SlideShare a Scribd company logo

4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx

Download as DOCX, PDF
G
gilbertkpeters11344

4 Brian Dennison John Denson IT454 -1504B-01 Mon, 12/14/15 SECTION 4: ASSESSING RISK Risk assessment and management is one of the highest priorities for any organization to safeguard its properties and assets. In a turbulent state, all information and security vulnerabilities should be in a conversant to many regulations. Selected and tested methodologies have been defined and framed to mitigate the risk-assessment to many organizations. The frameworks have been set to help and guide security and risk. One of the methodologies is: Factor Analysis of Information Risk, abbreviated as (FAIR). FAIR is a methodology for understanding, analyzing and measuring information risk. Information policy and security practices have been inadequate available to aid in effectively managing information risk. For the little available information clues, managers and system owners have found it hard to make effective and well-informed decisions to safeguard their systems against such risks and uncertainties as they may happen. FAIR is elevated to address security practice weaknesses. The major aim of this methodology is to allow organizations contribute effort and mitigate the various risk as they may happen. In one accord risk is assessed and measures be taken to counter the menace. The method ensures the organizational risk is defended and or challenge risk determined by use of advanced analysis techniques and also understand how time and resources such as money will impact the organization's security profile in general. The Methodology works with the following components; these are; standardized nomenclature system for using the risk terms, a well-set framework for data collection, a taxonomy for information risk, Computational engine for evaluating risk model, measurement scales for all risk factors and a model for analyzing the complexity of all risk scenarios. The methodology has one best advantage; it doesn't use the normal, ordinary scale like one-to-10 rating and hence it is not subjected to the limitations the ordinary scale. The methodology uses the high or low scales to categorize its risk menace. Colors also form part of the rating red, yellow and green. FAIR methodology uses dollar estimates to indicate clearly losses and probability parameters for threats and vulnerabilities. Therefore, when merged with a range of values, confidence levels, it gives the best bargaining ground for mathematical modeling and hence loss exposures. A risk whether quantitative or qualitative should be dealt with an organization. There are four methods to curb such: these are: accept(able), avoid, mitigate and transfer. Accept: This is the willingness for an organization to assume the risk. This is a managerial and a business decision to accept the risk. This does not allow an organization assume the risk after its first identification. This comes after determining the level. Then assumptions later. Therefore, the best cause of action should be in plans t.

Education
1 of 5
4 Brian Dennison John Denson IT454 -1504B-01 Mon, 12/14/15 SECTION 4: ASSESSING RISK Risk assessment and management is one of the highest priorities for any organization to safeguard its properties and assets. In a turbulent state, all information and security vulnerabilities should be in a conversant to many regulations. Selected and tested methodologies have been defined and framed to mitigate the risk-assessment to many organizations. The frameworks have been set to help and guide security and risk. One of the methodologies is: Factor Analysis of Information Risk, abbreviated as (FAIR). FAIR is a methodology for understanding, analyzing and measuring information risk. Information policy and security practices have been inadequate available to aid in effectively managing information risk. For the little available information
clues, managers and system owners have found it hard to make effective and well-informed decisions to safeguard their systems against such risks and uncertainties as they may happen. FAIR is elevated to address security practice weaknesses. The major aim of this methodology is to allow organizations contribute effort and mitigate the various risk as they may happen. In one accord risk is assessed and measures be taken to counter the menace. The method ensures the organizational risk is defended and or challenge risk determined by use of advanced analysis techniques and also understand how time and resources such as money will impact the organization's security profile in general. The Methodology works with the following components; these are; standardized nomenclature system for using the risk terms, a well-set framework for data collection, a taxonomy for information risk, Computational engine for evaluating risk model, measurement scales for all risk factors and a model for analyzing the complexity of all risk scenarios. The methodology has one best advantage; it doesn't use the normal, ordinary scale like one-to-10 rating and hence it is not subjected to the limitations the ordinary scale. The methodology uses the high or low scales to categorize its risk menace. Colors also form part of the rating red, yellow and green. FAIR methodology uses dollar estimates to indicate clearly losses and probability parameters for threats and vulnerabilities. Therefore, when merged with a range of values, confidence levels, it gives the best bargaining ground for mathematical modeling and hence loss exposures. A risk whether quantitative or qualitative should be dealt with an organization. There are four methods to curb such: these are: accept(able), avoid, mitigate and transfer. Accept: This is the willingness for an organization to assume the risk. This is a managerial and a business decision to accept the risk. This does not allow an organization assume the risk after its first identification. This comes after determining the level. Then assumptions later. Therefore, the best cause of
action should be in plans to be undertaken. When it happens, the risk in many instances is insignificant to the organization hence the need to accept and assume. Avoid: This means that the organization is going to do nothing with the identified risks. Unlike on accepting the risk, when the organization accepts the risk, it is doing something; whether wrong or right. Mitigate: As the organization may have decided to accept and accept some, other risks may be cost restrictive for the purpose of reducing all risks, therefore, based on the level of risk acceptance, the rest should be mitigated. It, therefore, means reducing risks using implementing controls and fixes or use of any other countermeasures that have an immediate effect on the risks. Transfer: Another alternative is just to transfer the risk. Many organization are employing the method just to reduce the risk. It can be accomplished through cyber liability insurance including other outsourced services. However, not all risks are transferred. Insurance companies take charge of such services hence reducing the risk. The companies strive to reduce the financial burden to organizations when it occurs. Terms Description A threat is a popular term used in information and technology under security issues. It is defined as, any potential cause of an incident, within the information system that may result in harming the computer systems and organization. Most of the time it is hard to control a threat, unlike risks. It does happen through unauthorized access, disclosure, destruction, modification of information. This may adversely affect the services the system provide to the organization. For instance, criminals attacking the system over some duration to gain access to important services and information. Risk on the other hand often emerges because potential security threats are identified. This identification could exploit vulnerabilities in an information security systems. It also results in the harm of to an organization. It is a matter of probability
that may occur at any given time. This can be controlled with a set of defined procedural mechanisms in addressing security matters. For instance a risk of data loss and or hacked by criminals. Exploit is a term commonly used in computing especially on risk and security to mean an attack on a computer system, which greatly uses and takes an advantage of a specific vulnerable system instability hence paving ways for intruders to compromise the system. For example, scripts were written to a faulty code to take advantage and replicate data or the relevant source code. References David Parker and Alison Mobey, “Action Research to Explore Perceptions of Risk in Project Management,” International Journal of Productivity and Performance Management 53, no. 1 (2004): 18–32. Stasiak, K. (2015, July 7). 4 Ways to Handle Risk (Only One is Bad). Retrieved December 14, 2015, from https://www.securestate.com/blog/2015/07/07/4-ways-to- handle-risk-(only-one-is-bad) Threat, vulnerability, risk - commonly mixed up terms - INDEPENDENT SECURITY CONSULTANTS (INDEPENDENT SECURITY CONSULTANTS RSS) http://www.threatanalysis.com/2010/05/03/threat-vulnerability- risk-commonly-mixed-up-terms/ Whitman, Michael (2012)."Chapter 2: The Need for Security". Principles of Information Security, Fourth Edition. Boston, Mass: Course Technology. p. 53.
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx

Recommended

Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessmentHappiest Minds Technologies
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxREPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxJakeariesMacarayo
 
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxIAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxJakeariesMacarayo
 
Risk assessment is the process which - identify hazards, analyzes an.pdf
Risk assessment is the process which - identify hazards, analyzes an.pdfRisk assessment is the process which - identify hazards, analyzes an.pdf
Risk assessment is the process which - identify hazards, analyzes an.pdfharihelectronicspune
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USACompanySeceon
 

Recommended

Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessmentHappiest Minds Technologies
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxREPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxJakeariesMacarayo
 
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxIAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxJakeariesMacarayo
 
Risk assessment is the process which - identify hazards, analyzes an.pdf
Risk assessment is the process which - identify hazards, analyzes an.pdfRisk assessment is the process which - identify hazards, analyzes an.pdf
Risk assessment is the process which - identify hazards, analyzes an.pdfharihelectronicspune
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USACompanySeceon
 
Using Threat Intelligence to Improve Your Company.pdf
Using Threat Intelligence to Improve Your Company.pdfUsing Threat Intelligence to Improve Your Company.pdf
Using Threat Intelligence to Improve Your Company.pdfCyFirma1
 
DEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
DEPARTMENT CYBERSECURITY What’s Your IT Risk ApproaDEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
DEPARTMENT CYBERSECURITY What’s Your IT Risk ApproaLinaCovington707
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Editor IJCATR
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptxlochanrajdahal
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Dj24712716
Dj24712716Dj24712716
Dj24712716IJERA Editor
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Grupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxGrupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxBernardinoMelgar1
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity BernardinoMelgar1
 
IT Policy, RISK MANAGEMENT
IT Policy, RISK MANAGEMENTIT Policy, RISK MANAGEMENT
IT Policy, RISK MANAGEMENTUniversity of Basrah
 
Individual Applying Risk Management ConsultingRamell Watts.docx
Individual Applying Risk Management ConsultingRamell Watts.docxIndividual Applying Risk Management ConsultingRamell Watts.docx
Individual Applying Risk Management ConsultingRamell Watts.docxjaggernaoma
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessSecurityOn-Demand
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxearleanp
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfkelyn Technology
 
Group Presentation Once during the quarter, each student will.docx
Group Presentation Once during the quarter, each student will.docxGroup Presentation Once during the quarter, each student will.docx
Group Presentation Once during the quarter, each student will.docxgilbertkpeters11344
 
Group Presentation Outline•Slide 1 Title slide•.docx
Group Presentation Outline•Slide 1 Title slide•.docxGroup Presentation Outline•Slide 1 Title slide•.docx
Group Presentation Outline•Slide 1 Title slide•.docxgilbertkpeters11344
 

More Related Content

Similar to 4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx

Using Threat Intelligence to Improve Your Company.pdf
Using Threat Intelligence to Improve Your Company.pdfUsing Threat Intelligence to Improve Your Company.pdf
Using Threat Intelligence to Improve Your Company.pdfCyFirma1
 
DEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
DEPARTMENT CYBERSECURITY What’s Your IT Risk ApproaDEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
DEPARTMENT CYBERSECURITY What’s Your IT Risk ApproaLinaCovington707
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Editor IJCATR
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptxlochanrajdahal
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Individual Applying Risk Management ConsultingRamell Watts.docx
Individual Applying Risk Management ConsultingRamell Watts.docxIndividual Applying Risk Management ConsultingRamell Watts.docx
Individual Applying Risk Management ConsultingRamell Watts.docxjaggernaoma
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessSecurityOn-Demand
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxearleanp
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfkelyn Technology
 

Similar to 4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx (20)

Using Threat Intelligence to Improve Your Company.pdf
Using Threat Intelligence to Improve Your Company.pdfUsing Threat Intelligence to Improve Your Company.pdf
Using Threat Intelligence to Improve Your Company.pdf
 
DEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
DEPARTMENT CYBERSECURITY What’s Your IT Risk ApproaDEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
DEPARTMENT CYBERSECURITY What’s Your IT Risk Approa
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptx
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Dj24712716
Dj24712716Dj24712716
Dj24712716
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
 
Grupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxGrupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptx
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
IT Policy, RISK MANAGEMENT
IT Policy, RISK MANAGEMENTIT Policy, RISK MANAGEMENT
IT Policy, RISK MANAGEMENT
 
Individual Applying Risk Management ConsultingRamell Watts.docx
Individual Applying Risk Management ConsultingRamell Watts.docxIndividual Applying Risk Management ConsultingRamell Watts.docx
Individual Applying Risk Management ConsultingRamell Watts.docx
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security Success
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docx
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdf
 

More from gilbertkpeters11344

Group Presentation Once during the quarter, each student will.docx
Group Presentation Once during the quarter, each student will.docxGroup Presentation Once during the quarter, each student will.docx
Group Presentation Once during the quarter, each student will.docxgilbertkpeters11344
 
Group Presentation Outline•Slide 1 Title slide•.docx
Group Presentation Outline•Slide 1 Title slide•.docxGroup Presentation Outline•Slide 1 Title slide•.docx
Group Presentation Outline•Slide 1 Title slide•.docxgilbertkpeters11344
 
Group PortionAs a group, discuss and develop a paper of 10 p.docx
Group PortionAs a group, discuss and develop a paper of 10 p.docxGroup PortionAs a group, discuss and develop a paper of 10 p.docx
Group PortionAs a group, discuss and develop a paper of 10 p.docxgilbertkpeters11344
 
Group Behavior in OrganizationsAt an organizational level,.docx
Group Behavior in OrganizationsAt an organizational level,.docxGroup Behavior in OrganizationsAt an organizational level,.docx
Group Behavior in OrganizationsAt an organizational level,.docxgilbertkpeters11344
 
Group assignment Only responsible for writing 275 words on the foll.docx
Group assignment Only responsible for writing 275 words on the foll.docxGroup assignment Only responsible for writing 275 words on the foll.docx
Group assignment Only responsible for writing 275 words on the foll.docxgilbertkpeters11344
 
Group 2 WG is a 41-year-old female brought herself into the ER la.docx
Group 2 WG is a 41-year-old female brought herself into the ER la.docxGroup 2 WG is a 41-year-old female brought herself into the ER la.docx
Group 2 WG is a 41-year-old female brought herself into the ER la.docxgilbertkpeters11344
 
Group 2 Discuss the limitations of treatment for borderline and.docx
Group 2 Discuss the limitations of treatment for borderline and.docxGroup 2 Discuss the limitations of treatment for borderline and.docx
Group 2 Discuss the limitations of treatment for borderline and.docxgilbertkpeters11344
 
Group 3 Discuss the limitations of treatment for antisocial and.docx
Group 3 Discuss the limitations of treatment for antisocial and.docxGroup 3 Discuss the limitations of treatment for antisocial and.docx
Group 3 Discuss the limitations of treatment for antisocial and.docxgilbertkpeters11344
 
Group 1 Describe the differences between Naloxone, Naltrexone, .docx
Group 1 Describe the differences between Naloxone, Naltrexone, .docxGroup 1 Describe the differences between Naloxone, Naltrexone, .docx
Group 1 Describe the differences between Naloxone, Naltrexone, .docxgilbertkpeters11344
 
Grotius, HobbesDevelopment of INR – Week 3HobbesRelati.docx
Grotius, HobbesDevelopment of INR – Week 3HobbesRelati.docxGrotius, HobbesDevelopment of INR – Week 3HobbesRelati.docx
Grotius, HobbesDevelopment of INR – Week 3HobbesRelati.docxgilbertkpeters11344
 
GROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docx
GROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docxGROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docx
GROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docxgilbertkpeters11344
 
Greek Drama Further Readings and Short Report GuidelinesOur s.docx
Greek Drama Further Readings and Short Report GuidelinesOur s.docxGreek Drama Further Readings and Short Report GuidelinesOur s.docx
Greek Drama Further Readings and Short Report GuidelinesOur s.docxgilbertkpeters11344
 
Graph 4 (You must select a different graph than one that you hav.docx
Graph 4 (You must select a different graph than one that you hav.docxGraph 4 (You must select a different graph than one that you hav.docx
Graph 4 (You must select a different graph than one that you hav.docxgilbertkpeters11344
 
Graphs (Help! Really challenging assignment. Would appreciate any bi.docx
Graphs (Help! Really challenging assignment. Would appreciate any bi.docxGraphs (Help! Really challenging assignment. Would appreciate any bi.docx
Graphs (Help! Really challenging assignment. Would appreciate any bi.docxgilbertkpeters11344
 
Grandparenting can be highly rewarding. Many grandparents, though, u.docx
Grandparenting can be highly rewarding. Many grandparents, though, u.docxGrandparenting can be highly rewarding. Many grandparents, though, u.docx
Grandparenting can be highly rewarding. Many grandparents, though, u.docxgilbertkpeters11344
 
Great Marketing Moves The evolving art of getting noticed Ov.docx
Great Marketing Moves The evolving art of getting noticed Ov.docxGreat Marketing Moves The evolving art of getting noticed Ov.docx
Great Marketing Moves The evolving art of getting noticed Ov.docxgilbertkpeters11344
 
GREAT MIGRATION”Dr. G. J. Giddings.docx
GREAT MIGRATION”Dr. G. J. Giddings.docxGREAT MIGRATION”Dr. G. J. Giddings.docx
GREAT MIGRATION”Dr. G. J. Giddings.docxgilbertkpeters11344
 
Grand theory and Middle-range theoryHow are Nursing Theories c.docx
Grand theory and Middle-range theoryHow are Nursing Theories c.docxGrand theory and Middle-range theoryHow are Nursing Theories c.docx
Grand theory and Middle-range theoryHow are Nursing Theories c.docxgilbertkpeters11344
 
Grand Rounds Hi, and thanks for attending this case presen.docx
Grand Rounds Hi, and thanks for attending this case presen.docxGrand Rounds Hi, and thanks for attending this case presen.docx
Grand Rounds Hi, and thanks for attending this case presen.docxgilbertkpeters11344
 
Graduate Level Writing Required.DUEFriday, February 1.docx
Graduate Level Writing Required.DUEFriday, February 1.docxGraduate Level Writing Required.DUEFriday, February 1.docx
Graduate Level Writing Required.DUEFriday, February 1.docxgilbertkpeters11344
 

More from gilbertkpeters11344 (20)

Group Presentation Once during the quarter, each student will.docx
Group Presentation Once during the quarter, each student will.docxGroup Presentation Once during the quarter, each student will.docx
Group Presentation Once during the quarter, each student will.docx
 
Group Presentation Outline•Slide 1 Title slide•.docx
Group Presentation Outline•Slide 1 Title slide•.docxGroup Presentation Outline•Slide 1 Title slide•.docx
Group Presentation Outline•Slide 1 Title slide•.docx
 
Group PortionAs a group, discuss and develop a paper of 10 p.docx
Group PortionAs a group, discuss and develop a paper of 10 p.docxGroup PortionAs a group, discuss and develop a paper of 10 p.docx
Group PortionAs a group, discuss and develop a paper of 10 p.docx
 
Group Behavior in OrganizationsAt an organizational level,.docx
Group Behavior in OrganizationsAt an organizational level,.docxGroup Behavior in OrganizationsAt an organizational level,.docx
Group Behavior in OrganizationsAt an organizational level,.docx
 
Group assignment Only responsible for writing 275 words on the foll.docx
Group assignment Only responsible for writing 275 words on the foll.docxGroup assignment Only responsible for writing 275 words on the foll.docx
Group assignment Only responsible for writing 275 words on the foll.docx
 
Group 2 WG is a 41-year-old female brought herself into the ER la.docx
Group 2 WG is a 41-year-old female brought herself into the ER la.docxGroup 2 WG is a 41-year-old female brought herself into the ER la.docx
Group 2 WG is a 41-year-old female brought herself into the ER la.docx
 
Group 2 Discuss the limitations of treatment for borderline and.docx
Group 2 Discuss the limitations of treatment for borderline and.docxGroup 2 Discuss the limitations of treatment for borderline and.docx
Group 2 Discuss the limitations of treatment for borderline and.docx
 
Group 3 Discuss the limitations of treatment for antisocial and.docx
Group 3 Discuss the limitations of treatment for antisocial and.docxGroup 3 Discuss the limitations of treatment for antisocial and.docx
Group 3 Discuss the limitations of treatment for antisocial and.docx
 
Group 1 Describe the differences between Naloxone, Naltrexone, .docx
Group 1 Describe the differences between Naloxone, Naltrexone, .docxGroup 1 Describe the differences between Naloxone, Naltrexone, .docx
Group 1 Describe the differences between Naloxone, Naltrexone, .docx
 
Grotius, HobbesDevelopment of INR – Week 3HobbesRelati.docx
Grotius, HobbesDevelopment of INR – Week 3HobbesRelati.docxGrotius, HobbesDevelopment of INR – Week 3HobbesRelati.docx
Grotius, HobbesDevelopment of INR – Week 3HobbesRelati.docx
 
GROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docx
GROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docxGROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docx
GROUP 1 Case 967-- A Teenage Female with an Ovarian MassCLI.docx
 
Greek Drama Further Readings and Short Report GuidelinesOur s.docx
Greek Drama Further Readings and Short Report GuidelinesOur s.docxGreek Drama Further Readings and Short Report GuidelinesOur s.docx
Greek Drama Further Readings and Short Report GuidelinesOur s.docx
 
Graph 4 (You must select a different graph than one that you hav.docx
Graph 4 (You must select a different graph than one that you hav.docxGraph 4 (You must select a different graph than one that you hav.docx
Graph 4 (You must select a different graph than one that you hav.docx
 
Graphs (Help! Really challenging assignment. Would appreciate any bi.docx
Graphs (Help! Really challenging assignment. Would appreciate any bi.docxGraphs (Help! Really challenging assignment. Would appreciate any bi.docx
Graphs (Help! Really challenging assignment. Would appreciate any bi.docx
 
Grandparenting can be highly rewarding. Many grandparents, though, u.docx
Grandparenting can be highly rewarding. Many grandparents, though, u.docxGrandparenting can be highly rewarding. Many grandparents, though, u.docx
Grandparenting can be highly rewarding. Many grandparents, though, u.docx
 
Great Marketing Moves The evolving art of getting noticed Ov.docx
Great Marketing Moves The evolving art of getting noticed Ov.docxGreat Marketing Moves The evolving art of getting noticed Ov.docx
Great Marketing Moves The evolving art of getting noticed Ov.docx
 
GREAT MIGRATION”Dr. G. J. Giddings.docx
GREAT MIGRATION”Dr. G. J. Giddings.docxGREAT MIGRATION”Dr. G. J. Giddings.docx
GREAT MIGRATION”Dr. G. J. Giddings.docx
 
Grand theory and Middle-range theoryHow are Nursing Theories c.docx
Grand theory and Middle-range theoryHow are Nursing Theories c.docxGrand theory and Middle-range theoryHow are Nursing Theories c.docx
Grand theory and Middle-range theoryHow are Nursing Theories c.docx
 
Grand Rounds Hi, and thanks for attending this case presen.docx
Grand Rounds Hi, and thanks for attending this case presen.docxGrand Rounds Hi, and thanks for attending this case presen.docx
Grand Rounds Hi, and thanks for attending this case presen.docx
 
Graduate Level Writing Required.DUEFriday, February 1.docx
Graduate Level Writing Required.DUEFriday, February 1.docxGraduate Level Writing Required.DUEFriday, February 1.docx
Graduate Level Writing Required.DUEFriday, February 1.docx
 

Recently uploaded

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 

Recently uploaded (20)

ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 

4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx

  • 1. 4 Brian Dennison John Denson IT454 -1504B-01 Mon, 12/14/15 SECTION 4: ASSESSING RISK Risk assessment and management is one of the highest priorities for any organization to safeguard its properties and assets. In a turbulent state, all information and security vulnerabilities should be in a conversant to many regulations. Selected and tested methodologies have been defined and framed to mitigate the risk-assessment to many organizations. The frameworks have been set to help and guide security and risk. One of the methodologies is: Factor Analysis of Information Risk, abbreviated as (FAIR). FAIR is a methodology for understanding, analyzing and measuring information risk. Information policy and security practices have been inadequate available to aid in effectively managing information risk. For the little available information
  • 2. clues, managers and system owners have found it hard to make effective and well-informed decisions to safeguard their systems against such risks and uncertainties as they may happen. FAIR is elevated to address security practice weaknesses. The major aim of this methodology is to allow organizations contribute effort and mitigate the various risk as they may happen. In one accord risk is assessed and measures be taken to counter the menace. The method ensures the organizational risk is defended and or challenge risk determined by use of advanced analysis techniques and also understand how time and resources such as money will impact the organization's security profile in general. The Methodology works with the following components; these are; standardized nomenclature system for using the risk terms, a well-set framework for data collection, a taxonomy for information risk, Computational engine for evaluating risk model, measurement scales for all risk factors and a model for analyzing the complexity of all risk scenarios. The methodology has one best advantage; it doesn't use the normal, ordinary scale like one-to-10 rating and hence it is not subjected to the limitations the ordinary scale. The methodology uses the high or low scales to categorize its risk menace. Colors also form part of the rating red, yellow and green. FAIR methodology uses dollar estimates to indicate clearly losses and probability parameters for threats and vulnerabilities. Therefore, when merged with a range of values, confidence levels, it gives the best bargaining ground for mathematical modeling and hence loss exposures. A risk whether quantitative or qualitative should be dealt with an organization. There are four methods to curb such: these are: accept(able), avoid, mitigate and transfer. Accept: This is the willingness for an organization to assume the risk. This is a managerial and a business decision to accept the risk. This does not allow an organization assume the risk after its first identification. This comes after determining the level. Then assumptions later. Therefore, the best cause of
  • 3. action should be in plans to be undertaken. When it happens, the risk in many instances is insignificant to the organization hence the need to accept and assume. Avoid: This means that the organization is going to do nothing with the identified risks. Unlike on accepting the risk, when the organization accepts the risk, it is doing something; whether wrong or right. Mitigate: As the organization may have decided to accept and accept some, other risks may be cost restrictive for the purpose of reducing all risks, therefore, based on the level of risk acceptance, the rest should be mitigated. It, therefore, means reducing risks using implementing controls and fixes or use of any other countermeasures that have an immediate effect on the risks. Transfer: Another alternative is just to transfer the risk. Many organization are employing the method just to reduce the risk. It can be accomplished through cyber liability insurance including other outsourced services. However, not all risks are transferred. Insurance companies take charge of such services hence reducing the risk. The companies strive to reduce the financial burden to organizations when it occurs. Terms Description A threat is a popular term used in information and technology under security issues. It is defined as, any potential cause of an incident, within the information system that may result in harming the computer systems and organization. Most of the time it is hard to control a threat, unlike risks. It does happen through unauthorized access, disclosure, destruction, modification of information. This may adversely affect the services the system provide to the organization. For instance, criminals attacking the system over some duration to gain access to important services and information. Risk on the other hand often emerges because potential security threats are identified. This identification could exploit vulnerabilities in an information security systems. It also results in the harm of to an organization. It is a matter of probability
  • 4. that may occur at any given time. This can be controlled with a set of defined procedural mechanisms in addressing security matters. For instance a risk of data loss and or hacked by criminals. Exploit is a term commonly used in computing especially on risk and security to mean an attack on a computer system, which greatly uses and takes an advantage of a specific vulnerable system instability hence paving ways for intruders to compromise the system. For example, scripts were written to a faulty code to take advantage and replicate data or the relevant source code. References David Parker and Alison Mobey, “Action Research to Explore Perceptions of Risk in Project Management,” International Journal of Productivity and Performance Management 53, no. 1 (2004): 18–32. Stasiak, K. (2015, July 7). 4 Ways to Handle Risk (Only One is Bad). Retrieved December 14, 2015, from https://www.securestate.com/blog/2015/07/07/4-ways-to- handle-risk-(only-one-is-bad) Threat, vulnerability, risk - commonly mixed up terms - INDEPENDENT SECURITY CONSULTANTS (INDEPENDENT SECURITY CONSULTANTS RSS) http://www.threatanalysis.com/2010/05/03/threat-vulnerability- risk-commonly-mixed-up-terms/ Whitman, Michael (2012)."Chapter 2: The Need for Security". Principles of Information Security, Fourth Edition. Boston, Mass: Course Technology. p. 53.