Popular in Course
verified elite notetaker
Popular in Department
This 0 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 22 views.
Reviews for ISSC363_Assignment_3
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
RISK ASSESSMENTS Network Security Risk Assessment Brian Page American Military University Introduction RISK ASSESSMENTS 2 Managing risks is a very tedious process but the growing reliance on Information Technology requires companies to find more efficient ways to manage security vulnerabilities and the level of risk that is acceptable There will always be risks associated with Information Technology they key to risk management is whether or not the risk presents a vulnerability that can be exploited Companies need to be made aware of risks that can affect their operations while implementing the appropriate controls to mitigate the risks A risk assessment helps you understand and quantify the risks to Information Technology It also helps companies and businesses alike understand the consequences each risk presents Risk Assessments A periodic risk assessment necessary for companies and businesses to ensure assets and operations of information systems are protected There are mainly three different types of potential risks that are identified risk assessments they are High Moderate and Low Purpose The purpose of a risk assessment is to evaluate information technology systems security and provide information to management on what risks and vulnerabilities are manageable Assessments also provide companies and businesses with a subjective view of the systems operating environment addressing issues such as threats vulnerabilities and possible safeguards to mitigate risk For example during a risk assessment of an agency a firmware aw was identified in one of their Cisco switches the threat and vulnerability was identified the risk was analyzed and a corrective measure was recommended The measure recommended was to upgrade the firmware to eliminate the vulnerability There are many different approaches to risk assessments it has been my experience that every assessment is different and requires different RISK ASSESSMENTS 3 approach even though the general assessment procedures stay the same tailoring the assessment to the company or business and their needs Scope The scope of a risk assessment identifies the Area of Responsibility or limit on what is assessed by the risk assessment The scope keeps the individual conducting the assessment on task and focused For example when conducting forensic examinations on computers the warrant that enabled the examination names specific items of interest that are to be investigated If the technician finds other items of interest he or she cannot recover or retrieve the data without the reissuance of a new warrant including the found data The scope also sets limits to the Risk Assessment if a scope was not defined the Assessment could take an extremely long time or there would be so much erroneous data to sort through that the client or auditor would not be in a position to delineate any information from the assessment Critical Areas During a Risk Assessment critical areas of interest must be identified This helps the individuals performing the risk assessment focus on the problems while giving them a clear path to follow when it comes to mitigation or vulnerabilities and threats When critical areas are identified the areas that need to be focused on are the areas that could possibly affect business For example with Payment Card Industry Data Security Standards PCIDSS the vulnerabilities and threats that are focused on when a risk assessment is conducted mainly have to do with the security of cardholder data such as whether or not the data is stored in a database locally on the server There are certain mitigating factors that are required to be put into place in the event that this RISK ASSESSMENTS particular situation happens such as the data must be encrypted and stored in a separate environment than the terminal Methodology Risk Assessment methodology is a four step process Which includes the risk assessment process risk model the assessment approach and the analysis approach The company or business Will define the methodology to be used Whether the risk assessment process is qualitative quantitative or a mixture or both strategies all risk assessments start With an organizational risk framework The risk management strategy determines the risk management methodology that is used RISK ASSESSMENTS 5 References Cited Bayne J 2002 January 1 An Overview of Threat and Risk Assessment Retrieved October 25 2014 from httpWWWsansorgreadingroomWhitepapersauditingoverviewthreatrisk assessment76 Gibson D 2010 Managing Risk in Information Systems Sudbury MA Jones amp Bartlett Learning Guide for Conducting Risk Assessments 2012 Gaithersburg Department of Commerce
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'