SlideShare a Scribd company logo

27 Introduction Risk management begins with first .docx

Download as DOCX, PDF
V
vickeryr87

27 Introduction Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation. Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective value. For example, a risk could be labeled critical, major, or minor. In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Learning Objectives Upon completing this lab, you will be able to: Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 28 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 29 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Hands-On Steps Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. .

Education
1 of 23
27 Introduction Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation. Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective
value. For example, a risk could be labeled critical, major, or minor. In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Learning Objectives Upon completing this lab, you will be able to: Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. Prioritize classified risks, threats, and vulnerabilities according
to the defined qualitative risk assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 28 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 29 Copyright © 2015 by Jones & Bartlett Learning, LLC, an
Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. On your local computer, open a new Internet browser window. 4. Using your favorite search engine, search for information on the purpose of IT risk assessment. 5. In your Lab Report file, describe the purpose of IT risk assessment. 6. Review the following table for the risks, threats, and vulnerabilities found in a health care
IT infrastructure servicing patients with life-threatening conditions: Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data
Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a 30 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure known software vulnerability User downloads and clicks on an unknown e-mail attachment Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance
User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 7. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 8. In your Lab Report file, using the table from step 6, identify in the table’s Primary Domain Impacted column which of the seven domains of a
typical IT infrastructure will be most impacted by each risk, threat, or vulnerability listed. 31 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Qualitative Versus Quantitative The next step requests that you assign a score to each of the risks in the table from step 6. The scoring is done qualitatively, by assigning one of several labels on a scale. In this case, the scale is provided for you, ranging from Critical to Minor. Using qualitative scores to assess risks is comparatively easy and quick. The alternative is to assess quantitatively, using actual, numerical scores. Using qualitative words such as “critical” or “major” introduces subjective opinion, while citing numbers such as “Damage to be more than $3 million” or “Will cause an outage of under four hours” introduces quantitative objectivity. Quantitative scoring is more objective, but calculating risk assessment this way can take much more time. This is because it requires you to dig up hard facts. For instance, you can conduct quantitative scoring by referring to your organization’s history or claims records by answering such questions as “How often has this happened to us, or
others?” You can also assess risks numerically by researching the costs to recover from losses. It is possible to assess risks both quantitatively and qualitatively. For example, you could quantitatively score the likelihood and consequences of each risk, for example, “under 10% chance” and “ ‘X’ number of staff lives harmed or lost.” But you could present the final score qualitatively, for example, “critical” or “needs to be addressed immediately.” 9. In your Lab Report file, using the table from step 6, perform a qualitative risk assessment by assigning a risk impact/risk factor to each of the identified risks, threats, and vulnerabilities throughout the seven domains of a typical IT infrastructure where the risk, threat, or vulnerability resides. Assign each risk, threat, and vulnerability a priority number in the table’s Risk Impact/Factor column, where: compliance (that is, privacy law requirement for securing privacy data and implementing proper security controls, and so on) and places the organization in a position of increased liability confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT
infrastructure “3” is Minor: A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure Keep the following in mind when working on the next step: When suggesting next steps to executive management, consider your recommendations from their point of view. Be prepared to explain costs, both in implementing the controls and then in maintaining the controls. Remember that costs come in many forms, not least of which is labor. Be sure accountability is thought out in terms of roles and responsibilities. Other potential costs outside the data center include goodwill or reputation, market share, and lost opportunity. Executive management might have these costs topmost in mind. 32 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 10. In your Lab Report file, write a four-paragraph executive summary according to the following outline: eats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure)
and minor risk assessment elements f the seven domains of a typical IT infrastructure management This completes the lab. Close the Web browser, if you have not already done so. 33 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Define the purpose and objectives of an IT risk assessment. –
[20%] 2. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. – [20%] 3. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. – [20%] 4. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. – [20%] 5. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. – [20%] 44 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard
decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan. You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s
major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing
the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 45 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 46 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure
Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure in that lab: 47
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability
Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance
User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 48 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 5. In your Lab Report file, organize the qualitative risk assessment data according to the
following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. ” risks, threats, and vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window.
7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. In your Lab Report file, describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. In your Lab Report file, describe the elements of an IT risk- mitigation plan outline by covering the following major topics: ilities organized into the seven domains throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities
-mitigation steps for the seven domains of a typical IT infrastructure solutions 49 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 11. In your Lab Report file, create a detailed IT risk-mitigation plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. 50 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure
Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. – [20%] 2. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. – [20%] 3. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. – [20%] 4. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. – [20%] 5. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. – [20%]

Recommended

44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docx44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docxblondellchancy
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
Managing Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxManaging Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxjessiehampson
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
AM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxAM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxdaniahendric
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
For this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxFor this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxhanneloremccaffery
 

Recommended

44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docx44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docxblondellchancy
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
Managing Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxManaging Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxjessiehampson
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
AM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxAM   What is a common size income statement, it is the presentat.docx
AM   What is a common size income statement, it is the presentat.docxdaniahendric
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
For this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxFor this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxhanneloremccaffery
 
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Cmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comCmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comDavisMurphyC37
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.comKeatonJennings98
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
Dit yvol4iss50
Dit yvol4iss50Dit yvol4iss50
Dit yvol4iss50Rick Lemieux
 
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docxCOLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docxvickeryr87
 
Collins did not understand the events that led to the reasoning .docx
Collins did not understand the events that led to the reasoning .docxCollins did not understand the events that led to the reasoning .docx
Collins did not understand the events that led to the reasoning .docxvickeryr87
 

More Related Content

Similar to 27 Introduction Risk management begins with first .docx

Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Cmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comCmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comDavisMurphyC37
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.comKeatonJennings98
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 

Similar to 27 Introduction Risk management begins with first .docx (20)

Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerization
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Cmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.comCmgt 582 Education Specialist -snaptutorial.com
Cmgt 582 Education Specialist -snaptutorial.com
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
Dit yvol4iss50
Dit yvol4iss50Dit yvol4iss50
Dit yvol4iss50
 

More from vickeryr87

COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docxCOLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docxvickeryr87
 
Collins did not understand the events that led to the reasoning .docx
Collins did not understand the events that led to the reasoning .docxCollins did not understand the events that led to the reasoning .docx
Collins did not understand the events that led to the reasoning .docxvickeryr87
 
Define discrimination, victimization and affirmative actions; .docx
Define discrimination, victimization and affirmative actions; .docxDefine discrimination, victimization and affirmative actions; .docx
Define discrimination, victimization and affirmative actions; .docxvickeryr87
 
Define data mining. Why are there many names and definitions for d.docx
Define data mining. Why are there many names and definitions for d.docxDefine data mining. Why are there many names and definitions for d.docx
Define data mining. Why are there many names and definitions for d.docxvickeryr87
 
Define culture. How can culture be conceptionalizedDiscuss at l.docx
Define culture. How can culture be conceptionalizedDiscuss at l.docxDefine culture. How can culture be conceptionalizedDiscuss at l.docx
Define culture. How can culture be conceptionalizedDiscuss at l.docxvickeryr87
 
Define cultural relativism and how it is used by anthropologis.docx
Define cultural relativism and how it is used by anthropologis.docxDefine cultural relativism and how it is used by anthropologis.docx
Define cultural relativism and how it is used by anthropologis.docxvickeryr87
 
Define cost control and provide several examples of how it affec.docx
Define cost control and provide several examples of how it affec.docxDefine cost control and provide several examples of how it affec.docx
Define cost control and provide several examples of how it affec.docxvickeryr87
 
Define corporate governance.Discuss the events that led up.docx
Define corporate governance.Discuss the events that led up.docxDefine corporate governance.Discuss the events that led up.docx
Define corporate governance.Discuss the events that led up.docxvickeryr87
 
Define communication in your own words. Identify and distinguish amo.docx
Define communication in your own words. Identify and distinguish amo.docxDefine communication in your own words. Identify and distinguish amo.docx
Define communication in your own words. Identify and distinguish amo.docxvickeryr87
 
Define Civil Liberties. List 5 Civil Liberties. How do they differ.docx
Define Civil Liberties. List 5 Civil Liberties. How do they differ.docxDefine Civil Liberties. List 5 Civil Liberties. How do they differ.docx
Define Civil Liberties. List 5 Civil Liberties. How do they differ.docxvickeryr87
 
Define civilization. Do we really need it in order to survive and pr.docx
Define civilization. Do we really need it in order to survive and pr.docxDefine civilization. Do we really need it in order to survive and pr.docx
Define civilization. Do we really need it in order to survive and pr.docxvickeryr87
 
Define case management and care management and compare the dif.docx
Define case management and care management and compare the dif.docxDefine case management and care management and compare the dif.docx
Define case management and care management and compare the dif.docxvickeryr87
 
Define Bureaucracy.  Government at all levels has grown enormously, .docx
Define Bureaucracy.  Government at all levels has grown enormously, .docxDefine Bureaucracy.  Government at all levels has grown enormously, .docx
Define Bureaucracy.  Government at all levels has grown enormously, .docxvickeryr87
 
Define and explain how the Twitter search function works to search f.docx
Define and explain how the Twitter search function works to search f.docxDefine and explain how the Twitter search function works to search f.docx
Define and explain how the Twitter search function works to search f.docxvickeryr87
 
Define and relate these different terminologies and Information Gove.docx
Define and relate these different terminologies and Information Gove.docxDefine and relate these different terminologies and Information Gove.docx
Define and relate these different terminologies and Information Gove.docxvickeryr87
 
Define and provide examples of-Basic probability- Bayes the.docx
Define and provide examples of-Basic probability- Bayes the.docxDefine and provide examples of-Basic probability- Bayes the.docx
Define and provide examples of-Basic probability- Bayes the.docxvickeryr87
 
Define and discuss the phrase Manifest Destiny. Explain how this b.docx
Define and discuss the phrase Manifest Destiny. Explain how this b.docxDefine and discuss the phrase Manifest Destiny. Explain how this b.docx
Define and discuss the phrase Manifest Destiny. Explain how this b.docxvickeryr87
 
Define and discuss the differences between vision and mission stat.docx
Define and discuss the differences between vision and mission stat.docxDefine and discuss the differences between vision and mission stat.docx
Define and discuss the differences between vision and mission stat.docxvickeryr87
 
Define and discuss the four types of innovation. How might these.docx
Define and discuss the four types of innovation. How might these.docxDefine and discuss the four types of innovation. How might these.docx
Define and discuss the four types of innovation. How might these.docxvickeryr87
 
Define and discuss the data wiping process.Discuss how a cloud.docx
Define and discuss the data wiping process.Discuss how a cloud.docxDefine and discuss the data wiping process.Discuss how a cloud.docx
Define and discuss the data wiping process.Discuss how a cloud.docxvickeryr87
 

More from vickeryr87 (20)

COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docxCOLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
COLLEGEPHYSICS LAB REPORTSTUDENTS NAME.docx
 
Collins did not understand the events that led to the reasoning .docx
Collins did not understand the events that led to the reasoning .docxCollins did not understand the events that led to the reasoning .docx
Collins did not understand the events that led to the reasoning .docx
 
Define discrimination, victimization and affirmative actions; .docx
Define discrimination, victimization and affirmative actions; .docxDefine discrimination, victimization and affirmative actions; .docx
Define discrimination, victimization and affirmative actions; .docx
 
Define data mining. Why are there many names and definitions for d.docx
Define data mining. Why are there many names and definitions for d.docxDefine data mining. Why are there many names and definitions for d.docx
Define data mining. Why are there many names and definitions for d.docx
 
Define culture. How can culture be conceptionalizedDiscuss at l.docx
Define culture. How can culture be conceptionalizedDiscuss at l.docxDefine culture. How can culture be conceptionalizedDiscuss at l.docx
Define culture. How can culture be conceptionalizedDiscuss at l.docx
 
Define cultural relativism and how it is used by anthropologis.docx
Define cultural relativism and how it is used by anthropologis.docxDefine cultural relativism and how it is used by anthropologis.docx
Define cultural relativism and how it is used by anthropologis.docx
 
Define cost control and provide several examples of how it affec.docx
Define cost control and provide several examples of how it affec.docxDefine cost control and provide several examples of how it affec.docx
Define cost control and provide several examples of how it affec.docx
 
Define corporate governance.Discuss the events that led up.docx
Define corporate governance.Discuss the events that led up.docxDefine corporate governance.Discuss the events that led up.docx
Define corporate governance.Discuss the events that led up.docx
 
Define communication in your own words. Identify and distinguish amo.docx
Define communication in your own words. Identify and distinguish amo.docxDefine communication in your own words. Identify and distinguish amo.docx
Define communication in your own words. Identify and distinguish amo.docx
 
Define Civil Liberties. List 5 Civil Liberties. How do they differ.docx
Define Civil Liberties. List 5 Civil Liberties. How do they differ.docxDefine Civil Liberties. List 5 Civil Liberties. How do they differ.docx
Define Civil Liberties. List 5 Civil Liberties. How do they differ.docx
 
Define civilization. Do we really need it in order to survive and pr.docx
Define civilization. Do we really need it in order to survive and pr.docxDefine civilization. Do we really need it in order to survive and pr.docx
Define civilization. Do we really need it in order to survive and pr.docx
 
Define case management and care management and compare the dif.docx
Define case management and care management and compare the dif.docxDefine case management and care management and compare the dif.docx
Define case management and care management and compare the dif.docx
 
Define Bureaucracy.  Government at all levels has grown enormously, .docx
Define Bureaucracy.  Government at all levels has grown enormously, .docxDefine Bureaucracy.  Government at all levels has grown enormously, .docx
Define Bureaucracy.  Government at all levels has grown enormously, .docx
 
Define and explain how the Twitter search function works to search f.docx
Define and explain how the Twitter search function works to search f.docxDefine and explain how the Twitter search function works to search f.docx
Define and explain how the Twitter search function works to search f.docx
 
Define and relate these different terminologies and Information Gove.docx
Define and relate these different terminologies and Information Gove.docxDefine and relate these different terminologies and Information Gove.docx
Define and relate these different terminologies and Information Gove.docx
 
Define and provide examples of-Basic probability- Bayes the.docx
Define and provide examples of-Basic probability- Bayes the.docxDefine and provide examples of-Basic probability- Bayes the.docx
Define and provide examples of-Basic probability- Bayes the.docx
 
Define and discuss the phrase Manifest Destiny. Explain how this b.docx
Define and discuss the phrase Manifest Destiny. Explain how this b.docxDefine and discuss the phrase Manifest Destiny. Explain how this b.docx
Define and discuss the phrase Manifest Destiny. Explain how this b.docx
 
Define and discuss the differences between vision and mission stat.docx
Define and discuss the differences between vision and mission stat.docxDefine and discuss the differences between vision and mission stat.docx
Define and discuss the differences between vision and mission stat.docx
 
Define and discuss the four types of innovation. How might these.docx
Define and discuss the four types of innovation. How might these.docxDefine and discuss the four types of innovation. How might these.docx
Define and discuss the four types of innovation. How might these.docx
 
Define and discuss the data wiping process.Discuss how a cloud.docx
Define and discuss the data wiping process.Discuss how a cloud.docxDefine and discuss the data wiping process.Discuss how a cloud.docx
Define and discuss the data wiping process.Discuss how a cloud.docx
 

Recently uploaded

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 

Recently uploaded (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 

27 Introduction Risk management begins with first .docx

  • 1. 27 Introduction Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation. Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective
  • 2. value. For example, a risk could be labeled critical, major, or minor. In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Learning Objectives Upon completing this lab, you will be able to: Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. Prioritize classified risks, threats, and vulnerabilities according
  • 3. to the defined qualitative risk assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 28 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 29 Copyright © 2015 by Jones & Bartlett Learning, LLC, an
  • 4. Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. On your local computer, open a new Internet browser window. 4. Using your favorite search engine, search for information on the purpose of IT risk assessment. 5. In your Lab Report file, describe the purpose of IT risk assessment. 6. Review the following table for the risks, threats, and vulnerabilities found in a health care
  • 5. IT infrastructure servicing patients with life-threatening conditions: Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data
  • 6. Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a 30 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure known software vulnerability User downloads and clicks on an unknown e-mail attachment Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance
  • 7. User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 7. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 8. In your Lab Report file, using the table from step 6, identify in the table’s Primary Domain Impacted column which of the seven domains of a
  • 8. typical IT infrastructure will be most impacted by each risk, threat, or vulnerability listed. 31 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Qualitative Versus Quantitative The next step requests that you assign a score to each of the risks in the table from step 6. The scoring is done qualitatively, by assigning one of several labels on a scale. In this case, the scale is provided for you, ranging from Critical to Minor. Using qualitative scores to assess risks is comparatively easy and quick. The alternative is to assess quantitatively, using actual, numerical scores. Using qualitative words such as “critical” or “major” introduces subjective opinion, while citing numbers such as “Damage to be more than $3 million” or “Will cause an outage of under four hours” introduces quantitative objectivity. Quantitative scoring is more objective, but calculating risk assessment this way can take much more time. This is because it requires you to dig up hard facts. For instance, you can conduct quantitative scoring by referring to your organization’s history or claims records by answering such questions as “How often has this happened to us, or
  • 9. others?” You can also assess risks numerically by researching the costs to recover from losses. It is possible to assess risks both quantitatively and qualitatively. For example, you could quantitatively score the likelihood and consequences of each risk, for example, “under 10% chance” and “ ‘X’ number of staff lives harmed or lost.” But you could present the final score qualitatively, for example, “critical” or “needs to be addressed immediately.” 9. In your Lab Report file, using the table from step 6, perform a qualitative risk assessment by assigning a risk impact/risk factor to each of the identified risks, threats, and vulnerabilities throughout the seven domains of a typical IT infrastructure where the risk, threat, or vulnerability resides. Assign each risk, threat, and vulnerability a priority number in the table’s Risk Impact/Factor column, where: compliance (that is, privacy law requirement for securing privacy data and implementing proper security controls, and so on) and places the organization in a position of increased liability confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT
  • 10. infrastructure “3” is Minor: A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure Keep the following in mind when working on the next step: When suggesting next steps to executive management, consider your recommendations from their point of view. Be prepared to explain costs, both in implementing the controls and then in maintaining the controls. Remember that costs come in many forms, not least of which is labor. Be sure accountability is thought out in terms of roles and responsibilities. Other potential costs outside the data center include goodwill or reputation, market share, and lost opportunity. Executive management might have these costs topmost in mind. 32 | LAB #4 Performing a Qualitative Risk Assessment for an IT Infrastructure 10. In your Lab Report file, write a four-paragraph executive summary according to the following outline: eats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure)
  • 11. and minor risk assessment elements f the seven domains of a typical IT infrastructure management This completes the lab. Close the Web browser, if you have not already done so. 33 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Define the purpose and objectives of an IT risk assessment. –
  • 12. [20%] 2. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. – [20%] 3. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. – [20%] 4. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. – [20%] 5. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. – [20%] 44 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard
  • 13. decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan. You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s
  • 14. major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing
  • 15. the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 45 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 46 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure
  • 16. Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure in that lab: 47
  • 17. Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability
  • 18. Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance
  • 19. User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 48 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 5. In your Lab Report file, organize the qualitative risk assessment data according to the
  • 20. following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. ” risks, threats, and vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window.
  • 21. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. In your Lab Report file, describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. In your Lab Report file, describe the elements of an IT risk- mitigation plan outline by covering the following major topics: ilities organized into the seven domains throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities
  • 22. -mitigation steps for the seven domains of a typical IT infrastructure solutions 49 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 11. In your Lab Report file, create a detailed IT risk-mitigation plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. 50 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure
  • 23. Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. – [20%] 2. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. – [20%] 3. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. – [20%] 4. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. – [20%] 5. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. – [20%]