IS3110 Risk Management in Information Technology Security STUDENT COPY: Graded Assignments
© ITT Educational Services, Inc.
All Rights Reserved. -73- Change Date: 05/25/2011
Unit 1 Assignment 1: Application of Risk Management Techniques
Learning Objectives and Outcomes
You will be able to identify different risk management techniques for the seven domains of a typical IT infrastructure and apply them under different situations.
Assignment Requirements
Introduction:
As discussed in this Unit, after IT professionals identify threat/vulnerability pairs and estimate the likelihood of their occurrence, IT management must decide which risk management techniques are appropriate to manage these risks. IT managers then present this
…show more content…
The remote production facilities connect to headquarters via routers T-1 (1.54 mbps telecomm circuit)
LAN connections provided by an external Internet service providers (ISP) and share an Internet connection through a firewall at headquarters.
Individual sales personnel throughout the country connect to YieldMore’s network via virtual private network (VPN) software through their individual Internet connections, typically in a home office.
Tasks:
Using the threat/vulnerability pairs, and considering the likelihood of occurrence for each identified by your small group earlier in the Unit, assume the role of an IT manager assigned by YieldMore’s senior management to conduct the following risk management tasks.
1. Analyze and explain each of the threat/vulnerability pairs and their likelihood of occurrence.
2. Determine which of the six risk management techniques is appropriate for each risk explained in
Task 1.
3. Justify your reasoning for each chosen management technique.
4. Prepare a brief report or presentation of your findings for senior management to review.
Submission Requirements
Use the following guidelines to submit this assignment:
Format: Use a standard word processor or presentation format compatible with Microsoft Word or
PowerPoint.
Font: Arial 10 point size
Line Spacing: Double
3. Develop a risk response matrix to outline how you would deal with each of the risks.
Risk management is a process for identifying, assessing and prioritizing risks of different kinds. Once the risks are identified, the risk manager will create a plan to minimize or eliminate the impact of negative events. A variety of strategies is available, depending on the type of risk and the type of business. There are a number of risk management standards including those developed by the Project Management Institute the International Organization for Standardization the National Institute of Science and Technology and actuarial societies. Organizations uses different strategies in proper management of future events such as risk assumption, risk avoidance,
Risk Management Analysis |
This form documents learner’s knowledge of educational goal areas formally taught and scheduled in the training session.
I chose anime for my magazine Because it could have its’s benefits, it’s unique and not manny GCSE students will think about using anime, therefore, it will be unique and different than all of the other students, i personally think that the use of anime is mainly to be different and to stand out in the gcse marking bored and i want to show them that there is more to magazines; anime magazines are mainly found in Japan and not in the UK. in the Uk’s the most popular magazines are about beauty and new top trends so I wanted my magazine to be different to all the other students and create a Japanese top anime type of magazine because it will most definitely stand-out when marking.
There are two main types of risk management assessments. They are qualitative and quantitative methodologies. With the qualitative methodology, a relative values are used to determine the probability and impact of a risk (Gibson, 2011). This type of information can be collected quickly. A quantitative risk assessment is used to estimate how much money would be lost should a vulnerability be exploited (Vanderberg, n.d.). With the quantitative methodology, actual dollar values are used. It can take a time to gather this type of data. Once the data is gathered, however, a math formula is used to determine the priority of risks and in turn show the results of controls (Gibson, 2011).
3. Evaluate your results, the method you used and how well you managed the risks.
Identifying the risk, quantitative risk assessment, and qualitative risk assessment are used in evaluating the risk.
Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. (Lecture notes)Risk Management is also described as 'all the things you need to do to make the future sufficiently certain'. (The NZ Society for Risk Management, 2001)
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.
Good security management requires risk management to mitigate or reduce risk to an acceptable level within an organization. Security management’s objective is to protect the company and its assets. A proper risk analysis will identify the company’s major assets, threats that put those assets at risk, and estimate the possible damage and loss a company may endure if any of the threats were to become real. With a good risk analysis, management can determine the type of budget they want to set to mitigate threats. Risk analysis justifies the cost of the countermeasures against the threats and determines the benefit or worth of security
The reader will become familiarised with the term risk and it definitions from specifically the ISO 31000 standard of risk management and also the definition of risk from the criminology crime triangle. Which one of these two definitions that are the most suitable for usage within the security industry will be discussed and evaluated. How and why consequence is important when assessing risk priorities and determining where to allocate resources will be examined and answered.
Weaknesses to mistreatment in contemporarymainframes are wide-ranging. They variant from weaknesses of internet server which permitthe hackers or assailantsto command the internet server to a cultured lateral network that uses stuff like packet technique or immediate control depletion to collect private and trustworthy material from cyber security computersystems. Vulnerabilities or weaknesses seem to be in the customer software whois a fellow of an industry that uses it to get their tasks performed. The uncovered customer software side is the most important cybersecurity vulnerability/ weakness that the IT community is facing nowadays. Since all the new industries (companies, non-profits or government entities) use networks and computers
3. There are several techniques available for managing risk. For each of the following risks, identify an appropriate technique, or combination of techniques, that would be appropriate for dealing with the risk.
A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset.