Identification of the four Vulnerabilities for the Various Assets
12 Pages2717 Words30 Views
Added on 2022-09-01
Identification of the four Vulnerabilities for the Various Assets
Added on 2022-09-01
ShareRelated Documents
Running head: AUDITING 1
Auditing
Name:
Institution:
Date:
Auditing
Name:
Institution:
Date:
AUDIT 2
Group Discussion #1:
a) Identification of the four vulnerabilities for the various assets
Vulnerability is the threat that can exploit a weak asset. The component itself does not
cause damage because a threat without vulnerability is not dangerous to the organization. It is
however necessary to monitor the vulnerabilities so as to identify the ones that are able to use
new threats in instances where there are functional changes for the assets. In this paper, on
the basis of a common vulnerability assessment system that allows us to determine a
qualitative indicator of vulnerability of information systems taking into account
environmental factors, a risk assessment technique for various types of cloud deployment is
presented. Information risk management, determining the applicability of cloud services to an
organization is impossible without understanding the context in which the organization
operates and the consequences of the possible types of threats that it may encounter as a
result of its activities (Alles, Brennan, Kogan, & Vasarhelyi, 2018).. The article proposes an
approach to risk assessment, used when choosing the most appropriate option for configuring
the cloud computing environment from the point of view of security requirements. The
application of a risk assessment methodology for various types of cloud deployment will help
to identify the coefficient of resistance to possible attacks and to correlate the amount of
damage with the total cost of the entire IT infrastructure of the organization.
b) List of the vulnerabilities
Computer Operations Actual amount Simulated Amount
Computer Application
System
Auditors Simulations
Program
Group Discussion #1:
a) Identification of the four vulnerabilities for the various assets
Vulnerability is the threat that can exploit a weak asset. The component itself does not
cause damage because a threat without vulnerability is not dangerous to the organization. It is
however necessary to monitor the vulnerabilities so as to identify the ones that are able to use
new threats in instances where there are functional changes for the assets. In this paper, on
the basis of a common vulnerability assessment system that allows us to determine a
qualitative indicator of vulnerability of information systems taking into account
environmental factors, a risk assessment technique for various types of cloud deployment is
presented. Information risk management, determining the applicability of cloud services to an
organization is impossible without understanding the context in which the organization
operates and the consequences of the possible types of threats that it may encounter as a
result of its activities (Alles, Brennan, Kogan, & Vasarhelyi, 2018).. The article proposes an
approach to risk assessment, used when choosing the most appropriate option for configuring
the cloud computing environment from the point of view of security requirements. The
application of a risk assessment methodology for various types of cloud deployment will help
to identify the coefficient of resistance to possible attacks and to correlate the amount of
damage with the total cost of the entire IT infrastructure of the organization.
b) List of the vulnerabilities
Computer Operations Actual amount Simulated Amount
Computer Application
System
Auditors Simulations
Program
AUDIT 3
Auditors Simulation Report
1. Cash and cash
equivalent
1. Prepaid expenses
2. Marketable securities
3. Inventory
4. Accounts receivable
5. Accounts payable
6. Tangible assets
The proposed approach to risk analysis and management allows us to assess the
security of the cloud environment, operating under the influence of a different class of
threats, as well as the effectiveness of a set of measures and means to counter these threats.
The activities of any organization are associated with risk. This means that it is impossible to
pinpoint which undesirable events will necessarily occur in the future and which are not.
Since information is an important asset, information security issues come to the fore. The
organization may suffer damage, including unforeseen expenses and possible loss of
customers, in the event of an information security incident. For critical facilities, the
consequences can be far more serious. Thus, to ensure the security of the organization from
information threats, it is necessary to manage information security risks.
c) Four main types of vulnerabilities and ranking
Type of Assets Common Vulnerabilities and exposures
2. Cash and cash equivalent Theft
Auditors Simulation Report
1. Cash and cash
equivalent
1. Prepaid expenses
2. Marketable securities
3. Inventory
4. Accounts receivable
5. Accounts payable
6. Tangible assets
The proposed approach to risk analysis and management allows us to assess the
security of the cloud environment, operating under the influence of a different class of
threats, as well as the effectiveness of a set of measures and means to counter these threats.
The activities of any organization are associated with risk. This means that it is impossible to
pinpoint which undesirable events will necessarily occur in the future and which are not.
Since information is an important asset, information security issues come to the fore. The
organization may suffer damage, including unforeseen expenses and possible loss of
customers, in the event of an information security incident. For critical facilities, the
consequences can be far more serious. Thus, to ensure the security of the organization from
information threats, it is necessary to manage information security risks.
c) Four main types of vulnerabilities and ranking
Type of Assets Common Vulnerabilities and exposures
2. Cash and cash equivalent Theft
AUDIT 4
7. Prepaid expenses Data destruction
8. Marketable securities Data exposure
9. Inventory Data modification
10. Accounts receivable
11. Accounts payable
12. Tangible assets
Group Discussion #2:
a) Review the 3 controls/policies
A protective measure can be effective in mitigating the risks associated with a threat
that uses an asset vulnerability group. The risk is considered acceptable, and no measures are
implemented even in the presence of a threat and if the asset is vulnerable. A safeguard group
can be effective in reducing the risks associated with a group of threats that exploit the
vulnerability of an asset.. Security model Information security risk management process The
information security risk management process can be applied both to the entire organization
and to any part of it (division or information system). This process should be continuous,
since over time the security of the object weakens due to changes in the functionality of the
components and the emergence of new threats. Therefore, at all stages of the risk
management process, it is necessary to document the results obtained. In general, risk
management refers to a process that includes a context, assessment, processing and
monitoring of risks
b) Simulation report against controls of the group
7. Prepaid expenses Data destruction
8. Marketable securities Data exposure
9. Inventory Data modification
10. Accounts receivable
11. Accounts payable
12. Tangible assets
Group Discussion #2:
a) Review the 3 controls/policies
A protective measure can be effective in mitigating the risks associated with a threat
that uses an asset vulnerability group. The risk is considered acceptable, and no measures are
implemented even in the presence of a threat and if the asset is vulnerable. A safeguard group
can be effective in reducing the risks associated with a group of threats that exploit the
vulnerability of an asset.. Security model Information security risk management process The
information security risk management process can be applied both to the entire organization
and to any part of it (division or information system). This process should be continuous,
since over time the security of the object weakens due to changes in the functionality of the
components and the emergence of new threats. Therefore, at all stages of the risk
management process, it is necessary to document the results obtained. In general, risk
management refers to a process that includes a context, assessment, processing and
monitoring of risks
b) Simulation report against controls of the group
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Liabilities Owner’s Equity Revenuelg...
|4
|922
|57
Cloud Architecture Risk Assessment - ISO 27001 Standardslg...
|15
|3032
|114
Risk Assessment for CloudXYZ Security Network Architecturelg...
|15
|2929
|491
Financial Accounting: Income Statement, Statement of Financial Position, and Cash Flow Statementlg...
|11
|1740
|150
Software Security Solutions : Assignmentlg...
|10
|2015
|37
Cloud Architecture Risk Assignment PDFlg...
|15
|2969
|384