment for the organization (NASA). Th.docx (20)

COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docxCOM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
COM 545 Writing Assignment 2 Scenario UNFO traditionally h.docx
 
Cmgt 400 cmgt400
Cmgt 400 cmgt400Cmgt 400 cmgt400
Cmgt 400 cmgt400
 
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docxTitle of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
Title of PaperYour NameMonth Day, YearRunning head BASIC PA.docx
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
 
Instructions Need task completed for Ds portion of the pr.docx
Instructions Need task completed for Ds portion of the pr.docxInstructions Need task completed for Ds portion of the pr.docx
Instructions Need task completed for Ds portion of the pr.docx
 
Report Writing
Report WritingReport Writing
Report Writing
 
Chapter9Investigative ReportsGoals· Develop a trip report .docx
Chapter9Investigative ReportsGoals· Develop a trip report .docxChapter9Investigative ReportsGoals· Develop a trip report .docx
Chapter9Investigative ReportsGoals· Develop a trip report .docx
 
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docx
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docxDue 12 10 2016Week 10 Term PaperClick the link above to submit.docx
Due 12 10 2016Week 10 Term PaperClick the link above to submit.docx
 
Electoral College Votes Explained What Are The Pros And Cons
Electoral College Votes Explained What Are The Pros And ConsElectoral College Votes Explained What Are The Pros And Cons
Electoral College Votes Explained What Are The Pros And Cons
 
Risk Assessment Report InstructionsINFA 610BackgroundThi.docx
Risk Assessment Report InstructionsINFA 610BackgroundThi.docxRisk Assessment Report InstructionsINFA 610BackgroundThi.docx
Risk Assessment Report InstructionsINFA 610BackgroundThi.docx
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
 
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docxBaker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
Baker 3Student NameProfessor Kelly JordanARTH 10223 Augu.docx
 
Reading and summarizing a research article Authors’ last name.docx
Reading and summarizing a research article Authors’ last name.docxReading and summarizing a research article Authors’ last name.docx
Reading and summarizing a research article Authors’ last name.docx
 
Saucier_Jonathon_Resume
Saucier_Jonathon_ResumeSaucier_Jonathon_Resume
Saucier_Jonathon_Resume
 
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docxRisk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
Risk Assessment Report InstructionsINFA 610 BackgroundThis i.docx
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
CYB610 Project Common computing platforms.docx
CYB610 Project Common computing platforms.docxCYB610 Project Common computing platforms.docx
CYB610 Project Common computing platforms.docx
 
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docx
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docxCase StudyIn March 1994, Randal Schwartz was indicted on three f.docx
Case StudyIn March 1994, Randal Schwartz was indicted on three f.docx
 
Essay about kindnessChoose any three consecutive days. During th.docx
Essay about kindnessChoose any three consecutive days. During th.docxEssay about kindnessChoose any three consecutive days. During th.docx
Essay about kindnessChoose any three consecutive days. During th.docx
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
 

More from celenarouzie

Attaining ExpertiseYou are tr.docx
Attaining ExpertiseYou are tr.docxAttaining ExpertiseYou are tr.docx
Attaining ExpertiseYou are tr.docxcelenarouzie
 
attachment Chloe” is a example of the whole packet. Please follow t.docx
attachment Chloe” is a example of the whole packet. Please follow t.docxattachment Chloe” is a example of the whole packet. Please follow t.docx
attachment Chloe” is a example of the whole packet. Please follow t.docxcelenarouzie
 
AttachmentFor this discussionUse Ericksons theoretic.docx
AttachmentFor this discussionUse Ericksons theoretic.docxAttachmentFor this discussionUse Ericksons theoretic.docx
AttachmentFor this discussionUse Ericksons theoretic.docxcelenarouzie
 
Attachment Programs and Families Working Together Learn.docx
Attachment Programs and Families Working Together Learn.docxAttachment Programs and Families Working Together Learn.docx
Attachment Programs and Families Working Together Learn.docxcelenarouzie
 
Attachment and Emotional Development in InfancyThe purpose o.docx
Attachment and Emotional Development in InfancyThe purpose o.docxAttachment and Emotional Development in InfancyThe purpose o.docx
Attachment and Emotional Development in InfancyThe purpose o.docxcelenarouzie
 
ATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docx
ATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docxATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docx
ATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docxcelenarouzie
 
Attached the dataset Kaggle has hosted a data science competitio.docx
Attached the dataset Kaggle has hosted a data science competitio.docxAttached the dataset Kaggle has hosted a data science competitio.docx
Attached the dataset Kaggle has hosted a data science competitio.docxcelenarouzie
 
Attached you will find all of the questions.These are just like th.docx
Attached you will find all of the questions.These are just like th.docxAttached you will find all of the questions.These are just like th.docx
Attached you will find all of the questions.These are just like th.docxcelenarouzie
 
Attached the dataset Kaggle has hosted a data science compet.docx
Attached the dataset Kaggle has hosted a data science compet.docxAttached the dataset Kaggle has hosted a data science compet.docx
Attached the dataset Kaggle has hosted a data science compet.docxcelenarouzie
 
B. Answer Learning Exercises  Matching words parts 1, 2, 3,.docx
B. Answer Learning Exercises  Matching words parts 1, 2, 3,.docxB. Answer Learning Exercises  Matching words parts 1, 2, 3,.docx
B. Answer Learning Exercises  Matching words parts 1, 2, 3,.docxcelenarouzie
 
B)What is Joe waiting for in order to forgive Missy May in The Gild.docx
B)What is Joe waiting for in order to forgive Missy May in The Gild.docxB)What is Joe waiting for in order to forgive Missy May in The Gild.docx
B)What is Joe waiting for in order to forgive Missy May in The Gild.docxcelenarouzie
 
B)Blanche and Stella both view Stanley very differently – how do the.docx
B)Blanche and Stella both view Stanley very differently – how do the.docxB)Blanche and Stella both view Stanley very differently – how do the.docx
B)Blanche and Stella both view Stanley very differently – how do the.docxcelenarouzie
 
b) What is the largest value that can be represented by 3 digits usi.docx
b) What is the largest value that can be represented by 3 digits usi.docxb) What is the largest value that can be represented by 3 digits usi.docx
b) What is the largest value that can be represented by 3 digits usi.docxcelenarouzie
 
b$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docx
b$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docxb$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docx
b$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docxcelenarouzie
 
B A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docx
B A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docxB A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docx
B A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docxcelenarouzie
 
B H1. The first issue that jumped out to me is that the presiden.docx
B H1. The first issue that jumped out to me is that the presiden.docxB H1. The first issue that jumped out to me is that the presiden.docx
B H1. The first issue that jumped out to me is that the presiden.docxcelenarouzie
 
b l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docx
b l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docxb l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docx
b l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docxcelenarouzie
 
B R O O K I N G SM E T R O P O L I TA N P O L I CY .docx
B R O O K I N G SM E T R O P O L I TA N P O L I CY .docxB R O O K I N G SM E T R O P O L I TA N P O L I CY .docx
B R O O K I N G SM E T R O P O L I TA N P O L I CY .docxcelenarouzie
 
B L O C K C H A I N & S U P P LY C H A I N SS U N I L.docx
B L O C K C H A I N & S U P P LY C H A I N SS U N I L.docxB L O C K C H A I N & S U P P LY C H A I N SS U N I L.docx
B L O C K C H A I N & S U P P LY C H A I N SS U N I L.docxcelenarouzie
 
Año 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docx
Año 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docxAño 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docx
Año 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docxcelenarouzie
 

More from celenarouzie (20)

Attaining ExpertiseYou are tr.docx
Attaining ExpertiseYou are tr.docxAttaining ExpertiseYou are tr.docx
Attaining ExpertiseYou are tr.docx
 
attachment Chloe” is a example of the whole packet. Please follow t.docx
attachment Chloe” is a example of the whole packet. Please follow t.docxattachment Chloe” is a example of the whole packet. Please follow t.docx
attachment Chloe” is a example of the whole packet. Please follow t.docx
 
AttachmentFor this discussionUse Ericksons theoretic.docx
AttachmentFor this discussionUse Ericksons theoretic.docxAttachmentFor this discussionUse Ericksons theoretic.docx
AttachmentFor this discussionUse Ericksons theoretic.docx
 
Attachment Programs and Families Working Together Learn.docx
Attachment Programs and Families Working Together Learn.docxAttachment Programs and Families Working Together Learn.docx
Attachment Programs and Families Working Together Learn.docx
 
Attachment and Emotional Development in InfancyThe purpose o.docx
Attachment and Emotional Development in InfancyThe purpose o.docxAttachment and Emotional Development in InfancyThe purpose o.docx
Attachment and Emotional Development in InfancyThe purpose o.docx
 
ATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docx
ATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docxATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docx
ATTACHEMENT from 7.1 and 7.2 Go back to the Powerpoint for thi.docx
 
Attached the dataset Kaggle has hosted a data science competitio.docx
Attached the dataset Kaggle has hosted a data science competitio.docxAttached the dataset Kaggle has hosted a data science competitio.docx
Attached the dataset Kaggle has hosted a data science competitio.docx
 
Attached you will find all of the questions.These are just like th.docx
Attached you will find all of the questions.These are just like th.docxAttached you will find all of the questions.These are just like th.docx
Attached you will find all of the questions.These are just like th.docx
 
Attached the dataset Kaggle has hosted a data science compet.docx
Attached the dataset Kaggle has hosted a data science compet.docxAttached the dataset Kaggle has hosted a data science compet.docx
Attached the dataset Kaggle has hosted a data science compet.docx
 
B. Answer Learning Exercises  Matching words parts 1, 2, 3,.docx
B. Answer Learning Exercises  Matching words parts 1, 2, 3,.docxB. Answer Learning Exercises  Matching words parts 1, 2, 3,.docx
B. Answer Learning Exercises  Matching words parts 1, 2, 3,.docx
 
B)What is Joe waiting for in order to forgive Missy May in The Gild.docx
B)What is Joe waiting for in order to forgive Missy May in The Gild.docxB)What is Joe waiting for in order to forgive Missy May in The Gild.docx
B)What is Joe waiting for in order to forgive Missy May in The Gild.docx
 
B)Blanche and Stella both view Stanley very differently – how do the.docx
B)Blanche and Stella both view Stanley very differently – how do the.docxB)Blanche and Stella both view Stanley very differently – how do the.docx
B)Blanche and Stella both view Stanley very differently – how do the.docx
 
b) What is the largest value that can be represented by 3 digits usi.docx
b) What is the largest value that can be represented by 3 digits usi.docxb) What is the largest value that can be represented by 3 digits usi.docx
b) What is the largest value that can be represented by 3 digits usi.docx
 
b$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docx
b$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docxb$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docx
b$ E=EE#s{gEgE lEgEHEFs ig=ii 5i= l; i € 3 r i.Er1 b €€.docx
 
B A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docx
B A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docxB A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docx
B A S I C L O G I C M O D E L D E V E L O P M E N T Pr.docx
 
B H1. The first issue that jumped out to me is that the presiden.docx
B H1. The first issue that jumped out to me is that the presiden.docxB H1. The first issue that jumped out to me is that the presiden.docx
B H1. The first issue that jumped out to me is that the presiden.docx
 
b l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docx
b l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docxb l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docx
b l u e p r i n t i CONSUMER PERCEPTIONSHQW DQPerception.docx
 
B R O O K I N G SM E T R O P O L I TA N P O L I CY .docx
B R O O K I N G SM E T R O P O L I TA N P O L I CY .docxB R O O K I N G SM E T R O P O L I TA N P O L I CY .docx
B R O O K I N G SM E T R O P O L I TA N P O L I CY .docx
 
B L O C K C H A I N & S U P P LY C H A I N SS U N I L.docx
B L O C K C H A I N & S U P P LY C H A I N SS U N I L.docxB L O C K C H A I N & S U P P LY C H A I N SS U N I L.docx
B L O C K C H A I N & S U P P LY C H A I N SS U N I L.docx
 
Año 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docx
Año 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docxAño 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docx
Año 15, núm. 43 enero – abril de 2012. Análisis 97 Orien.docx
 

Recently uploaded

Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 

Recently uploaded (20)

Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 

We need Paper on Risk Assessment for the organization (NASA). Th.docx

  • 1. We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links. http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf The following sections are missing: • Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? • Training: specify a training frequency • Plan testing: How (and how often) will you test the plan? • Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. • Incident Notification: What happens when an incident is detected? • Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? Read about the Final Project, "Inclusive Voices," Instructions Purpose: to show how a not-so-well-known person or movements’ emergent truth pushes back against dominant cultures’ non- inclusive or discriminatory narrative through using their voice and actions to disrupt, and create positive change. Method: 1. Conduct research and write an APA formatted Research
  • 2. Essay using 3-5 sources 2. Then from the content of the Research Essay create your Final Presentation. Your Final Presentation, "Inclusive Voices," will teach your reader/viewer what you discovered from conducting your research through a recorded poster presentation, video presentation, or voice-narrated PowerPoint presentation. 3. Create a Script that you will use to present your Final Presentation Ultimately, you will use the questions below to write your paper and drive the content and organization of your presentation. Completing your research should be organized in the following way and answer the following questions about your person/movement: The introduction should briefly introduce and state the issue to be examined. It should start with creative, attention-getting hook then state why you chose the person/movement, show how you will critically evaluate the person or movement you chose, and provide a clear thesis statement. The body of your paper contains information that explains who the person/movement is, what they did, and then provides a status update. The sub-headers used in APA formatting provide your divisions. (Sub-header:) Who are/were they? This sections answers the question who are they? This defines them and their power and limitations in the culture of the time. This section provides any historical information that is relevant about them personally. (Sub-header:) What was happening in culture of the time? Here you will give some perspective about events and attitudes of the time and what happened that allowed a space for their voice. What was going on in dominant culture at the time that allowed for their entry point into the cultural narrative? (Sub-header:) What did they do? This section should specifically explain what was their action that disrupted dominant culture.
  • 3. (Sub-header:) Where are they now? Here you will explain what happened as a result of their action or voice. What is the trajectory or lasting effects?; provide a status update about them or their movement. (Sub-header:) Conclusion The conclusion of the paper should cover the three major parts. · Answer: the thesis statement, revisited. · Summary: main points and highlights from the body paragraphs. · Significance: the relevance and implications of the essay's findings and what further actions could still be taken. More details of Requirements and Execution: 1. Your essay should be typed and double-spaced on standard- sized paper (8.5" x 11"), with 1" margins on all sides. 2. Title Page is required. The title page should contain the title of the paper, the author's name, and the institutional affiliation including course name, professor's name, and date. (centered) 3. NO ABSTRACT REQUIRED 4. Page number on each page 5. Acceptable fonts are 11-point Calibri, 11-point Arial, and 10- point Lucida Sans Unicode as well as serif fonts such as 12- point Times New Roman, 11-point Georgia 6. For citation information take a look at this particular page of the Perdue OWL site. (Links to an external site.) Risk Assessment In this assignment, you will perform a qualitative risk assessment, using a template that has been provided below. Your last assignment in the course will be to take one of these risks and develop a section for your Incident Response Plan or Disaster Recovery Plan that address that risk. 1. Groups will work on a risk assessment using one of the agencies as assigned, below: Organization
  • 4. Link to Audit Reports Groups National Aeronautics and Space Administration (NASA) http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf 1, 8, 15 Veterans Administration (VA) http://www.va.gov/oig/pubs/VAOIG-12-01712-229.pdf http://www.va.gov/oig/pubs/VAOIG-11-01823-294.pdf https://www.va.gov/oig/pubs/VAOIG-13-01391-72.pdf https://www.va.gov/oig/pubs/VAOIG-16-01949-248.pdf 2, 9, 7 Securities and Exchange Commission (SEC) http://www.sec.gov/about/offices/oig/reports/audits/2013/512.p df 3, 10 USPS https://www.uspsoig.gov/sites/default/files/document-library- files/2015/usps_cybersecurity_functions.pdf https://www.uspsoig.gov/document/mobile-system-review https://www.uspsoig.gov/sites/default/files/document-library- files/2017/IT-AR-17-007.pdf https://www.uspsoig.gov/sites/default/files/document-library- files/2015/usps_cybersecurity_functions.pdf 4, 11 Office of Personnel Management (OPM) https://www.opm.gov/our-inspector- general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf https://www.opm.gov/our-inspector- general/reports/2015/federal-information-security- modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15- 011.pdf https://www.opm.gov/our-inspector-
  • 5. general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf 5, 12, 14 FTC https://www.ftc.gov/system/files/documents/reports/oig-fy- 2016-independent-evaluation-federal-trade-commissions- information-security-program- practices/oig_fisma_evaluation_fy_2016_redacted.pdf https://www.oversight.gov/sites/default/files/oig- reports/OIG%20FISMA%20FY%202017%20- %20FINAL%20REDACTED%203-8-2018.pdf 6, 13 You will read through the report and look for findings and recommendations from the GAO’s audit of the agency’s security practices. Your job will be to develop a risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below: Threat Origination Category Type Identifier Threats launched purposefully P Threats created by unintentional human or machine errors U Threats caused by environmental agents or disruptions E Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category. Some threat types are more likely to occur than others. The following table takes threat types into consideration to help
  • 6. determine the likelihood that vulnerability could be exploited. The threat table shown in Table 2-2 is designed to offer typical threats to information systems and these threats have been considered for the organization. Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are. ID Threat Name Type ID Description Typical Impact to Data or System Confidentiality Integrity Availability T-1 Alteration U, P, E Alteration of data, files, or records. Modification T-2 Audit Compromise P An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event. Also applies to a purposeful act by an Administrator to mask unauthorized activity. Modification or Destruction Unavailable Accurate Records
  • 7. T-3 Bomb P An intentional explosion. Modification or Destruction Denial of Service T-4 Communications Failure U, E Cut of fiber optic lines, trees falling on telephone lines. Denial of Service T-5 Compromising Emanations P Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information. Disclosure T-6 Cyber Brute Force P Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities. Disclosure Modification or Destruction Denial of Service T-7 Data Disclosure P, U An attacker uses techniques that could result in the disclosure
  • 8. of sensitive information by exploiting weaknesses in the design or configuration. Also used in instances where misconfiguration or the lack of a security control can lead to the unintentional disclosure of data. Disclosure T-8 Data Entry Error U Human inattention, lack of knowledge, and failure to cross- check system activities could contribute to errors becoming integrated and ingrained in automated systems. Modification T-9 Denial of Service P An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems. Denial of Service T-10 Distributed Denial of Service Attack P An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems. Denial of Service T-11 Earthquake
  • 9. E Seismic activity can damage the information system or its facility. Please refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF08- 1128_v1.1.pdf . Destruction Denial of Service T-12 Electromagnetic Interference E, P Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra- high frequency (UHF) communications devices (jamming) or sun spots. Denial of Service T-13 Espionage P The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information . Disclosure Modification T-14 Fire E, P Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires. Destruction Denial of Service T-15 Floods
  • 10. E Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation should be considered. Destruction Denial of Service T-16 Fraud P Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system. Disclosure Modification or Destruction Unavailable Accurate Records T-17 Hardware or Equipment Failure E Hardware or equipment may fail due to a variety of reasons. Denial of Service T-18 Hardware Tampering P An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides. Modification Denial of Service T-19 Hurricane E A category 1, 2, 3, 4, or 5 land falling hurricane could impact
  • 11. the facilities that house the information systems. Destruction Denial of Service T-20 Malicious Software P Software that damages a system such a virus, Trojan, or worm. Modification or Destruction Denial of Service T-21 Phishing Attack P Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source. Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information. Disclosure Modification or Destruction Denial of Service T-22 Power Interruptions E Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout). Denial of Service T-23 Procedural Error
  • 12. U An error in procedures could result in unintended consequences. This is also used where there is a lack of defined procedures that introduces an element of risk. Disclosure Modification or Destruction Denial of Service T-24 Procedural Violations P Violations of standard procedures. Disclosure Modification or Destruction Denial of Service T-25 Resource Exhaustion U An errant (buggy) process may create a situation that exhausts critical resources preventing access to services. Denial of Service T-26 Sabotage P Underhand interference with work. Modification or Destruction Denial of Service T-27 Scavenging P Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data. Disclosure
  • 13. T-28 Severe Weather E Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornados, or snowfall. Destruction Denial of Service T-29 Social Engineering P An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities. Disclosure T-30 Software Tampering P Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions. Modification or Destruction T-31 Terrorist P An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations. Modification or Destruction Denial of Service
  • 14. T-32 Theft P An adversary could steal elements of the hardware. Denial of Service T-33 Time and State P An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state). Disclosure Modification Denial of Service T-34 Transportation Accidents E Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo should be determined when considering the probability of local transportation accidents. Destruction Denial of Service T-35 Unauthorized Facility Access P An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability. Disclosure Modification or Destruction
  • 15. Denial of Service T-36 Unauthorized Systems Access P An unauthorized user accesses a system or data. Disclosure Modification or Destruction Analyze Risk The risk analysis for each vulnerability consists of assessing security controls to determine the likelihood that vulnerability could be exploited and the potential impact should the vulnerability be exploited. Essentially, risk is proportional to both likelihood of exploitation and possible impact. The following sections provide a brief description of each component used to determine the risk. Likelihood This risk analysis process is based on qualitative risk analysis. In qualitative risk analysis the impact of exploiting a threat is measured in relative terms. When a system is easy to exploit, it has a High likelihood that a threat could exploit the vulnerability. Likelihood definitions for the exploitation of vulnerabilities are found in the following table. Likelihood Description Low There is little to no chance that a threat could exploit vulnerability and cause loss to the system or its data. Medium There is a Medium chance that a threat could exploit vulnerability and cause loss to the system or its data. High There is a High chance that a threat could exploit vulnerability and cause loss to the system or its data.
  • 16. Impact Impact refers to the magnitude of potential harm that could be caused to the system (or its data) by successful exploitation. Definitions for the impact resulting from the exploitation of a vulnerability are described in the following table. Since exploitation has not yet occurred, these values are perceived values. If the exploitation of vulnerability can cause significant loss to a system (or its data) then the impact of the exploit is considered to be High. Impact Description Low If vulnerabilities are exploited by threats, little to no loss to the system, networks, or data would occur. Medium If vulnerabilities are exploited by threats, Medium loss to the system, networks, and data would occur. High If vulnerabilities are exploited by threats, significant loss to the system, networks, and data would occur. Risk Level The risk level for the finding is the intersection of the likelihood value and impact value as depicted the table depicted below. The combination of High likelihood and High impact creates the highest risk exposure. The risk exposure matrix shown in the table below presents the same likelihood and impact severity ratings as those found in NIST SP 800-30 Risk Management Guide for Information Technology Systems. Impact
  • 17. Likelihood High Medium Low High High Medium Low Medium Medium Medium Low Low Low Low LowRisk Assessment Results This section documents the technical and non-technical security risks to the system. Complete the following risk assessment table, ensuring that you have addressed at least 10 risks. You will be graded on your ability to demonstrate knowledge that the risks are relevant to the company you have identified, as well as that the security controls are appropriate to the controlling the risks you have identified. The following provides a brief description of the information documented in each column: · Identifier: Provides a unique number used for referencing each vulnerability in the form of R#-Security Control ID. · Source: Indicates the source where the vulnerability was identified (e.g., System Security Plan or Audit.) · Threat: Indicates the applicable threat type from the table of threats.. · Risk Description: Provides a brief description of the risk.
  • 18. · Business Impact: Provides a brief description of the impact to the organization if the risk is realized. · Recommended Corrective Action: Provides a brief description of the corrective action(s) recommended for mitigating the risks associated with the finding. · Likelihood: Provides the likelihood of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Impact: Provides the impact of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Risk Level: Provides the risk level (high, Medium, low) for the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. Your deliverables, as a team, will consist of the following 2 documents (and presentation): 1. You will complete and submit the following completed table for grading. Organization/Agency Selected: Organization/Agency Mission: Identifier Source Threat ID Risk Description Business Impact Recommended Corrective Action Likelihood Impact Risk Level
  • 19. R-01. Audit T-1, T-8, T-23, T-24, T-36 Notification is not performed when account changes are made. The lack of notification allows unauthorized changes to individuals who elevate permissions and group membership to occur without detection. Enable auditing of all activities performed under privileged accounts in GPOs and develop a process to allow these events to be reviewed by an individual who does not have Administrative privileges. Medium Medium Medium R-02. R-03.
  • 23. 2. You will prepare a presentation in which your team presents 1) overview 2) summary of findings 3) drill down on the high risks - discuss why you felt they presented a greater risk to the agency 4) Recommendations for all of your significant findings (don’t worry about the low ones). 5) Research a technical solution (a product), that can help the agency “get healthy”. Describe (in your own words, not the vendor’s words) how the tool can help solve the risk it is intended to address. Incident Response Paper Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections: · Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? · Training: specify a training frequency · Plan testing: How (and how often) will you test the plan? · Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. · Incident Notification: What happens when an incident is detected? · Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? · Procedures: Select one of your security risks identified in your Risk Assessment. Prepare procedures for addressing the incident in the event that the incident actually happens. In this section, address the following subsections specific to your risk
  • 24. that you are identifying. · Preparation · Detection and Analysis · Containment · Eradication · Recovery and Post-Incident Activity (see Appendix A) Note: there are several scenarios in the appendix of the NIST document. You can use, for instance, Scenario 11: Unknown Wireless Access Point to help develop the response procedures for wireless access, as an example. Use any of these to help flesh out your procedures but the procedure you agreed to use must be one that addresses a risk you identified in your Risk Assessment. Grading Criteria Criteria Document is at least 5 - 7 double-spaced pages. Paper is well- written with minimal typing, spelling, or grammatical errors. 10% Required sections (above) are appropriately addressed. 25 points (5 each), 50 points for the Procedures Section. 75% Procedures provide sufficient information to enable recovery and mission restoration. 15%