SlideShare a Scribd company logo

27 Introduction Risk management begins with first .docx

Download as DOCX, PDF
L
lorainedeserre

27 Introduction Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation. Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective value. For example, a risk could be labeled critical, major, or minor. In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Learning Objectives Upon completing this lab, you will be able to: Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 28 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 29 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Hands-On Steps Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. ...

Education
1 of 17
27 Introduction Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation. Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective
value. For example, a risk could be labeled critical, major, or minor. In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Learning Objectives Upon completing this lab, you will be able to: Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. Prioritize classified risks, threats, and vulnerabilities according
to the defined qualitative risk assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 28 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 29 Copyright © 2015 by Jones & Bartlett Learning, LLC, an
Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. On your local computer, open a new Internet browser window. 4. Using your favorite search engine, search for information on the purpose of IT risk assessment. 5. In your Lab Report file, describe the purpose of IT risk assessment. 6. Review the following table for the risks, threats, and vulnerabilities found in a health care
IT infrastructure servicing patients with life-threatening conditions: Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data
Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a 30 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure known software vulnerability User downloads and clicks on an unknown e-mail attachment Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance
User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 7. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 8. In your Lab Report file, using the table from step 6, identify in the table’s Primary Domain Impacted column which of the seven domains of a
typical IT infrastructure will be most impacted by each risk, threat, or vulnerability listed. 31 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Qualitative Versus Quantitative The next step requests that you assign a score to each of the risks in the table from step 6. The scoring is done qualitatively, by assigning one of several labels on a scale. In this case, the scale is provided for you, ranging from Critical to Minor. Using qualitative scores to assess risks is comparatively easy and quick. The alternative is to assess quantitatively, using actual, numerical scores. Using qualitative words such as “critical” or “major” introduces subjective opinion, while citing numbers such as “Damage to be more than $3 million” or “Will cause an outage of under four hours” introduces quantitative objectivity. Quantitative scoring is more objective, but calculating risk assessment this way can take much more time. This is because it requires you to dig up hard facts. For instance, you can conduct quantitative scoring by referring to your organization’s history or claims records by answering such questions as “How often has this happened to us, or
others?” You can also assess risks numerically by researching the costs to recover from losses. It is possible to assess risks both quantitatively and qualitatively. For example, you could quantitatively score the likelihood and consequences of each risk, for example, “under 10% chance” and “ ‘X’ number of staff lives harmed or lost.” But you could present the final score qualitatively, for example, “critical” or “needs to be addressed immediately.” 9. In your Lab Report file, using the table from step 6, perform a qualitative risk assessment by assigning a risk impact/risk factor to each of the identified risks, threats, and vulnerabilities throughout the seven domains of a typical IT infrastructure where the risk, threat, or vulnerability resides. Assign each risk, threat, and vulnerability a priority number in the table’s Risk Impact/Factor column, where: compliance (that is, privacy law requirement for securing privacy data and implementing proper security controls, and so on) and places the organization in a position of increased liability confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT
infrastructure “3” is Minor: A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure Keep the following in mind when working on the next step: When suggesting next steps to executive management, consider your recommendations from their point of view. Be prepared to explain costs, both in implementing the controls and then in maintaining the controls. Remember that costs come in many forms, not least of which is labor. Be sure accountability is thought out in terms of roles and responsibilities. Other potential costs outside the data center include goodwill or reputation, market share, and lost opportunity. Executive management might have these costs topmost in mind. 32 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 10. In your Lab Report file, write a four-paragraph executive summary according to the following outline: eats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure)
and minor risk assessment elements f the seven domains of a typical IT infrastructure management This completes the lab. Close the Web browser, if you have not already done so. 33 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Define the purpose and objectives of an IT risk assessment. –
[20%] 2. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. – [20%] 3. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. – [20%] 4. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. – [20%] 5. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. – [20%] Page 1 of 2 Policy Project Proposal Focused Topic: Topic Description (100-150 words): Arguments For:
1. 2. 3. Sources (1-2 full citations): Arguments Against: 1. 2. 3. Sources (1-2 full citations): Party Positions: Democratic Party Position: Source: Republican Party Position: Source:
Page 2 of 2 Interest Group Positions: Interest Group For: Source: Interest Group Against: Source: Public Opinion: Public Opinion on Issue: Percent of Public in Favor: Source: Percent of Public Against: Source: Focused Topic: Topic Description 100150 words: Democratic Party Position: Republican Party Position: Interest Group For: Interest Group Against: Public Opinion on Issue: Percent of Public in Favor: Percent of Public Against: First Argument For: Second Argument For: Third Argument For: Sources 1 to 2 full citations: First Argument Against: Second Argument Against: Third Argument Against: Sources 1 to 2 full citations Against: Democratic Party Position Source: Republican Party Position
Source: Source of Interest Group For: Source of Interest Group Against: Source of Public Opinion in Favor: Source of Public Opinion Against: Assessment Worksheet Performing a Qualitative Risk Assessment for an IT Infrastructure Course Name and Number: _____________________________________________________ Student Name: _____________________________________________________ ___________ Instructor Name: _____________________________________________________ _________ Lab Due Date: _____________________________________________________ ___________ Overview In this lab, you defined the purpose of an IT risk assessment, you aligned identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you classified the risks, threats, and vulnerabilities, and you prioritized them.
Finally, you wrote an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab Assessment Questions & Answers 1. What is an IT risk assessment’s goal or objective? 2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning a “1” risk impact/risk factor value of “Critical” to an identified risk, threat, or vulnerability? 4. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What would you say to executive management about your final recommended prioritization? 35 Copyright © 2015 by Jones & Bartlett Learning, LLC, an
Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 5. Identify a risk-mitigation solution for each of the following risk factors: a. User downloads and clicks on an unknown e-mail attachment b. Workstation OS has a known software vulnerability c. Need to prevent eavesdropping on WLAN due to customer privacy data access d. Weak ingress/egress traffic-filtering degrades performance e. DoS/DDoS attack from the WAN/Internet f. Remote access from home office g. Production server corrupts database Course Name and Number: Student Name: Instructor Name: Lab Due Date: Text40: Text41: Text42: Text43: Text44:

Recommended

44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docx44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docxblondellchancy
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
Managing Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxManaging Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxjessiehampson
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
AM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxAM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxdaniahendric
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
For this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxFor this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxhanneloremccaffery
 

Recommended

44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docx44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docxblondellchancy
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
Managing Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxManaging Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxjessiehampson
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
AM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxAM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxdaniahendric
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
For this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxFor this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxhanneloremccaffery
 
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Cmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comCmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comDavisMurphyC37
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.comKeatonJennings98
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
Dit yvol4iss50
Dit yvol4iss50Dit yvol4iss50
Dit yvol4iss50Rick Lemieux
 
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docxlorainedeserre
 
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docxlorainedeserre
 

More Related Content

Similar to 27 Introduction Risk management begins with first .docx

Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Cmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comCmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comDavisMurphyC37
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.comKeatonJennings98
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 

Similar to 27 Introduction Risk management begins with first .docx (20)

Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerization
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Cmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comCmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.com
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
Dit yvol4iss50
Dit yvol4iss50Dit yvol4iss50
Dit yvol4iss50
 

More from lorainedeserre

4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docxlorainedeserre
 
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docxlorainedeserre
 
38 u December 2017 January 2018The authorities beli.docx
38 u December 2017 January 2018The authorities beli.docx38 u December 2017 January 2018The authorities beli.docx
38 u December 2017 January 2018The authorities beli.docxlorainedeserre
 
3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx
3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx
3Prototypes of Ethical ProblemsObjectivesThe reader shou.docxlorainedeserre
 
4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx
4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx
4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docxlorainedeserre
 
3Moral Identity Codes of Ethics and Institutional Ethics .docx
3Moral Identity Codes of Ethics and Institutional Ethics .docx3Moral Identity Codes of Ethics and Institutional Ethics .docx
3Moral Identity Codes of Ethics and Institutional Ethics .docxlorainedeserre
 
3NIMH Opinion or FactThe National Institute of Mental Healt.docx
3NIMH Opinion or FactThe National Institute of Mental Healt.docx3NIMH Opinion or FactThe National Institute of Mental Healt.docx
3NIMH Opinion or FactThe National Institute of Mental Healt.docxlorainedeserre
 
4.1Updated April-09Lecture NotesChapter 4Enterpr.docx
4.1Updated April-09Lecture NotesChapter 4Enterpr.docx4.1Updated April-09Lecture NotesChapter 4Enterpr.docx
4.1Updated April-09Lecture NotesChapter 4Enterpr.docxlorainedeserre
 
3Type your name hereType your three-letter and -number cours.docx
3Type your name hereType your three-letter and -number cours.docx3Type your name hereType your three-letter and -number cours.docx
3Type your name hereType your three-letter and -number cours.docxlorainedeserre
 
3Welcome to Writing at Work! After you have completed.docx
3Welcome to Writing at Work! After you have completed.docx3Welcome to Writing at Work! After you have completed.docx
3Welcome to Writing at Work! After you have completed.docxlorainedeserre
 
3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx
3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx
3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docxlorainedeserre
 
3Big Data Analyst QuestionnaireWithin this document are fo.docx
3Big Data Analyst QuestionnaireWithin this document are fo.docx3Big Data Analyst QuestionnaireWithin this document are fo.docx
3Big Data Analyst QuestionnaireWithin this document are fo.docxlorainedeserre
 
3HR StrategiesKey concepts and termsHigh commitment .docx
3HR StrategiesKey concepts and termsHigh commitment .docx3HR StrategiesKey concepts and termsHigh commitment .docx
3HR StrategiesKey concepts and termsHigh commitment .docxlorainedeserre
 
3Implementing ChangeConstruction workers on scaffolding..docx
3Implementing ChangeConstruction workers on scaffolding..docx3Implementing ChangeConstruction workers on scaffolding..docx
3Implementing ChangeConstruction workers on scaffolding..docxlorainedeserre
 
3Assignment Three Purpose of the study and Research Questions.docx
3Assignment Three Purpose of the study and Research Questions.docx3Assignment Three Purpose of the study and Research Questions.docx
3Assignment Three Purpose of the study and Research Questions.docxlorainedeserre
 
380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx
380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx
380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docxlorainedeserre
 
392Group Development JupiterimagesStockbyteThinkstoc.docx
392Group Development JupiterimagesStockbyteThinkstoc.docx392Group Development JupiterimagesStockbyteThinkstoc.docx
392Group Development JupiterimagesStockbyteThinkstoc.docxlorainedeserre
 
39Chapter 7Theories of TeachingIntroductionTheories of l.docx
39Chapter 7Theories of TeachingIntroductionTheories of l.docx39Chapter 7Theories of TeachingIntroductionTheories of l.docx
39Chapter 7Theories of TeachingIntroductionTheories of l.docxlorainedeserre
 
3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx
3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx
3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docxlorainedeserre
 
38  Monthly Labor Review  •  June 2012TelecommutingThe.docx
38  Monthly Labor Review  •  June 2012TelecommutingThe.docx38  Monthly Labor Review  •  June 2012TelecommutingThe.docx
38  Monthly Labor Review  •  June 2012TelecommutingThe.docxlorainedeserre
 

More from lorainedeserre (20)

4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
4 Shaping and Sustaining Change Ryan McVayPhotodiscThink.docx
 
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
4.1 EXPLORING INCENTIVE PAY4-1 Explore the incentive pay a.docx
 
38 u December 2017 January 2018The authorities beli.docx
38 u December 2017 January 2018The authorities beli.docx38 u December 2017 January 2018The authorities beli.docx
38 u December 2017 January 2018The authorities beli.docx
 
3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx
3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx
3Prototypes of Ethical ProblemsObjectivesThe reader shou.docx
 
4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx
4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx
4-5 Annotations and Writing Plan - Thu Jan 30 2111Claire Knaus.docx
 
3Moral Identity Codes of Ethics and Institutional Ethics .docx
3Moral Identity Codes of Ethics and Institutional Ethics .docx3Moral Identity Codes of Ethics and Institutional Ethics .docx
3Moral Identity Codes of Ethics and Institutional Ethics .docx
 
3NIMH Opinion or FactThe National Institute of Mental Healt.docx
3NIMH Opinion or FactThe National Institute of Mental Healt.docx3NIMH Opinion or FactThe National Institute of Mental Healt.docx
3NIMH Opinion or FactThe National Institute of Mental Healt.docx
 
4.1Updated April-09Lecture NotesChapter 4Enterpr.docx
4.1Updated April-09Lecture NotesChapter 4Enterpr.docx4.1Updated April-09Lecture NotesChapter 4Enterpr.docx
4.1Updated April-09Lecture NotesChapter 4Enterpr.docx
 
3Type your name hereType your three-letter and -number cours.docx
3Type your name hereType your three-letter and -number cours.docx3Type your name hereType your three-letter and -number cours.docx
3Type your name hereType your three-letter and -number cours.docx
 
3Welcome to Writing at Work! After you have completed.docx
3Welcome to Writing at Work! After you have completed.docx3Welcome to Writing at Work! After you have completed.docx
3Welcome to Writing at Work! After you have completed.docx
 
3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx
3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx
3JWI 531 Finance II Assignment 1TemplateHOW TO USE THIS TEMP.docx
 
3Big Data Analyst QuestionnaireWithin this document are fo.docx
3Big Data Analyst QuestionnaireWithin this document are fo.docx3Big Data Analyst QuestionnaireWithin this document are fo.docx
3Big Data Analyst QuestionnaireWithin this document are fo.docx
 
3HR StrategiesKey concepts and termsHigh commitment .docx
3HR StrategiesKey concepts and termsHigh commitment .docx3HR StrategiesKey concepts and termsHigh commitment .docx
3HR StrategiesKey concepts and termsHigh commitment .docx
 
3Implementing ChangeConstruction workers on scaffolding..docx
3Implementing ChangeConstruction workers on scaffolding..docx3Implementing ChangeConstruction workers on scaffolding..docx
3Implementing ChangeConstruction workers on scaffolding..docx
 
3Assignment Three Purpose of the study and Research Questions.docx
3Assignment Three Purpose of the study and Research Questions.docx3Assignment Three Purpose of the study and Research Questions.docx
3Assignment Three Purpose of the study and Research Questions.docx
 
380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx
380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx
380067.docxby Jamie FeryllFILET IME SUBMIT T ED 22- .docx
 
392Group Development JupiterimagesStockbyteThinkstoc.docx
392Group Development JupiterimagesStockbyteThinkstoc.docx392Group Development JupiterimagesStockbyteThinkstoc.docx
392Group Development JupiterimagesStockbyteThinkstoc.docx
 
39Chapter 7Theories of TeachingIntroductionTheories of l.docx
39Chapter 7Theories of TeachingIntroductionTheories of l.docx39Chapter 7Theories of TeachingIntroductionTheories of l.docx
39Chapter 7Theories of TeachingIntroductionTheories of l.docx
 
3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx
3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx
3902    wileyonlinelibrary.comjournalmec Molecular Ecology.docx
 
38  Monthly Labor Review  •  June 2012TelecommutingThe.docx
38  Monthly Labor Review  •  June 2012TelecommutingThe.docx38  Monthly Labor Review  •  June 2012TelecommutingThe.docx
38  Monthly Labor Review  •  June 2012TelecommutingThe.docx
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 

Recently uploaded (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 

27 Introduction Risk management begins with first .docx

  • 1. 27 Introduction Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation. Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective
  • 2. value. For example, a risk could be labeled critical, major, or minor. In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Learning Objectives Upon completing this lab, you will be able to: Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. Prioritize classified risks, threats, and vulnerabilities according
  • 3. to the defined qualitative risk assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 28 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 29 Copyright © 2015 by Jones & Bartlett Learning, LLC, an
  • 4. Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. On your local computer, open a new Internet browser window. 4. Using your favorite search engine, search for information on the purpose of IT risk assessment. 5. In your Lab Report file, describe the purpose of IT risk assessment. 6. Review the following table for the risks, threats, and vulnerabilities found in a health care
  • 5. IT infrastructure servicing patients with life-threatening conditions: Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data
  • 6. Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a 30 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure known software vulnerability User downloads and clicks on an unknown e-mail attachment Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance
  • 7. User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 7. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 8. In your Lab Report file, using the table from step 6, identify in the table’s Primary Domain Impacted column which of the seven domains of a
  • 8. typical IT infrastructure will be most impacted by each risk, threat, or vulnerability listed. 31 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Qualitative Versus Quantitative The next step requests that you assign a score to each of the risks in the table from step 6. The scoring is done qualitatively, by assigning one of several labels on a scale. In this case, the scale is provided for you, ranging from Critical to Minor. Using qualitative scores to assess risks is comparatively easy and quick. The alternative is to assess quantitatively, using actual, numerical scores. Using qualitative words such as “critical” or “major” introduces subjective opinion, while citing numbers such as “Damage to be more than $3 million” or “Will cause an outage of under four hours” introduces quantitative objectivity. Quantitative scoring is more objective, but calculating risk assessment this way can take much more time. This is because it requires you to dig up hard facts. For instance, you can conduct quantitative scoring by referring to your organization’s history or claims records by answering such questions as “How often has this happened to us, or
  • 9. others?” You can also assess risks numerically by researching the costs to recover from losses. It is possible to assess risks both quantitatively and qualitatively. For example, you could quantitatively score the likelihood and consequences of each risk, for example, “under 10% chance” and “ ‘X’ number of staff lives harmed or lost.” But you could present the final score qualitatively, for example, “critical” or “needs to be addressed immediately.” 9. In your Lab Report file, using the table from step 6, perform a qualitative risk assessment by assigning a risk impact/risk factor to each of the identified risks, threats, and vulnerabilities throughout the seven domains of a typical IT infrastructure where the risk, threat, or vulnerability resides. Assign each risk, threat, and vulnerability a priority number in the table’s Risk Impact/Factor column, where: compliance (that is, privacy law requirement for securing privacy data and implementing proper security controls, and so on) and places the organization in a position of increased liability confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT
  • 10. infrastructure “3” is Minor: A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure Keep the following in mind when working on the next step: When suggesting next steps to executive management, consider your recommendations from their point of view. Be prepared to explain costs, both in implementing the controls and then in maintaining the controls. Remember that costs come in many forms, not least of which is labor. Be sure accountability is thought out in terms of roles and responsibilities. Other potential costs outside the data center include goodwill or reputation, market share, and lost opportunity. Executive management might have these costs topmost in mind. 32 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 10. In your Lab Report file, write a four-paragraph executive summary according to the following outline: eats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure)
  • 11. and minor risk assessment elements f the seven domains of a typical IT infrastructure management This completes the lab. Close the Web browser, if you have not already done so. 33 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Define the purpose and objectives of an IT risk assessment. –
  • 12. [20%] 2. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. – [20%] 3. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. – [20%] 4. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. – [20%] 5. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. – [20%] Page 1 of 2 Policy Project Proposal Focused Topic: Topic Description (100-150 words): Arguments For:
  • 13. 1. 2. 3. Sources (1-2 full citations): Arguments Against: 1. 2. 3. Sources (1-2 full citations): Party Positions: Democratic Party Position: Source: Republican Party Position: Source:
  • 14. Page 2 of 2 Interest Group Positions: Interest Group For: Source: Interest Group Against: Source: Public Opinion: Public Opinion on Issue: Percent of Public in Favor: Source: Percent of Public Against: Source: Focused Topic: Topic Description 100150 words: Democratic Party Position: Republican Party Position: Interest Group For: Interest Group Against: Public Opinion on Issue: Percent of Public in Favor: Percent of Public Against: First Argument For: Second Argument For: Third Argument For: Sources 1 to 2 full citations: First Argument Against: Second Argument Against: Third Argument Against: Sources 1 to 2 full citations Against: Democratic Party Position Source: Republican Party Position
  • 15. Source: Source of Interest Group For: Source of Interest Group Against: Source of Public Opinion in Favor: Source of Public Opinion Against: Assessment Worksheet Performing a Qualitative Risk Assessment for an IT Infrastructure Course Name and Number: _____________________________________________________ Student Name: _____________________________________________________ ___________ Instructor Name: _____________________________________________________ _________ Lab Due Date: _____________________________________________________ ___________ Overview In this lab, you defined the purpose of an IT risk assessment, you aligned identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you classified the risks, threats, and vulnerabilities, and you prioritized them.
  • 16. Finally, you wrote an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab Assessment Questions & Answers 1. What is an IT risk assessment’s goal or objective? 2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning a “1” risk impact/risk factor value of “Critical” to an identified risk, threat, or vulnerability? 4. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What would you say to executive management about your final recommended prioritization? 35 Copyright © 2015 by Jones & Bartlett Learning, LLC, an
  • 17. Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 5. Identify a risk-mitigation solution for each of the following risk factors: a. User downloads and clicks on an unknown e-mail attachment b. Workstation OS has a known software vulnerability c. Need to prevent eavesdropping on WLAN due to customer privacy data access d. Weak ingress/egress traffic-filtering degrades performance e. DoS/DDoS attack from the WAN/Internet f. Remote access from home office g. Production server corrupts database Course Name and Number: Student Name: Instructor Name: Lab Due Date: Text40: Text41: Text42: Text43: Text44: