With the help of the example, provide a basic risk analysis for the scenario bel

Question

With the help of the example, provide a basic risk analysis for the scenario below (the likely attack vectors,the ranking in terms of probability occurrence,the resources and risk management method needed to addresses the risks identified )

.

The Health Matters R&D Department would like to showcase its

achievements by providing detailed information about its past projects and their impact on the community. Specifically, a web portal is envisaged to host project descriptions, demos, white papers and past awards. The portal will be hosted on a dedicated server which would be connected to the main R&D internal network to enable the automated

update of the portal as milestones are achieved by the R&D teams. The server would be running Windows Server 2012 and allow queries of archives that store past project information that has been cleared for public release. The traffic on the server will be monitored by a third party which provides a managed security service.

Explanation / Answer

If an organization plans to give services or sell products via the Internet, or do any kind of business online here R & D system downtime can result in significant losses in revenue.if there are more risk involved.

Even if your company does not plan to offer products or services, unauthorized access to your organization's internal data may prove to be a serious threat. Corrupted data ccan lead to negative effect on business, and the unauthorized release of confidential customer information can carry significant liability. hence there are many risk factors involved .

In this case website can be attacked & accessed by unauthorised users .which lead many problems listed below:

hence important records , files can not only be deleted but can be modified . this is major risk involved .which leads to overall failure of whole department .an losses will be very huge.

procedure of risk management :

Generally two kinds of risk analysis are possible

it include to see independently objective monetary values.first estimate the value of the potential losses associated with delayed processing or the theft or data loss . in the next step is to find the probability of the occurrence and calculate the annual loss expected .analyse all the information and gather information from various sources such as from users ,system administrators, auditors, security officers, after combining the information & data, monetary value to the risks can be easily assigned and it can be compared to the cost of countermeasures against the expected loss reductions.

2. Qualitative analysis

Effective steps which can be taken for risk management :

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.