Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

WEEK 1 ESSAY QUESTIONS Instructions: Answer all questions in a single document.

ID: 3862028 • Letter: W

Question

WEEK 1 ESSAY QUESTIONS Instructions: Answer all questions in a single document. Then submit to the appropriate assignment folder. Each response to a single essay question should be about a half-page in length (about 150 words). 1. In this week's readings, you learned about two methods of risk analysis: quantitative assessment and qualitative assessment. Explain the steps taken to assess a risk from a quantitative perspective where monetary and numeric values are assigned and discuss the formulas used to quantify risk. Then, explain the methods used to assess risk from a qualitative perspective where intangible values are evaluated such as the seriousness of the risk or ramifications to the reputation of the company. 2. Domain 1 introduced numerous security terms that are used in assessing risk. Please define the terms vulnerability, threat, threat agent, risk, exposure and control. Then, describe the three different control types and give examples for each. 3. After you've conducted your risk assessment and determined the amount of total and residual risk, you must decide how to handle it. Describe the four basic ways of handling risk. Please provide citations in APA format (they will check for plagiarism)

Explanation / Answer

The following is a step-by-step breakdown of the quantitative risk analysis

(a) Conduct a risk assessment and vulnerability study to determine the risk factors.

(b) Based on the top 5 risk factors determined in (a), determine the value of assets under risk. For tangible assets, use the information in Section 5 for guidance. For intangible assets, use the information in Section 6 for guidance.

(c) Determine the historical attitude of the company under assessment in regards to their security practice for reporting loss incidents. Use the data in table 3 to make adjustments of the quantitative estimates for risk analysis.

(d) Estimate the Annualized Rate of Occurrence (ARO) for each risk factor.

(e) Determine the countermeasures required to overcome each risk factor.

(f) Determine the Annualized Loss Expectancy (ALE) for each risk factor. See the calculations for ALE section below for details. Please note that the ARO for the ALE after countermeasure implementation may not always be equal to zero.

(g) Conduct the safeguard cost/benefit analysis by calculating the difference between the ALE prior to implementing the countermeasure to the ALE after implementing the countermeasures (Urban).

(h) Based on the above analysis in (f) & (g), determine the return on investment using Internal Rate of Return (IRR). For details on IRR, refer to Section 4 B below.

(i) Present the results in a summarized fashion to management for review. The methodology used can be similar to that of typical engineering capital appropriation requests.

The typical intangible assets that are prone to information system attacks are as follows…

Qualitative risk analysis is a project management technique concerned with discovering the probability of a risk event occurring and the impact the risk will have if it does occur. All risks have both probability and impact

There are various security terms explained below…

          Vulnerability analysis, also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.

b)Threat

The termThreat Agent is used to indicate an individual or group that can manifest a threat. It is fundamental to identify who would want to exploit the assets of a company, and how they might use them against the company

a systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. They can be classified by several criteria.

Related Questions

WARNING: In line 6 on page 241, I indicated that the file will be created on the
Question #666587
WASHINGTON STATE PATROL CORRECTION NOTICE FIGURE 4-2 Kroenke NAME WSP Traffic Ci
Question #3747213
WASHINGTON, D.C. -- An average of 13% of adults worldwide rated their lives poor
Question #3496661
WASHINGTON, D.C. — Today the Consumer Financial Protection Bureau (CFPB) fined W
Question #2331180
WASTE MANAGEMENT SCANDAL Propose an ethical framework for setting appropriate st
Question #400098
WATCH THE MOVIE FREAKONOMICS OR READ THE BOOK (it\'s on YouTube for free) Select
Question #1259068
WATER BALANCE CALCULATIONS TABLE (moisture holding capacity of soil- 100 mm WATE
Question #804539
WATER BILLING PROBLEM The local water company has been doing their water billing
Question #3779710

Navigate

Previous
WEBSITE PROJECT 1 PURPOSE: The purpose of this project is to demonstrate your ab
Next
WEEK 1 ESSAY QUESTIONS Instructions: Answer all questions in a single document.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.