IT Risk Assessment, Threat Assessment, Risk Management
VerifiedAdded on Ā 2022/11/23
|6
|1419
|237
AI Summary
This document discusses IT Risk Assessment, Threat Assessment, and Risk Management. It includes a quantitative and qualitative analysis of security vulnerabilities, threat assessment for a Super Bowl event, and risk management for the 2012 Summer Olympic Games.
Contribute Materials
Your contribution can guide someoneās learning journey. Share your
documents today.
Running head: IT RISK ASSESSMENT, THREAT ASSESSMENT, RISK MANAGEMENT
IT Risk Assessment, Threat Assessment, Risk Management
Name of the Student
Name of the University
Author Note
IT Risk Assessment, Threat Assessment, Risk Management
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IT RISK ASSESSMENT, THREAT ASSESSMENT, RISK MANAGEMENT
Question 1 ā IT Risk Assessment
Quantitative analysis is the collection of relevant data about a specific objective based
on the mathematical or statistical data. In this particular case, the ways by which the data was
collected to find out the security exposures and the individual security vulnerabilities for the
Blum Shapiro Consulting LLC in order to find out the Risk Assessment about the project
developed for Town in Wilton. The general and careful observations that the organization has
made about the School Districts, the Libraries and the Town were all dependent on individual
assessment of the observation based on their network and connectivity features. The
statistical data helped in finding out the general information about each of the areas (Slovic,
Fischhoff & Lichtenstein, 2016). This can be found out with the help of the following
example about the statistical data collected about the school district:
SCHOOL DISTRICT:
ļ· Available servers: 17
ļ· Available amount of Backup Devices: 2
ļ· Available amount of the Storage and Virtual Machines: 0
ļ· Available numbers of the Uninterruptible Power Supply (UPS): All of the
servers are connected through a UPS
ļ· Available amount of the connected computers to a source of internet: 1,600
ļ· Available backup disk space: Available less than 3TB
ļ· Available IT personnel: 3
ļ· Availability of the Information Technology Policies and Procedures
documented: Yes
ļ· Availability of the Disaster Recovery Plan in a documented format: No
ļ· Disaster Recovery Plan tested together: Not available
Question 1 ā IT Risk Assessment
Quantitative analysis is the collection of relevant data about a specific objective based
on the mathematical or statistical data. In this particular case, the ways by which the data was
collected to find out the security exposures and the individual security vulnerabilities for the
Blum Shapiro Consulting LLC in order to find out the Risk Assessment about the project
developed for Town in Wilton. The general and careful observations that the organization has
made about the School Districts, the Libraries and the Town were all dependent on individual
assessment of the observation based on their network and connectivity features. The
statistical data helped in finding out the general information about each of the areas (Slovic,
Fischhoff & Lichtenstein, 2016). This can be found out with the help of the following
example about the statistical data collected about the school district:
SCHOOL DISTRICT:
ļ· Available servers: 17
ļ· Available amount of Backup Devices: 2
ļ· Available amount of the Storage and Virtual Machines: 0
ļ· Available numbers of the Uninterruptible Power Supply (UPS): All of the
servers are connected through a UPS
ļ· Available amount of the connected computers to a source of internet: 1,600
ļ· Available backup disk space: Available less than 3TB
ļ· Available IT personnel: 3
ļ· Availability of the Information Technology Policies and Procedures
documented: Yes
ļ· Availability of the Disaster Recovery Plan in a documented format: No
ļ· Disaster Recovery Plan tested together: Not available
2IT RISK ASSESSMENT, THREAT ASSESSMENT, RISK MANAGEMENT
ļ· Capabilities of the Generators: Selected Areas in the School district
Qualitative Analysis that were required to find out the same security vulnerability,
included the collection of the information regarding the School District and the Library IT
personnel of the Wilton Town. This was based on the characterization and observed data. For
example, the collected data about the documented plans were based on the necessary
information about the town, library and school district is not available to provide a
documented recovery plan for any disaster. This was an observed data and was not statistical
in nature.
According to the collected data, it was found that the data was pointing towards
school district to have a better infrastructure about the IT requirements for enabling a better
risk assessment (Blum Shapiro Consulting LLC, 2012). This is because, the qualitative data
found out that the school district had a better IT infrastructure and compared to the Library
and the Town, the school district had a better IT infrastructure.
The recommendations in the case study about the proper enabling of the IT
infrastructure were based on the findings of the analysis. This is why, from the individual
perspective, it was found that the recommendations were correct as per the analysis made.
According to the individual assessments, it was properly assessed about the IT
infrastructure and thus the report that was presented as a result was effective for the further
declaration of the IT requirements according to the assessment.
Question 2 ā Threat Assessment
There are various assessments that were made about the Super Bowl venue and the
occurrences of the probable risks regarding the probability of the threats. One of the most
important discoveries that were made about the occurrences of the threats were the
probability of the placement of the heavy explosives in the high trafficked areas. Since, this is
ļ· Capabilities of the Generators: Selected Areas in the School district
Qualitative Analysis that were required to find out the same security vulnerability,
included the collection of the information regarding the School District and the Library IT
personnel of the Wilton Town. This was based on the characterization and observed data. For
example, the collected data about the documented plans were based on the necessary
information about the town, library and school district is not available to provide a
documented recovery plan for any disaster. This was an observed data and was not statistical
in nature.
According to the collected data, it was found that the data was pointing towards
school district to have a better infrastructure about the IT requirements for enabling a better
risk assessment (Blum Shapiro Consulting LLC, 2012). This is because, the qualitative data
found out that the school district had a better IT infrastructure and compared to the Library
and the Town, the school district had a better IT infrastructure.
The recommendations in the case study about the proper enabling of the IT
infrastructure were based on the findings of the analysis. This is why, from the individual
perspective, it was found that the recommendations were correct as per the analysis made.
According to the individual assessments, it was properly assessed about the IT
infrastructure and thus the report that was presented as a result was effective for the further
declaration of the IT requirements according to the assessment.
Question 2 ā Threat Assessment
There are various assessments that were made about the Super Bowl venue and the
occurrences of the probable risks regarding the probability of the threats. One of the most
important discoveries that were made about the occurrences of the threats were the
probability of the placement of the heavy explosives in the high trafficked areas. Since, this is
3IT RISK ASSESSMENT, THREAT ASSESSMENT, RISK MANAGEMENT
a huge sporting event, therefore, the occurrences of the terrorist attacks and their probability
is probably extremely high according to the National Counter-terrorism Centre. The findings
have discovered that the occurrences of the terrorist attacks can also occur in response to the
security breaches that are most likely to occur given the high incur of the people in the Super
Bowl event. The findings have even pointed out that most of these terrorist attacks are most
likely to occur in the Super Bowl Event with the legitimate security breaches that would be
most likely occurring with the facilitation of the stolen or counterfeit credentials. It can also
happen that the terrorist might have a legitimate access to the facility and the access areas of
the Super Bowl event (Super Bowl XLV, 2011). This threat would be a much more effective
one as it would be difficult to identify the threats of the people involved in the terrorist
attacks as they would have legitimate access rights.
The graphics that have been supporting the identification of the threats to the Super
Bowl event are extremely appropriate in nature as they would have the proper insights about
the different exits and entries of the event venue and the ways around the event. The
diagrams support the actual way-in and way-outs of the event arena by which the treat
assessment would be easier to detect the criminal or terrorist activities (MacGregor, 2017).
Identifying the threats based on the cyber security breaches would not be enough if there had
been no involvement of the stadium graphics to find out the security issues regarding the
venue.
Question 3 ā Risk Management
The identification of the risks in this case study is about the 2012 Summer Olympic
Games. The risk identified in this report does not only clarify the associated risks about the
Olympic Games in 2012 but at the same time it also identifies the associated security threats
that might arise in mega sporting events such as these (National Cybersecurity and
a huge sporting event, therefore, the occurrences of the terrorist attacks and their probability
is probably extremely high according to the National Counter-terrorism Centre. The findings
have discovered that the occurrences of the terrorist attacks can also occur in response to the
security breaches that are most likely to occur given the high incur of the people in the Super
Bowl event. The findings have even pointed out that most of these terrorist attacks are most
likely to occur in the Super Bowl Event with the legitimate security breaches that would be
most likely occurring with the facilitation of the stolen or counterfeit credentials. It can also
happen that the terrorist might have a legitimate access to the facility and the access areas of
the Super Bowl event (Super Bowl XLV, 2011). This threat would be a much more effective
one as it would be difficult to identify the threats of the people involved in the terrorist
attacks as they would have legitimate access rights.
The graphics that have been supporting the identification of the threats to the Super
Bowl event are extremely appropriate in nature as they would have the proper insights about
the different exits and entries of the event venue and the ways around the event. The
diagrams support the actual way-in and way-outs of the event arena by which the treat
assessment would be easier to detect the criminal or terrorist activities (MacGregor, 2017).
Identifying the threats based on the cyber security breaches would not be enough if there had
been no involvement of the stadium graphics to find out the security issues regarding the
venue.
Question 3 ā Risk Management
The identification of the risks in this case study is about the 2012 Summer Olympic
Games. The risk identified in this report does not only clarify the associated risks about the
Olympic Games in 2012 but at the same time it also identifies the associated security threats
that might arise in mega sporting events such as these (National Cybersecurity and
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4IT RISK ASSESSMENT, THREAT ASSESSMENT, RISK MANAGEMENT
Communications Integration Center, 2012). The strategic outlook identifies that there might
not only be probability of the different issues regarding the terrorist attacks right at the venue
but the assessment also identifies the probability of the attacks over the cyber world. The
assessment identified all the probabilities that might occur about the disruption of the
technical operations in the event would also include the DDOS attacks. The assessment has
identified that the probability of the DDOS attacks might be higher than all the identified
attacks.
The threat actors that might occur during the DDOS attacks would all be motivated
with the involvement of the financial activities and the violation of the human rights (Kolias
et al., 2017).
According to the identified problems and the assessment made in this particular case
study, it can be said that the identified threats in the assessment and the recommended
mitigation strategies are effective and sufficient to manage the probable cyber security threats
occurring due to the probable hacktivists targeting the mega events like the Summer
Olympics.
The mitigation strategy is focused on the minimization of all the probable risks that
might arise due to the malicious activity of the hacktivists and as per individual perspectives,
it has been identified that the mitigation strategies would be impactful on minimizing the
cyber security risks for the event.
Communications Integration Center, 2012). The strategic outlook identifies that there might
not only be probability of the different issues regarding the terrorist attacks right at the venue
but the assessment also identifies the probability of the attacks over the cyber world. The
assessment identified all the probabilities that might occur about the disruption of the
technical operations in the event would also include the DDOS attacks. The assessment has
identified that the probability of the DDOS attacks might be higher than all the identified
attacks.
The threat actors that might occur during the DDOS attacks would all be motivated
with the involvement of the financial activities and the violation of the human rights (Kolias
et al., 2017).
According to the identified problems and the assessment made in this particular case
study, it can be said that the identified threats in the assessment and the recommended
mitigation strategies are effective and sufficient to manage the probable cyber security threats
occurring due to the probable hacktivists targeting the mega events like the Summer
Olympics.
The mitigation strategy is focused on the minimization of all the probable risks that
might arise due to the malicious activity of the hacktivists and as per individual perspectives,
it has been identified that the mitigation strategies would be impactful on minimizing the
cyber security risks for the event.
5IT RISK ASSESSMENT, THREAT ASSESSMENT, RISK MANAGEMENT
References
Blum Shapiro Consulting, LLC. (2012). Town of Wilton ā Risk Assessment. Information
Technology Risk Assessment Findings and Recommendations. pp. 1-21.
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and
other botnets. Computer, 50(7), 80-84.
MacGregor, E. A. (2017). Threat assessment and management strategies: Identifying the
howlers and hunters. CRC Press.
National Cybersecurity and Communications Integration Center. (2012). Department of
Homeland Security. Strategic Outlook: 2012 Summer Olympic Games. pp. 1-7.
Slovic, P., Fischhoff, B., & Lichtenstein, S. (2016). Response mode, framing and
information-processing effects in risk assessment. In The perception of risk (pp. 192-
205). Routledge.
Super Bowl XLV. (2011). Joint Special Event Threat Assessment. Joint Special Event Threat
Assessment: Super Bowl XLV. pp. 1-9.
References
Blum Shapiro Consulting, LLC. (2012). Town of Wilton ā Risk Assessment. Information
Technology Risk Assessment Findings and Recommendations. pp. 1-21.
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and
other botnets. Computer, 50(7), 80-84.
MacGregor, E. A. (2017). Threat assessment and management strategies: Identifying the
howlers and hunters. CRC Press.
National Cybersecurity and Communications Integration Center. (2012). Department of
Homeland Security. Strategic Outlook: 2012 Summer Olympic Games. pp. 1-7.
Slovic, P., Fischhoff, B., & Lichtenstein, S. (2016). Response mode, framing and
information-processing effects in risk assessment. In The perception of risk (pp. 192-
205). Routledge.
Super Bowl XLV. (2011). Joint Special Event Threat Assessment. Joint Special Event Threat
Assessment: Super Bowl XLV. pp. 1-9.
1 out of 6
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
Ā +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Ā© 2024 Ā | Ā Zucol Services PVT LTD Ā | Ā All rights reserved.