SlideShare a Scribd company logo

Business impacts and probability matrixRunning head BUSI

Download as DOCX, PDF
T
TawnaDelatorrejs

Business impacts and probability matrix.docx Running head: BUSINESS IMPACTS AND PROBABILITIES MATRIX 2 BUSINESS IMPACTS AND PROBABILITIES MATRIX 2 Business Impacts and Probabilities Matrix Name Institution Date Business Impacts and Probabilities Matrix The following matrix will be used to understand the probability of occurrence of the explored threats and their relevant impacts on the business operations of the target company. With the use of the above matrix, the following outcomes were realized on the identified physical and non-physical threats to the vulnerable systems of the company. Threats Probability Impact Ransomware Most certainly Extreme risks Phishing attacks Most certainly Extreme risks Hacking Most certainly Extreme risks Cracking Most certainly Extreme risks Hurricane and earthquake Possible Low risks Fire and Floods Possible Low risks Professional hacking Most certainly Extreme risks Eternal Inputs of Threats and Vulnerabilities.docx Running head: EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2 EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2 External Inputs of Threats and Vulnerabilities Name Institution Date External Inputs of Threats and Vulnerabilities The external inputs of threats and vulnerability are some of the potential best practices that are integrated by a company to ensure the protection of its vulnerable system to threats. Such measures include internal vulnerability mitigation practices, information management practices, and external vulnerability assessment practices (Wu, Li, Teng, Chen, & Wang, 2020). The company should ensure a positive response to such practices through effective compliance to ethics of practice, effective management of change process, and integration of a high level of professionalism and skills in the establishment of a change in its systems. Reference Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A partition computing-based positive matrix factorization (PC-PMF) approach for the source apportionment of agricultural soil heavy metal contents and associated health risks. Journal of Hazardous Materials, 388, 121766. Vulnerability Asset List.docx Running head: VULNERABILITY ASSETS LIST 2 VULNERABILITY ASSETS LIST 2 Vulnerability Assets List Name Institution Date Vulnerability Assets List The identified issue in the midsize company is related to system security. The security issue of the company is associated with a huge gap in both the physical and non-physical components of the organizational system. The physical Vulnerability Assets List · The organizational computers · Physical infrastructure · Human resources The alr ...

Education
1 of 27
Business impacts and probability matrix.docx Running head: BUSINESS IMPACTS AND PROBABILITIES MATRIX 2 BUSINESS IMPACTS AND PROBABILITIES MATRIX 2 Business Impacts and Probabilities Matrix Name Institution Date Business Impacts and Probabilities Matrix The following matrix will be used to understand the probability of occurrence of the explored threats and their relevant impacts on the business operations of the target company. With the use of the above matrix, the following outcomes were
realized on the identified physical and non-physical threats to the vulnerable systems of the company. Threats Probability Impact Ransomware Most certainly Extreme risks Phishing attacks Most certainly Extreme risks Hacking Most certainly Extreme risks Cracking Most certainly Extreme risks Hurricane and earthquake Possible Low risks Fire and Floods Possible Low risks Professional hacking Most certainly Extreme risks Eternal Inputs of Threats and Vulnerabilities.docx Running head: EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2 EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2
External Inputs of Threats and Vulnerabilities Name Institution Date External Inputs of Threats and Vulnerabilities The external inputs of threats and vulnerability are some of the potential best practices that are integrated by a company to ensure the protection of its vulnerable system to threats. Such measures include internal vulnerability mitigation practices, information management practices, and external vulnerability assessment practices (Wu, Li, Teng, Chen, & Wang, 2020). The company should ensure a positive response to such practices through effective compliance to ethics of practice, effective management of change process, and integration of a high level of professionalism and skills in the establishment of a change in its systems.
Reference Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A partition computing-based positive matrix factorization (PC- PMF) approach for the source apportionment of agricultural soil heavy metal contents and associated health risks. Journal of Hazardous Materials, 388, 121766. Vulnerability Asset List.docx Running head: VULNERABILITY ASSETS LIST 2 VULNERABILITY ASSETS LIST 2 Vulnerability Assets List Name Institution
Date Vulnerability Assets List The identified issue in the midsize company is related to system security. The security issue of the company is associated with a huge gap in both the physical and non-physical components of the organizational system. The physical Vulnerability Assets List · The organizational computers · Physical infrastructure · Human resources The already established analysis of the status of the organizational security gaps indicates that the company does not invest much in its physical security. The company has security personnel located at the main entrance of the premises. The company has secure access to the entrance of the building, which is only dedicated to the office of the CEO. Other computers including the one located in the production unit are not well secured. Anyone including employees of relevant departments can easily access various components of the computer, something that imposes harm to the physical computers if not to mention the internal element of the company computers. Such a gap in the physical infrastructure of the company is a clear indication that the building where the physical technological resources are located is not well secured and is vulnerable to theft among other security issues. Lack of cameras among other automated security systems in the main entrance indicates that thieves can easily intrude into the premises and steal relevant computer devices (Humayun, Niazi,
Jhanjhi, Alshayeb, & Mahmood, 2020). With such a gap, which would allow illegal intrusion into the compound, the safety of the human resources operating the technology infrastructure of the company is also not guaranteed. The actual premise can also be damaged with the existence of unauthorized access. Such damage may interfere with the normal operation of the organizational system. Therefore, the management system of the company should influence relevant security measures for handling the vulnerability of its physical assets to i nsecurity matters. The non-physical Vulnerable Assets List · Organizational software · Financial information · Supplier information · Customer information · Employee information · Managerial information stored within the system Nonphysical assets are intangible commodities that are critical to the adoption and implementation of organizational systems. One significant non-physical but technical component of systems is software. The company uses an illegally acquired Windows 10. As the operating system of the system, it creates a gap that can be used by hackers to access other software. Other applications including the operating system adopted in the company are vulnerable to hacking among other potential threats to the systems. The illegal access into the system through the identified system gaps such as illegally acquired Windows 10 makes the stored information in the system to be vulnerable to insecurity threats (Adepu, Palleti, Mishra, & Mathur, 2020). Theft and damage of the stored information into the system are likely threats that the organizational system deems vulnerable, something that the management system of the company should handle with impressive measures. References
Adepu, S., Palleti, V. R., Mishra, G., & Mathur, A. (2020). Investigation of cyber attacks on a water distribution system. International Conference on Applied Cryptography and Network Security, 274-291. Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020). Cyber security threats and vulnerabilities: a systematic mapping study. Arabian Journal for Science and Engineering, 45(4), 3171-3189. Internal and External Threat Lists.docx Running head: INTERNAL AND EXTERNAL THREAT LISTS 2 INTERNAL AND EXTERNAL THREAT LISTS 2 Internal and External Threat Lists Name Institution Date
Internal and External Threat Lists The basis of the organizational threats to the security of the systems is based on their sources, which may be realized either internally or externally. The external threats are those factors that affect the security of the system from the outside of the company. On the other hand, the internal threats are the existing gap in the management of the systems influenced by the company itself. Exploration and understanding of the sources of the threats assist in promoting effective measures to the threats based on their nature and origin. Internal Threats List · Ransomware Ransomware is malicious software with the ability to infect a computer and restrict system users from accessing the system until a particular ransom is paid (Bansal, Deligiannis, Maddila, & Rao, 2020). The existing research on ransomware confirms that most of the phishing emails for illegal access to a system are achieved by employees of a company. Relevantly, lack of proper knowledge and understanding of effective utilization and integration of security in the adoption and implementation of technology is also confirmed to be responsible for increased ransomware threats in most companies. The contracting organization achieves limited attention to professionalism with the increased adoption of technology. This affects the influenced commitments to security management, a factor that creates room for ransomware threats. Also, ineffective management of ethical policies in the company plays a significant role in influencing the environment for threats related to ransomware. The existing gaps in the management of illegal access of the systems lead to threats to the security of the systems. Therefore, the company should engage relevant measures to ethical compliance and professionalism to handle
issues related to ransomware. · Phishing attacks Another potential threat to the system of the company is phishing attacks. Phishing attacks normally occur with an engaged social engineering attack with the main intention of stealing user data (Alabdan, 2020). The main perpetrators of phishing attacks are untrusted entities who can get access to critical information of the company. The perpetrators normally use login credentials to get access to the system ad does away with important credentials. At times, such illegal intrusions are influenced by other outsiders who collaborate with internal employees to steal important access credentials. Storage of important login credentials without a proper security protocol is also another path used by the illegal intruders with prompt engineering entering skills to have access to the system. The company’s security structure is poorly integrated, a factor that is seen right from the adopted applications to run the entire system. The gap in the management of the security, especially, with poorly integrated security policies creates a path for potential phishing activities into the systems. For that matter, the company should pay attention to the management of its security system including engagement of a high level of professionalism to handle matters related to phishing in its systems. · Hacking Hacking is also another threat that would interfere with the normal management t of the system including the stored information within the system. Hacking is an engaged intrusion into the systems of an organization with unauthorized users to steal, harm, or manipulate the stored information in the target systems (Lyócsa, Molnár, Plíhal, & Širaňová, 2020). Most of the unauthorized access into the system or cyber intrusion attempts are normally achieved using this mechanism. However, the establishment of the described unauthorized access is normally done in systems without properly integrated security measures. The company in question is confirmed to lack
effective security measures for its system. Other than using unsecured Windows, it is also evident that the company operates the old forms of technology in establishing and implementing its business decisions. This makes the organizational systems and the stored information in the systems to be vulnerable to hacking activities, a factor that would endanger the system and its relevant resources. In essence, there is a great need for a more secure system with the ability to prevent hacking and other related insecure activities. · Cracking The status of the system of the company is also clear evidence that it is vulnerable to cracking threats. The company’s system is not well designed to prevent potential unauthorized intrusion into the system. Such assumption is based on the nature of the used resources to establish the structure of the organizational systems. The adopted Windows from torrent sites renders the organizational systems to potential tracking activity, a gap that would expose the stored information within the system to unauthorized users with ill intentions. This has an impact on the security and vulnerability of the organizational system and information stored in the system to threats. Therefore, the company in question should ensure relevant measures for ascertaining system security by adopting genuine Windows and embracing improved professionalism in the development of its system infrastructure and usage of the system for business reasons. External Threats List The potential threats to the systems of the company can also come from outside the organization. While some of the threats can be natural, others are manmade. Nevertheless, the ability of such threats to affect the systems is based on the influenced preparation by the company to mitigate the threats or eliminate the impacts of the threats. Examples of the external threats to the system of the company based on the explored security gap in the target systems include: · Hurricanes and Earthquakes
Hurricanes are natural disasters that can be a threat to the normal operation of the systems. The existence of hurricanes can not only destroy the physical structure where physical components of the system are located and operated but also critical factors that determine the successful operation of the system such as the network (Tabrizchi & Kuchaki Rafsanjani, 2020). The explored status of the company indicates that the organization pays little attention to the security of the physical components of its systems. This is a clear indication that the systems of the company are vulnerable to natural threats such as hurricanes among others. · Fires and floods Huge fires can be both natural and manmade. Effective preparations for potential disasters should influence measures for reducing the impacts of natural fires while eliminating factors that would be responsible for manmade fires, as well as, laying potential measures for protecting the company and its systems from impacts of manmade fires. The inability of the company to influence effective measures for preventing the vulnerability of its physical assets to threats is clear evidence that its system is vulnerable to fire threats. For that matter, there is a need for the management system of the company to facilitate measures aimed at protecting its physical assets from threats. · Professional hacking Professional hackings are normally achieved by an individual outside the company who uses built systems to access the organizational information through the used network. The company uses a privately managed network system. Nevertheless, professionals can still hack such networks and access critical information for personal reasons such as phishing (Alabdan, 2020). Therefore, the company should encourage impressive commitment to managing its network activities to prevent insecure attempts on its systems by external hackers.
References Alabdan, R. (2020). Phishing attacks survey: Types, vectors, and technical approaches. Future Internet, 12(10), 168. Bansal, C., Deligiannis, P., Maddila, C., & Rao, N. (2020). Studying ransomware attacks using web search logs. Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval, 1517- 1520. Lyócsa, Š., Molnár, P., Plíhal, T., & Širaňová, M. (2020). Impact of macroeconomic news, regulation and hacking exchange markets on the volatility of bitcoin. Journal of Economic Dynamics and Control, 119, 103980. Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing, 76(12), 9493-9532. Risk Assessment Summary Report (2).docx Running head: RISK ASSESSMENT SUMMARY REPORT
2 RISK ASSESSMENT SUMMARY REPORT 2 Risk Assessment Summary Report Name Institution Date Risk Assessment Summary Report The ideal risks to the systems of the company are cyber insecurity and the destruction of the physical infrastructure. However, based on the engaged ranking, it is evident that the contract company is vulnerable to cyber insecurity risks compared to other risks caused by the already identified threats. Therefore, it is important to explore and understand the probable cause of cyber insecurity in the company, effective measures for mitigating threats associated with cyber insecurity, and the recommendations for the company as far as the security of its system is concerned.
Underlying Causes of Cyber Insecurity The establishment of a perfect solution to the issue of cyber insecurity calls for considering the subject matter, the technical, managerial, and administrative backgrounds. In essence, the underlying causes of cyber insecurity can be approached on technical, managerial, and administrative backgrounds Managerial Causes of Cyber Insecurity The issue of cyber insecurity can be linked to managerial gaps undermining effective compliance to ethics and legal assumptions related to the subject matter. Companies are normally required to promote measures for realizing effective and efficient use of technology. Although most companies have relevant policies for ensuring the impressive engagement of technology to handle business matters, limited attention has been influenced in realizing prompt management of such internal policies. Lack of ethical compliance in the use of the existing internal policies for managing technology use has been reported in most companies (Almudaires, Rahman, & Almudaires, 2021). Other than the inability of employees to follow the existing protocols for realizing perfect technology use, management parties concerned also lack relevant frameworks for ensuring accuracy in the implementation of technology factors to conduct businesses. With such a management gap, there has been an increase in the number of reported cases in various legal establishments around the world. Most of the theft of company information stored in the cloud is influenced by internal employees even with the existing standards of handling such matters in business environments. Therefore, there is a significant need for an improved solution to cyber insecurity both within the management departments in companies and externally through other relevant mechanisms. Technical Contributors of Cyber Insecurity The technical contributor of cyber insecurity is based on the influenced commitments to designing and developing the system architecture. Relevant standards have been established to guide developers through designing processes to ascertain top-level
security in the established systems. Lack of effective compliance to such design and development standards has contributed significantly to the existing vulnerability of systems to potential threats of cyber insecurity (Paich, 2017). Such a gap in the establishment of system architecture is brought about by the lack of enough time and resources for achieving the objectives of existing designing standards. Another factor that also plays a big role in the existence of technical contributors to cyber insecurity is improper demands from clients. For example, inaccurate or fixed plans in the designing timelines have ensured ineffectiveness in the developed systems to enhance security. For that matter, it is proper to ensure a solution that handles the technical component of system establishment and its role in promoting cyber insecurity. Administrative Contributors of Cyber Insecurity The administrative contributors to cyber insecurity encompass all relevant measures for ensuring efficiency and effectiveness in the development, adoption, and use of technology to handle both the social and economic needs of the system users. Particularly, it is the role of the government to ensure that technology is used effectively and legally to create a better environment for both economic and social integration. To achieve this, the government creates laws that are pertinent to maintaining security, reliability, and efficiency in the adoption and implementation of technology. Regardless of the existing legal formalities underlying effectiveness and efficiency in the use of technological factors, matters of cyber insecurity have been on the rise in all global countries (Srinivas, Das, & Kumar, 2019). This is a clear indication that the existing legal measures for promoting a fair and secure engagement of technological factors are proving irrelevant in serving their intended purposes. The engagement of politics in the implementation of technology has hindered the ability of the existing legal measures to influence the desired results in managing cyber security issues globally. Therefore, the proposed solution to the issue of insecurity should also look at the administrative perspective of
the subject matter. Mitigation Strategies for Cyber Insecurity One of the probable strategies for enhancing a secure system that influences cyber security calls for the engagement of perfect management of the existing standards for system development. Most of the system developers hired by companies to participate in designing and managing systems are only teams of professionals. Companies pay little attention to matters of compliance or qualifications to adopt system designing standards when hiring the required teams of specialists (Paich, 2017). To handle this issue, every country in the world will be required to have a special agency that registers all system developers upon passing a specific test related to standards and guidelines for system designing. Business companies will only be required to higher professionals who present a certificate of performance and approval certificates related to standards and guidelines of system development. This strategy will work to ensure a team of professionals who are ethically and legally compliant in the engagement of their design and development abilities. With this, matters related to lack of compliance to cyber security standards while developing systems will be approached with effective technical measures. Incidences of lack of integration of cyber security protocols in the established systems will be reduced and eliminated to create a perfect environment for promoting cyber security (Sabillon, Cavaller, & Cano, 2016). Another strategy for mitigating the risk of cyber insecurity calls for engaging business companies in encouraging compliance to cyber security standards and guidelines for achieving the subject matter. Concerning the explored strategies, it is a recommendation for the company to ensure perfect research on networking technology to eliminate the potentiality of the use of the old technologies such as computers to hack information through the internet.
References Almudaires, F., Rahman, M. H., & Almudaires, M. (2021). An Overview of Cybersecurity, Data Size and Cloud Computing in light of Saudi Arabia 2030 Vision. 2021 International Conference on Information Technology (ICIT), 268-273. Paich, J. (2017, January 24). CMS Recommendations for Providers and Suppliers for Cyber Security. Retrieved from MCN Healthcare: https://www.mcnhealthcare.com/cms- recommendations-providers-suppliers-cyber- security/#:~:text=CMS%20encourages%20providers%20to%20c onsider%20cyber- security%20as%20an,cyber%20security%20protocols%20to%20 their%20policies%20and%20procedures Sabillon, R., Cavaller, V., & Cano, J. (2016). National cyber security strategies: global trends in cyberspace. International Journal of Computer Science and Software Engineering, 5(5), 67. Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188. Prioritized Risk and Response Matrix.docx Running head: PRIORITIZED RISK AND RESPONSE MATRIX 2
PRIORITIZED RISK AND RESPONSE MATRIX 2 Prioritized Risk and Response Matrix Name Institution Date Prioritized Risk and Response Matrix The potential risks that would be realized from the impacts of the identified threats to the systems of the company include loss of information, damage of the stored information, destruction of physical components of the system, cyber insecurity, theft of information, loss of potential professionals, and manipulation of stored information (Wu, Li, Teng, Chen, & Wang, 2020). The probable response to the risks includes engagement of system management policies, use of genuine applications, adopting privately managed systems, securing the physical structure of the system, use of the private network, and proper architecture of the network infrastructure. The following matrix indicates the prioritized risks and their corresponding response
mechanism for the target mid-sized company. Priority Risk Response 1 Cyber insecurity Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, and proper architecture of the network infrastructure 2 Theft of stored data Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, system management policies, and proper architecture of the network infrastructure 3 Destruction of the physical component of the systems Securing the physical structure of the system 4 Loss of stored information Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, system management policies, and proper architecture of the network infrastructure 5 Manipulation pf stored information Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, system management policies, and proper architecture of the network infrastructure 6 Loss of potential professionals Securing the physical structure of the system and system management policies
Reference Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A partition computing-based positive matrix factorization (PC- PMF) approach for the source apportionment of agricultural soil heavy metal contents and associated health risks. Journal of Hazardous Materials, 388, 121766. Project 3: Business Continuity Project 3: Business Continuity is a two-week project that continues to build upon the first two projects: the Vulnerability Assessment and the Risk Assessment. Project 3 provides the opportunity to design and describe the implementation, testing, and maintenance of an enterprise business continuity plan (BCP). The final deliverable should ensure alignment with organizational goals and objectives. Every enterprise needs a carefully crafted road map to return to operational status in case of a cyber event. A BCP is that map. Start Here Print Project In the process of enterprise risk management, a primary element is the business continuity plan (BCP), which consists of steps to continue operations should a worst-case scenario event take place. Your work on vulnerabilities, threats, and risk in the first two projects will support this. The BCP assignment will detail the following elements:
· resources required and defined stakeholder roles · business impact analysis · recommended preventative controls · recovery strategies · contingency plan that includes implementation and maintenance guidelines and defined procedures for testing the plan Grades are determined on the ability to clearly articulate a developed, effective business continuity plan that considers relevant environmental factors and aligns with organizational objectives. This is the third of four sequential projects. There are 13 steps in this project. Begin below to review your project scenario. Scenario You are working at your desk when your boss, CIO Maria Sosa, stops by. Maria says: Did you hear that we won the contract to provide cloud-based computer services for Enrocca? This is a high- profile contract, and working with this federal client is a big win for us. You respond: That's great news. I know that the compliance requirements for working with a federal agency are pretty substantial and include a thorough business continuity plan. We'll need to meet or exceed the federal standards for compliance, so we should start the process of updating our BCP soon. Maria nods and replies: Good point. Remember when the Poser Soft servers were damaged by that flood last year? That caused them to be late on their deliverables to Enrocca. We definitely don't want something like that to happen to us. As Maria is speaking, you remember that a friend of yours was laid off when Poser Soft lost the Enrocca contract because of that very incident. You assure Maria that you'll get started on the new BCP this week.
Close Competencies Your work will be evaluated using the competencies listed below. · 1.4: Tailor communications to the audience. · 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. · 9.1: Continuity Planning and Implementation: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objective Artifacts to submit for this project Top of Form 1) BCP scope 2) Business impact analysis 3) Key resources and stake holders 4) Preventive controls list 5) Viable recovery strategies 6) Contingency plan 7) Business continuity plan NB; This I what is required for the last artifact ( Business Continuity Plan) Turnitin® This assignment will be submitted to Turnitin®. Hide RubricsRubric Name: Business Continuity Plan Print Rubric This table lists criteria and criteria group names in the first column. The first row lists level names and includes scores if the rubric uses a numeric scoring method. You can give feedback on each criterion by tabbing to the add feedback
buttons in the table.Competency 1.4: Tailor communications to the audience. 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Associated Learning Objectives 1.4.1: Identify target audience. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 1.4.2: Explain unfamiliar terms and material. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 1.4.3: Employ precise, appropriate language. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements
1.4.4: Use audience-appropriate, consistent tone. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 1.4.5: Avoid language which indicates bias against individuals/groups their affiliations, orientations and beliefs. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 2.3.1: Evaluate reliability, validity, accuracy, authority, timeliness, and point of view. Assessment Method: Score on Criteria - 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. Required Performance: Meets Performance Requirements 2.3.2: Evaluate the structure and logic of arguments and methods.
Assessment Method: Score on Criteria - 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. Required Performance: Meets Performance Requirements 2.3.3: Select and incorporate information that provides evidence for the topic Assessment Method: Score on Criteria - 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. Required Performance: Meets Performance Requirements 9.1.1: Define the scope of the enterprise continuity of operations program (COOP) to address business continuity, business recovery, contingency planning, disaster recovery, and related activities. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.2: Identify the resources and roles of different stakeholders in business continuity programs. Assessment Method: Score on Criteria - 9.1: Develop,
implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.3: Conduct a business impact analysis (BIA). Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.4: Recommend preventive controls that are aligned with organizational goals and strategies. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.5: Develop recovery strategies. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements
9.1.6: Create a contingency plan that includes implementation and maintenance. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements Bottom of Form

Recommended

Childhood Abuse and Delinquency       150 Words Research regarding.docx
Childhood Abuse and Delinquency       150 Words Research regarding.docxChildhood Abuse and Delinquency       150 Words Research regarding.docx
Childhood Abuse and Delinquency       150 Words Research regarding.docx
TawnaDelatorrejs
 
Childrens StoryKnowing how to address a variety of situations in .docx
Childrens StoryKnowing how to address a variety of situations in .docxChildrens StoryKnowing how to address a variety of situations in .docx
Childrens StoryKnowing how to address a variety of situations in .docx
TawnaDelatorrejs
 
Children build their identities based on what they are exposed to, a.docx
Children build their identities based on what they are exposed to, a.docxChildren build their identities based on what they are exposed to, a.docx
Children build their identities based on what they are exposed to, a.docx
TawnaDelatorrejs
 
Child poverty and homelessness are two of the most complex problems .docx
Child poverty and homelessness are two of the most complex problems .docxChild poverty and homelessness are two of the most complex problems .docx
Child poverty and homelessness are two of the most complex problems .docx
TawnaDelatorrejs
 
Child abuse and neglect are critical issues inherent in the field of.docx
Child abuse and neglect are critical issues inherent in the field of.docxChild abuse and neglect are critical issues inherent in the field of.docx
Child abuse and neglect are critical issues inherent in the field of.docx
TawnaDelatorrejs
 
Check.DescriptionI need help with this one-page essay Please!Co.docx
Check.DescriptionI need help with this one-page essay Please!Co.docxCheck.DescriptionI need help with this one-page essay Please!Co.docx
Check.DescriptionI need help with this one-page essay Please!Co.docx
TawnaDelatorrejs
 
Check the paper you write and add your perspective I forgot to say s.docx
Check the paper you write and add your perspective I forgot to say s.docxCheck the paper you write and add your perspective I forgot to say s.docx
Check the paper you write and add your perspective I forgot to say s.docx
TawnaDelatorrejs
 
Check out attachments and read instructions before you make Hand Sh.docx
Check out attachments and read instructions before you make Hand Sh.docxCheck out attachments and read instructions before you make Hand Sh.docx
Check out attachments and read instructions before you make Hand Sh.docx
TawnaDelatorrejs
 

Recommended

Childhood Abuse and Delinquency       150 Words Research regarding.docx
Childhood Abuse and Delinquency       150 Words Research regarding.docxChildhood Abuse and Delinquency       150 Words Research regarding.docx
Childhood Abuse and Delinquency       150 Words Research regarding.docx
TawnaDelatorrejs
 
Childrens StoryKnowing how to address a variety of situations in .docx
Childrens StoryKnowing how to address a variety of situations in .docxChildrens StoryKnowing how to address a variety of situations in .docx
Childrens StoryKnowing how to address a variety of situations in .docx
TawnaDelatorrejs
 
Children build their identities based on what they are exposed to, a.docx
Children build their identities based on what they are exposed to, a.docxChildren build their identities based on what they are exposed to, a.docx
Children build their identities based on what they are exposed to, a.docx
TawnaDelatorrejs
 
Child poverty and homelessness are two of the most complex problems .docx
Child poverty and homelessness are two of the most complex problems .docxChild poverty and homelessness are two of the most complex problems .docx
Child poverty and homelessness are two of the most complex problems .docx
TawnaDelatorrejs
 
Child abuse and neglect are critical issues inherent in the field of.docx
Child abuse and neglect are critical issues inherent in the field of.docxChild abuse and neglect are critical issues inherent in the field of.docx
Child abuse and neglect are critical issues inherent in the field of.docx
TawnaDelatorrejs
 
Check.DescriptionI need help with this one-page essay Please!Co.docx
Check.DescriptionI need help with this one-page essay Please!Co.docxCheck.DescriptionI need help with this one-page essay Please!Co.docx
Check.DescriptionI need help with this one-page essay Please!Co.docx
TawnaDelatorrejs
 
Check the paper you write and add your perspective I forgot to say s.docx
Check the paper you write and add your perspective I forgot to say s.docxCheck the paper you write and add your perspective I forgot to say s.docx
Check the paper you write and add your perspective I forgot to say s.docx
TawnaDelatorrejs
 
Check out attachments and read instructions before you make Hand Sh.docx
Check out attachments and read instructions before you make Hand Sh.docxCheck out attachments and read instructions before you make Hand Sh.docx
Check out attachments and read instructions before you make Hand Sh.docx
TawnaDelatorrejs
 
check out the attachment, it has prompt, use the 4 website to quote .docx
check out the attachment, it has prompt, use the 4 website to quote .docxcheck out the attachment, it has prompt, use the 4 website to quote .docx
check out the attachment, it has prompt, use the 4 website to quote .docx
TawnaDelatorrejs
 
Charles Mann is not only interested in how American societies arrive.docx
Charles Mann is not only interested in how American societies arrive.docxCharles Mann is not only interested in how American societies arrive.docx
Charles Mann is not only interested in how American societies arrive.docx
TawnaDelatorrejs
 
Check out attachments and read instructions before you make Hand Sha.docx
Check out attachments and read instructions before you make Hand Sha.docxCheck out attachments and read instructions before you make Hand Sha.docx
Check out attachments and read instructions before you make Hand Sha.docx
TawnaDelatorrejs
 
Chapters 5-8. One very significant period in Graphic Design History .docx
Chapters 5-8. One very significant period in Graphic Design History .docxChapters 5-8. One very significant period in Graphic Design History .docx
Chapters 5-8. One very significant period in Graphic Design History .docx
TawnaDelatorrejs
 
childrens right in Pakistan.6 pagesat least 7 referencesAPA s.docx
childrens right in Pakistan.6 pagesat least 7 referencesAPA s.docxchildrens right in Pakistan.6 pagesat least 7 referencesAPA s.docx
childrens right in Pakistan.6 pagesat least 7 referencesAPA s.docx
TawnaDelatorrejs
 
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docxCHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
TawnaDelatorrejs
 
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docxChapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
TawnaDelatorrejs
 
Chapter 9 provides a discussion of the challenges of identifying ELL.docx
Chapter 9 provides a discussion of the challenges of identifying ELL.docxChapter 9 provides a discussion of the challenges of identifying ELL.docx
Chapter 9 provides a discussion of the challenges of identifying ELL.docx
TawnaDelatorrejs
 
Chapter 8 -- Crimes            1.            Conduct that may be.docx
Chapter 8 -- Crimes            1.            Conduct that may be.docxChapter 8 -- Crimes            1.            Conduct that may be.docx
Chapter 8 -- Crimes            1.            Conduct that may be.docx
TawnaDelatorrejs
 
chapter 5 Making recommendations for I studied up to this .docx
chapter 5 Making recommendations for I studied up to this .docxchapter 5 Making recommendations for I studied up to this .docx
chapter 5 Making recommendations for I studied up to this .docx
TawnaDelatorrejs
 
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docxChapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
TawnaDelatorrejs
 
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docxChapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
TawnaDelatorrejs
 
Chapter 3 Case Study - Creating Intelligence Systems in Corrections.docx
Chapter 3 Case Study - Creating Intelligence Systems in Corrections.docxChapter 3 Case Study - Creating Intelligence Systems in Corrections.docx
Chapter 3 Case Study - Creating Intelligence Systems in Corrections.docx
TawnaDelatorrejs
 
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docxChapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
TawnaDelatorrejs
 
Chapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docx
Chapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docxChapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docx
Chapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docx
TawnaDelatorrejs
 
Chapter 27 Management of Patients with Coronary Vascular Disord.docx
Chapter 27 Management of Patients with Coronary Vascular Disord.docxChapter 27 Management of Patients with Coronary Vascular Disord.docx
Chapter 27 Management of Patients with Coronary Vascular Disord.docx
TawnaDelatorrejs
 
Chapter 266. Duty of Loyalty. Are there situations in which .docx
Chapter 266. Duty of Loyalty. Are there situations in which .docxChapter 266. Duty of Loyalty. Are there situations in which .docx
Chapter 266. Duty of Loyalty. Are there situations in which .docx
TawnaDelatorrejs
 
Chapter 4 1. You say, Hi, how are you” and your conversati.docx
Chapter 4 1. You say, Hi, how are you” and your conversati.docxChapter 4 1. You say, Hi, how are you” and your conversati.docx
Chapter 4 1. You say, Hi, how are you” and your conversati.docx
TawnaDelatorrejs
 
Chapter 21.  Describe the political system in India (Kingship). .docx
Chapter 21.  Describe the political system in India (Kingship). .docxChapter 21.  Describe the political system in India (Kingship). .docx
Chapter 21.  Describe the political system in India (Kingship). .docx
TawnaDelatorrejs
 
Chapter 16 Renal System and Male reproductive System1. The acti.docx
Chapter 16 Renal System and Male reproductive System1. The acti.docxChapter 16 Renal System and Male reproductive System1. The acti.docx
Chapter 16 Renal System and Male reproductive System1. The acti.docx
TawnaDelatorrejs
 

More Related Content

More from TawnaDelatorrejs

check out the attachment, it has prompt, use the 4 website to quote .docx
check out the attachment, it has prompt, use the 4 website to quote .docxcheck out the attachment, it has prompt, use the 4 website to quote .docx
check out the attachment, it has prompt, use the 4 website to quote .docx
TawnaDelatorrejs
 
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docxCHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
TawnaDelatorrejs
 
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docxChapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
TawnaDelatorrejs
 
Chapter 9 provides a discussion of the challenges of identifying ELL.docx
Chapter 9 provides a discussion of the challenges of identifying ELL.docxChapter 9 provides a discussion of the challenges of identifying ELL.docx
Chapter 9 provides a discussion of the challenges of identifying ELL.docx
TawnaDelatorrejs
 
Chapter 8 -- Crimes            1.            Conduct that may be.docx
Chapter 8 -- Crimes            1.            Conduct that may be.docxChapter 8 -- Crimes            1.            Conduct that may be.docx
Chapter 8 -- Crimes            1.            Conduct that may be.docx
TawnaDelatorrejs
 
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docxChapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
TawnaDelatorrejs
 
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docxChapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
TawnaDelatorrejs
 
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docxChapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
TawnaDelatorrejs
 
Chapter 27 Management of Patients with Coronary Vascular Disord.docx
Chapter 27 Management of Patients with Coronary Vascular Disord.docxChapter 27 Management of Patients with Coronary Vascular Disord.docx
Chapter 27 Management of Patients with Coronary Vascular Disord.docx
TawnaDelatorrejs
 
Chapter 266. Duty of Loyalty. Are there situations in which .docx
Chapter 266. Duty of Loyalty. Are there situations in which .docxChapter 266. Duty of Loyalty. Are there situations in which .docx
Chapter 266. Duty of Loyalty. Are there situations in which .docx
TawnaDelatorrejs
 
Chapter 4 1. You say, Hi, how are you” and your conversati.docx
Chapter 4 1. You say, Hi, how are you” and your conversati.docxChapter 4 1. You say, Hi, how are you” and your conversati.docx
Chapter 4 1. You say, Hi, how are you” and your conversati.docx
TawnaDelatorrejs
 
Chapter 21.  Describe the political system in India (Kingship). .docx
Chapter 21.  Describe the political system in India (Kingship). .docxChapter 21.  Describe the political system in India (Kingship). .docx
Chapter 21.  Describe the political system in India (Kingship). .docx
TawnaDelatorrejs
 
Chapter 16 Renal System and Male reproductive System1. The acti.docx
Chapter 16 Renal System and Male reproductive System1. The acti.docxChapter 16 Renal System and Male reproductive System1. The acti.docx
Chapter 16 Renal System and Male reproductive System1. The acti.docx
TawnaDelatorrejs
 

More from TawnaDelatorrejs (20)

check out the attachment, it has prompt, use the 4 website to quote .docx
check out the attachment, it has prompt, use the 4 website to quote .docxcheck out the attachment, it has prompt, use the 4 website to quote .docx
check out the attachment, it has prompt, use the 4 website to quote .docx
 
Charles Mann is not only interested in how American societies arrive.docx
Charles Mann is not only interested in how American societies arrive.docxCharles Mann is not only interested in how American societies arrive.docx
Charles Mann is not only interested in how American societies arrive.docx
 
Check out attachments and read instructions before you make Hand Sha.docx
Check out attachments and read instructions before you make Hand Sha.docxCheck out attachments and read instructions before you make Hand Sha.docx
Check out attachments and read instructions before you make Hand Sha.docx
 
Chapters 5-8. One very significant period in Graphic Design History .docx
Chapters 5-8. One very significant period in Graphic Design History .docxChapters 5-8. One very significant period in Graphic Design History .docx
Chapters 5-8. One very significant period in Graphic Design History .docx
 
childrens right in Pakistan.6 pagesat least 7 referencesAPA s.docx
childrens right in Pakistan.6 pagesat least 7 referencesAPA s.docxchildrens right in Pakistan.6 pagesat least 7 referencesAPA s.docx
childrens right in Pakistan.6 pagesat least 7 referencesAPA s.docx
 
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docxCHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
CHAPTER ONEIntroductionLearning Objectives• Be able to concept.docx
 
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docxChapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
Chapter TenThe Federal JudiciaryBrian M. MurphyLearnin.docx
 
Chapter 9 provides a discussion of the challenges of identifying ELL.docx
Chapter 9 provides a discussion of the challenges of identifying ELL.docxChapter 9 provides a discussion of the challenges of identifying ELL.docx
Chapter 9 provides a discussion of the challenges of identifying ELL.docx
 
Chapter 8 -- Crimes            1.            Conduct that may be.docx
Chapter 8 -- Crimes            1.            Conduct that may be.docxChapter 8 -- Crimes            1.            Conduct that may be.docx
Chapter 8 -- Crimes            1.            Conduct that may be.docx
 
chapter 5 Making recommendations for I studied up to this .docx
chapter 5 Making recommendations for I studied up to this .docxchapter 5 Making recommendations for I studied up to this .docx
chapter 5 Making recommendations for I studied up to this .docx
 
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docxChapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
Chapter 4. Terris, Daniel. (2005) Ethics at Work Creating Virtue at.docx
 
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docxChapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
Chapter 41. Read in the text about Alexanders attempt to fuse Gre.docx
 
Chapter 3 Case Study - Creating Intelligence Systems in Corrections.docx
Chapter 3 Case Study - Creating Intelligence Systems in Corrections.docxChapter 3 Case Study - Creating Intelligence Systems in Corrections.docx
Chapter 3 Case Study - Creating Intelligence Systems in Corrections.docx
 
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docxChapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
Chapter 22 Study Guide The Early Industrial Revolution, 1760-18.docx
 
Chapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docx
Chapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docxChapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docx
Chapter 2 Study Question 14Chapter 4 Study Question 4 and 5C.docx
 
Chapter 27 Management of Patients with Coronary Vascular Disord.docx
Chapter 27 Management of Patients with Coronary Vascular Disord.docxChapter 27 Management of Patients with Coronary Vascular Disord.docx
Chapter 27 Management of Patients with Coronary Vascular Disord.docx
 
Chapter 266. Duty of Loyalty. Are there situations in which .docx
Chapter 266. Duty of Loyalty. Are there situations in which .docxChapter 266. Duty of Loyalty. Are there situations in which .docx
Chapter 266. Duty of Loyalty. Are there situations in which .docx
 
Chapter 4 1. You say, Hi, how are you” and your conversati.docx
Chapter 4 1. You say, Hi, how are you” and your conversati.docxChapter 4 1. You say, Hi, how are you” and your conversati.docx
Chapter 4 1. You say, Hi, how are you” and your conversati.docx
 
Chapter 21.  Describe the political system in India (Kingship). .docx
Chapter 21.  Describe the political system in India (Kingship). .docxChapter 21.  Describe the political system in India (Kingship). .docx
Chapter 21.  Describe the political system in India (Kingship). .docx
 
Chapter 16 Renal System and Male reproductive System1. The acti.docx
Chapter 16 Renal System and Male reproductive System1. The acti.docxChapter 16 Renal System and Male reproductive System1. The acti.docx
Chapter 16 Renal System and Male reproductive System1. The acti.docx
 

Business impacts and probability matrixRunning head BUSI

  • 1. Business impacts and probability matrix.docx Running head: BUSINESS IMPACTS AND PROBABILITIES MATRIX 2 BUSINESS IMPACTS AND PROBABILITIES MATRIX 2 Business Impacts and Probabilities Matrix Name Institution Date Business Impacts and Probabilities Matrix The following matrix will be used to understand the probability of occurrence of the explored threats and their relevant impacts on the business operations of the target company. With the use of the above matrix, the following outcomes were
  • 2. realized on the identified physical and non-physical threats to the vulnerable systems of the company. Threats Probability Impact Ransomware Most certainly Extreme risks Phishing attacks Most certainly Extreme risks Hacking Most certainly Extreme risks Cracking Most certainly Extreme risks Hurricane and earthquake Possible Low risks Fire and Floods Possible Low risks Professional hacking Most certainly Extreme risks Eternal Inputs of Threats and Vulnerabilities.docx Running head: EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2 EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2
  • 3. External Inputs of Threats and Vulnerabilities Name Institution Date External Inputs of Threats and Vulnerabilities The external inputs of threats and vulnerability are some of the potential best practices that are integrated by a company to ensure the protection of its vulnerable system to threats. Such measures include internal vulnerability mitigation practices, information management practices, and external vulnerability assessment practices (Wu, Li, Teng, Chen, & Wang, 2020). The company should ensure a positive response to such practices through effective compliance to ethics of practice, effective management of change process, and integration of a high level of professionalism and skills in the establishment of a change in its systems.
  • 4. Reference Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A partition computing-based positive matrix factorization (PC- PMF) approach for the source apportionment of agricultural soil heavy metal contents and associated health risks. Journal of Hazardous Materials, 388, 121766. Vulnerability Asset List.docx Running head: VULNERABILITY ASSETS LIST 2 VULNERABILITY ASSETS LIST 2 Vulnerability Assets List Name Institution
  • 5. Date Vulnerability Assets List The identified issue in the midsize company is related to system security. The security issue of the company is associated with a huge gap in both the physical and non-physical components of the organizational system. The physical Vulnerability Assets List · The organizational computers · Physical infrastructure · Human resources The already established analysis of the status of the organizational security gaps indicates that the company does not invest much in its physical security. The company has security personnel located at the main entrance of the premises. The company has secure access to the entrance of the building, which is only dedicated to the office of the CEO. Other computers including the one located in the production unit are not well secured. Anyone including employees of relevant departments can easily access various components of the computer, something that imposes harm to the physical computers if not to mention the internal element of the company computers. Such a gap in the physical infrastructure of the company is a clear indication that the building where the physical technological resources are located is not well secured and is vulnerable to theft among other security issues. Lack of cameras among other automated security systems in the main entrance indicates that thieves can easily intrude into the premises and steal relevant computer devices (Humayun, Niazi,
  • 6. Jhanjhi, Alshayeb, & Mahmood, 2020). With such a gap, which would allow illegal intrusion into the compound, the safety of the human resources operating the technology infrastructure of the company is also not guaranteed. The actual premise can also be damaged with the existence of unauthorized access. Such damage may interfere with the normal operation of the organizational system. Therefore, the management system of the company should influence relevant security measures for handling the vulnerability of its physical assets to i nsecurity matters. The non-physical Vulnerable Assets List · Organizational software · Financial information · Supplier information · Customer information · Employee information · Managerial information stored within the system Nonphysical assets are intangible commodities that are critical to the adoption and implementation of organizational systems. One significant non-physical but technical component of systems is software. The company uses an illegally acquired Windows 10. As the operating system of the system, it creates a gap that can be used by hackers to access other software. Other applications including the operating system adopted in the company are vulnerable to hacking among other potential threats to the systems. The illegal access into the system through the identified system gaps such as illegally acquired Windows 10 makes the stored information in the system to be vulnerable to insecurity threats (Adepu, Palleti, Mishra, & Mathur, 2020). Theft and damage of the stored information into the system are likely threats that the organizational system deems vulnerable, something that the management system of the company should handle with impressive measures. References
  • 7. Adepu, S., Palleti, V. R., Mishra, G., & Mathur, A. (2020). Investigation of cyber attacks on a water distribution system. International Conference on Applied Cryptography and Network Security, 274-291. Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020). Cyber security threats and vulnerabilities: a systematic mapping study. Arabian Journal for Science and Engineering, 45(4), 3171-3189. Internal and External Threat Lists.docx Running head: INTERNAL AND EXTERNAL THREAT LISTS 2 INTERNAL AND EXTERNAL THREAT LISTS 2 Internal and External Threat Lists Name Institution Date
  • 8. Internal and External Threat Lists The basis of the organizational threats to the security of the systems is based on their sources, which may be realized either internally or externally. The external threats are those factors that affect the security of the system from the outside of the company. On the other hand, the internal threats are the existing gap in the management of the systems influenced by the company itself. Exploration and understanding of the sources of the threats assist in promoting effective measures to the threats based on their nature and origin. Internal Threats List · Ransomware Ransomware is malicious software with the ability to infect a computer and restrict system users from accessing the system until a particular ransom is paid (Bansal, Deligiannis, Maddila, & Rao, 2020). The existing research on ransomware confirms that most of the phishing emails for illegal access to a system are achieved by employees of a company. Relevantly, lack of proper knowledge and understanding of effective utilization and integration of security in the adoption and implementation of technology is also confirmed to be responsible for increased ransomware threats in most companies. The contracting organization achieves limited attention to professionalism with the increased adoption of technology. This affects the influenced commitments to security management, a factor that creates room for ransomware threats. Also, ineffective management of ethical policies in the company plays a significant role in influencing the environment for threats related to ransomware. The existing gaps in the management of illegal access of the systems lead to threats to the security of the systems. Therefore, the company should engage relevant measures to ethical compliance and professionalism to handle
  • 9. issues related to ransomware. · Phishing attacks Another potential threat to the system of the company is phishing attacks. Phishing attacks normally occur with an engaged social engineering attack with the main intention of stealing user data (Alabdan, 2020). The main perpetrators of phishing attacks are untrusted entities who can get access to critical information of the company. The perpetrators normally use login credentials to get access to the system ad does away with important credentials. At times, such illegal intrusions are influenced by other outsiders who collaborate with internal employees to steal important access credentials. Storage of important login credentials without a proper security protocol is also another path used by the illegal intruders with prompt engineering entering skills to have access to the system. The company’s security structure is poorly integrated, a factor that is seen right from the adopted applications to run the entire system. The gap in the management of the security, especially, with poorly integrated security policies creates a path for potential phishing activities into the systems. For that matter, the company should pay attention to the management of its security system including engagement of a high level of professionalism to handle matters related to phishing in its systems. · Hacking Hacking is also another threat that would interfere with the normal management t of the system including the stored information within the system. Hacking is an engaged intrusion into the systems of an organization with unauthorized users to steal, harm, or manipulate the stored information in the target systems (Lyócsa, Molnár, Plíhal, & Širaňová, 2020). Most of the unauthorized access into the system or cyber intrusion attempts are normally achieved using this mechanism. However, the establishment of the described unauthorized access is normally done in systems without properly integrated security measures. The company in question is confirmed to lack
  • 10. effective security measures for its system. Other than using unsecured Windows, it is also evident that the company operates the old forms of technology in establishing and implementing its business decisions. This makes the organizational systems and the stored information in the systems to be vulnerable to hacking activities, a factor that would endanger the system and its relevant resources. In essence, there is a great need for a more secure system with the ability to prevent hacking and other related insecure activities. · Cracking The status of the system of the company is also clear evidence that it is vulnerable to cracking threats. The company’s system is not well designed to prevent potential unauthorized intrusion into the system. Such assumption is based on the nature of the used resources to establish the structure of the organizational systems. The adopted Windows from torrent sites renders the organizational systems to potential tracking activity, a gap that would expose the stored information within the system to unauthorized users with ill intentions. This has an impact on the security and vulnerability of the organizational system and information stored in the system to threats. Therefore, the company in question should ensure relevant measures for ascertaining system security by adopting genuine Windows and embracing improved professionalism in the development of its system infrastructure and usage of the system for business reasons. External Threats List The potential threats to the systems of the company can also come from outside the organization. While some of the threats can be natural, others are manmade. Nevertheless, the ability of such threats to affect the systems is based on the influenced preparation by the company to mitigate the threats or eliminate the impacts of the threats. Examples of the external threats to the system of the company based on the explored security gap in the target systems include: · Hurricanes and Earthquakes
  • 11. Hurricanes are natural disasters that can be a threat to the normal operation of the systems. The existence of hurricanes can not only destroy the physical structure where physical components of the system are located and operated but also critical factors that determine the successful operation of the system such as the network (Tabrizchi & Kuchaki Rafsanjani, 2020). The explored status of the company indicates that the organization pays little attention to the security of the physical components of its systems. This is a clear indication that the systems of the company are vulnerable to natural threats such as hurricanes among others. · Fires and floods Huge fires can be both natural and manmade. Effective preparations for potential disasters should influence measures for reducing the impacts of natural fires while eliminating factors that would be responsible for manmade fires, as well as, laying potential measures for protecting the company and its systems from impacts of manmade fires. The inability of the company to influence effective measures for preventing the vulnerability of its physical assets to threats is clear evidence that its system is vulnerable to fire threats. For that matter, there is a need for the management system of the company to facilitate measures aimed at protecting its physical assets from threats. · Professional hacking Professional hackings are normally achieved by an individual outside the company who uses built systems to access the organizational information through the used network. The company uses a privately managed network system. Nevertheless, professionals can still hack such networks and access critical information for personal reasons such as phishing (Alabdan, 2020). Therefore, the company should encourage impressive commitment to managing its network activities to prevent insecure attempts on its systems by external hackers.
  • 12. References Alabdan, R. (2020). Phishing attacks survey: Types, vectors, and technical approaches. Future Internet, 12(10), 168. Bansal, C., Deligiannis, P., Maddila, C., & Rao, N. (2020). Studying ransomware attacks using web search logs. Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval, 1517- 1520. Lyócsa, Š., Molnár, P., Plíhal, T., & Širaňová, M. (2020). Impact of macroeconomic news, regulation and hacking exchange markets on the volatility of bitcoin. Journal of Economic Dynamics and Control, 119, 103980. Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing, 76(12), 9493-9532. Risk Assessment Summary Report (2).docx Running head: RISK ASSESSMENT SUMMARY REPORT
  • 13. 2 RISK ASSESSMENT SUMMARY REPORT 2 Risk Assessment Summary Report Name Institution Date Risk Assessment Summary Report The ideal risks to the systems of the company are cyber insecurity and the destruction of the physical infrastructure. However, based on the engaged ranking, it is evident that the contract company is vulnerable to cyber insecurity risks compared to other risks caused by the already identified threats. Therefore, it is important to explore and understand the probable cause of cyber insecurity in the company, effective measures for mitigating threats associated with cyber insecurity, and the recommendations for the company as far as the security of its system is concerned.
  • 14. Underlying Causes of Cyber Insecurity The establishment of a perfect solution to the issue of cyber insecurity calls for considering the subject matter, the technical, managerial, and administrative backgrounds. In essence, the underlying causes of cyber insecurity can be approached on technical, managerial, and administrative backgrounds Managerial Causes of Cyber Insecurity The issue of cyber insecurity can be linked to managerial gaps undermining effective compliance to ethics and legal assumptions related to the subject matter. Companies are normally required to promote measures for realizing effective and efficient use of technology. Although most companies have relevant policies for ensuring the impressive engagement of technology to handle business matters, limited attention has been influenced in realizing prompt management of such internal policies. Lack of ethical compliance in the use of the existing internal policies for managing technology use has been reported in most companies (Almudaires, Rahman, & Almudaires, 2021). Other than the inability of employees to follow the existing protocols for realizing perfect technology use, management parties concerned also lack relevant frameworks for ensuring accuracy in the implementation of technology factors to conduct businesses. With such a management gap, there has been an increase in the number of reported cases in various legal establishments around the world. Most of the theft of company information stored in the cloud is influenced by internal employees even with the existing standards of handling such matters in business environments. Therefore, there is a significant need for an improved solution to cyber insecurity both within the management departments in companies and externally through other relevant mechanisms. Technical Contributors of Cyber Insecurity The technical contributor of cyber insecurity is based on the influenced commitments to designing and developing the system architecture. Relevant standards have been established to guide developers through designing processes to ascertain top-level
  • 15. security in the established systems. Lack of effective compliance to such design and development standards has contributed significantly to the existing vulnerability of systems to potential threats of cyber insecurity (Paich, 2017). Such a gap in the establishment of system architecture is brought about by the lack of enough time and resources for achieving the objectives of existing designing standards. Another factor that also plays a big role in the existence of technical contributors to cyber insecurity is improper demands from clients. For example, inaccurate or fixed plans in the designing timelines have ensured ineffectiveness in the developed systems to enhance security. For that matter, it is proper to ensure a solution that handles the technical component of system establishment and its role in promoting cyber insecurity. Administrative Contributors of Cyber Insecurity The administrative contributors to cyber insecurity encompass all relevant measures for ensuring efficiency and effectiveness in the development, adoption, and use of technology to handle both the social and economic needs of the system users. Particularly, it is the role of the government to ensure that technology is used effectively and legally to create a better environment for both economic and social integration. To achieve this, the government creates laws that are pertinent to maintaining security, reliability, and efficiency in the adoption and implementation of technology. Regardless of the existing legal formalities underlying effectiveness and efficiency in the use of technological factors, matters of cyber insecurity have been on the rise in all global countries (Srinivas, Das, & Kumar, 2019). This is a clear indication that the existing legal measures for promoting a fair and secure engagement of technological factors are proving irrelevant in serving their intended purposes. The engagement of politics in the implementation of technology has hindered the ability of the existing legal measures to influence the desired results in managing cyber security issues globally. Therefore, the proposed solution to the issue of insecurity should also look at the administrative perspective of
  • 16. the subject matter. Mitigation Strategies for Cyber Insecurity One of the probable strategies for enhancing a secure system that influences cyber security calls for the engagement of perfect management of the existing standards for system development. Most of the system developers hired by companies to participate in designing and managing systems are only teams of professionals. Companies pay little attention to matters of compliance or qualifications to adopt system designing standards when hiring the required teams of specialists (Paich, 2017). To handle this issue, every country in the world will be required to have a special agency that registers all system developers upon passing a specific test related to standards and guidelines for system designing. Business companies will only be required to higher professionals who present a certificate of performance and approval certificates related to standards and guidelines of system development. This strategy will work to ensure a team of professionals who are ethically and legally compliant in the engagement of their design and development abilities. With this, matters related to lack of compliance to cyber security standards while developing systems will be approached with effective technical measures. Incidences of lack of integration of cyber security protocols in the established systems will be reduced and eliminated to create a perfect environment for promoting cyber security (Sabillon, Cavaller, & Cano, 2016). Another strategy for mitigating the risk of cyber insecurity calls for engaging business companies in encouraging compliance to cyber security standards and guidelines for achieving the subject matter. Concerning the explored strategies, it is a recommendation for the company to ensure perfect research on networking technology to eliminate the potentiality of the use of the old technologies such as computers to hack information through the internet.
  • 17. References Almudaires, F., Rahman, M. H., & Almudaires, M. (2021). An Overview of Cybersecurity, Data Size and Cloud Computing in light of Saudi Arabia 2030 Vision. 2021 International Conference on Information Technology (ICIT), 268-273. Paich, J. (2017, January 24). CMS Recommendations for Providers and Suppliers for Cyber Security. Retrieved from MCN Healthcare: https://www.mcnhealthcare.com/cms- recommendations-providers-suppliers-cyber- security/#:~:text=CMS%20encourages%20providers%20to%20c onsider%20cyber- security%20as%20an,cyber%20security%20protocols%20to%20 their%20policies%20and%20procedures Sabillon, R., Cavaller, V., & Cano, J. (2016). National cyber security strategies: global trends in cyberspace. International Journal of Computer Science and Software Engineering, 5(5), 67. Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188. Prioritized Risk and Response Matrix.docx Running head: PRIORITIZED RISK AND RESPONSE MATRIX 2
  • 18. PRIORITIZED RISK AND RESPONSE MATRIX 2 Prioritized Risk and Response Matrix Name Institution Date Prioritized Risk and Response Matrix The potential risks that would be realized from the impacts of the identified threats to the systems of the company include loss of information, damage of the stored information, destruction of physical components of the system, cyber insecurity, theft of information, loss of potential professionals, and manipulation of stored information (Wu, Li, Teng, Chen, & Wang, 2020). The probable response to the risks includes engagement of system management policies, use of genuine applications, adopting privately managed systems, securing the physical structure of the system, use of the private network, and proper architecture of the network infrastructure. The following matrix indicates the prioritized risks and their corresponding response
  • 19. mechanism for the target mid-sized company. Priority Risk Response 1 Cyber insecurity Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, and proper architecture of the network infrastructure 2 Theft of stored data Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, system management policies, and proper architecture of the network infrastructure 3 Destruction of the physical component of the systems Securing the physical structure of the system 4 Loss of stored information Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, system management policies, and proper architecture of the network infrastructure 5 Manipulation pf stored information Use of genuine applications, adopting privately managed systems, installation of privately managed antivirus, system management policies, and proper architecture of the network infrastructure 6 Loss of potential professionals Securing the physical structure of the system and system management policies
  • 20. Reference Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A partition computing-based positive matrix factorization (PC- PMF) approach for the source apportionment of agricultural soil heavy metal contents and associated health risks. Journal of Hazardous Materials, 388, 121766. Project 3: Business Continuity Project 3: Business Continuity is a two-week project that continues to build upon the first two projects: the Vulnerability Assessment and the Risk Assessment. Project 3 provides the opportunity to design and describe the implementation, testing, and maintenance of an enterprise business continuity plan (BCP). The final deliverable should ensure alignment with organizational goals and objectives. Every enterprise needs a carefully crafted road map to return to operational status in case of a cyber event. A BCP is that map. Start Here Print Project In the process of enterprise risk management, a primary element is the business continuity plan (BCP), which consists of steps to continue operations should a worst-case scenario event take place. Your work on vulnerabilities, threats, and risk in the first two projects will support this. The BCP assignment will detail the following elements:
  • 21. · resources required and defined stakeholder roles · business impact analysis · recommended preventative controls · recovery strategies · contingency plan that includes implementation and maintenance guidelines and defined procedures for testing the plan Grades are determined on the ability to clearly articulate a developed, effective business continuity plan that considers relevant environmental factors and aligns with organizational objectives. This is the third of four sequential projects. There are 13 steps in this project. Begin below to review your project scenario. Scenario You are working at your desk when your boss, CIO Maria Sosa, stops by. Maria says: Did you hear that we won the contract to provide cloud-based computer services for Enrocca? This is a high- profile contract, and working with this federal client is a big win for us. You respond: That's great news. I know that the compliance requirements for working with a federal agency are pretty substantial and include a thorough business continuity plan. We'll need to meet or exceed the federal standards for compliance, so we should start the process of updating our BCP soon. Maria nods and replies: Good point. Remember when the Poser Soft servers were damaged by that flood last year? That caused them to be late on their deliverables to Enrocca. We definitely don't want something like that to happen to us. As Maria is speaking, you remember that a friend of yours was laid off when Poser Soft lost the Enrocca contract because of that very incident. You assure Maria that you'll get started on the new BCP this week.
  • 22. Close Competencies Your work will be evaluated using the competencies listed below. · 1.4: Tailor communications to the audience. · 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. · 9.1: Continuity Planning and Implementation: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objective Artifacts to submit for this project Top of Form 1) BCP scope 2) Business impact analysis 3) Key resources and stake holders 4) Preventive controls list 5) Viable recovery strategies 6) Contingency plan 7) Business continuity plan NB; This I what is required for the last artifact ( Business Continuity Plan) Turnitin® This assignment will be submitted to Turnitin®. Hide RubricsRubric Name: Business Continuity Plan Print Rubric This table lists criteria and criteria group names in the first column. The first row lists level names and includes scores if the rubric uses a numeric scoring method. You can give feedback on each criterion by tabbing to the add feedback
  • 23. buttons in the table.Competency 1.4: Tailor communications to the audience. 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Associated Learning Objectives 1.4.1: Identify target audience. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 1.4.2: Explain unfamiliar terms and material. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 1.4.3: Employ precise, appropriate language. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements
  • 24. 1.4.4: Use audience-appropriate, consistent tone. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 1.4.5: Avoid language which indicates bias against individuals/groups their affiliations, orientations and beliefs. Assessment Method: Score on Criteria - 1.4: Tailor communications to the audience. Required Performance: Meets Performance Requirements 2.3.1: Evaluate reliability, validity, accuracy, authority, timeliness, and point of view. Assessment Method: Score on Criteria - 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. Required Performance: Meets Performance Requirements 2.3.2: Evaluate the structure and logic of arguments and methods.
  • 25. Assessment Method: Score on Criteria - 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. Required Performance: Meets Performance Requirements 2.3.3: Select and incorporate information that provides evidence for the topic Assessment Method: Score on Criteria - 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. Required Performance: Meets Performance Requirements 9.1.1: Define the scope of the enterprise continuity of operations program (COOP) to address business continuity, business recovery, contingency planning, disaster recovery, and related activities. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.2: Identify the resources and roles of different stakeholders in business continuity programs. Assessment Method: Score on Criteria - 9.1: Develop,
  • 26. implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.3: Conduct a business impact analysis (BIA). Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.4: Recommend preventive controls that are aligned with organizational goals and strategies. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements 9.1.5: Develop recovery strategies. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements
  • 27. 9.1.6: Create a contingency plan that includes implementation and maintenance. Assessment Method: Score on Criteria - 9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives. Required Performance: Meets Performance Requirements Bottom of Form