Security Risk Analysis
Added on 2023-03-23
7 Pages1068 Words24 Views
Running head: Report on Security Risk Analysis
ANALYSIS
OF
INFORMATION SECURITY RISKS
Name of the Student
Name of the University
Author Note:
ANALYSIS
OF
INFORMATION SECURITY RISKS
Name of the Student
Name of the University
Author Note:
1Security Risk Analysis
Answer to Question 1:
According to the studies it has been noticed that there is a significant impact of the
vulnerabilities on the Information Technology infrastructure. As it restricts the effectiveness
of the IT services. However, studies as also mentioned that there are several practices which
are highly impactful in order to mitigate those vulnerabilities to invoke the services of the IT
infrastructure. Those practices are listed below:
The identification of the vulnerabilities.
Comparison of the identified vulnerabilities with the identified threats.
Depending upon the IT infrastructure use the most feasible mitigation technique.
Followed by all the above steps it must perform the assessment on the vulnerabilities.
Followed by the above aspects, according to the study it has mentioned that there are
several sources to assess the information about the vulnerabilities present in the IT
infrastructure. Those resources includes the primary resources by sharing the information
among the professionals present in an organization along with that the analysis of the blogs,
forums, security newsletters as well as from the common vulnerabilities and exposure.
Answer to Question 2:
According to the study of Risk management it has been noticed that there is a
significant importance of compliance as this can involve the laws in an IT infrastructure in
order to manage the risk present in the IT infrastructure. Followed by this it has been also
noticed that there are several limitations related to the risk awareness as well as the risk
management present while dealing with the non-compliance situation.
FISMA: Stands for Federal Information Security Management Act.
HIPAA: Represents Health Insurance Portability and Accountability Act.
GLBA: Stands for Gramm-Leach-Bliley Act.
Answer to Question 1:
According to the studies it has been noticed that there is a significant impact of the
vulnerabilities on the Information Technology infrastructure. As it restricts the effectiveness
of the IT services. However, studies as also mentioned that there are several practices which
are highly impactful in order to mitigate those vulnerabilities to invoke the services of the IT
infrastructure. Those practices are listed below:
The identification of the vulnerabilities.
Comparison of the identified vulnerabilities with the identified threats.
Depending upon the IT infrastructure use the most feasible mitigation technique.
Followed by all the above steps it must perform the assessment on the vulnerabilities.
Followed by the above aspects, according to the study it has mentioned that there are
several sources to assess the information about the vulnerabilities present in the IT
infrastructure. Those resources includes the primary resources by sharing the information
among the professionals present in an organization along with that the analysis of the blogs,
forums, security newsletters as well as from the common vulnerabilities and exposure.
Answer to Question 2:
According to the study of Risk management it has been noticed that there is a
significant importance of compliance as this can involve the laws in an IT infrastructure in
order to manage the risk present in the IT infrastructure. Followed by this it has been also
noticed that there are several limitations related to the risk awareness as well as the risk
management present while dealing with the non-compliance situation.
FISMA: Stands for Federal Information Security Management Act.
HIPAA: Represents Health Insurance Portability and Accountability Act.
GLBA: Stands for Gramm-Leach-Bliley Act.
2Security Risk Analysis
SOX: Stands for Sarbanes-Oxley Act.
PCI DSS: Stands for Payment Card Industry Data Security Standard.
COBIT: Represents Control Objectives for Information and related Technology.
ITIL: Represents Information Technology Infrastructure Library.
CMMI: Represents Capability Maturity Model Integration.
DIACAP: Stands for Department of Defence Information Assurance Certification and
Accreditation Process.
Answer to Question 3:
One of the fundamental objective of the risk management plan to enhance the
organizational services by mitigating the major risk factors present in that particular
organization, thus it can be concluded that the risk management plans vary with the different
organization due to its different framework as well as with the different organizational
services.
Considering the major aspects of the POAM which is starting time, end time, project
goals as well as the project outcome it has been noticed that one POAM cannot fit all type of
organization as the above mentioned aspects differs with the change of the organization.
Answer to Question 4:
Qualitative assessment is entirely conducted on the investigation of impact and
possibilities whereas the quantitative assessments are conducted to determine the significant
aspects like time and cost.
Qualitative assessment provides a detail elaboration of the assessed area, whereas in
the quantitative assessment provides knowledge between the relationship of two variables.
SOX: Stands for Sarbanes-Oxley Act.
PCI DSS: Stands for Payment Card Industry Data Security Standard.
COBIT: Represents Control Objectives for Information and related Technology.
ITIL: Represents Information Technology Infrastructure Library.
CMMI: Represents Capability Maturity Model Integration.
DIACAP: Stands for Department of Defence Information Assurance Certification and
Accreditation Process.
Answer to Question 3:
One of the fundamental objective of the risk management plan to enhance the
organizational services by mitigating the major risk factors present in that particular
organization, thus it can be concluded that the risk management plans vary with the different
organization due to its different framework as well as with the different organizational
services.
Considering the major aspects of the POAM which is starting time, end time, project
goals as well as the project outcome it has been noticed that one POAM cannot fit all type of
organization as the above mentioned aspects differs with the change of the organization.
Answer to Question 4:
Qualitative assessment is entirely conducted on the investigation of impact and
possibilities whereas the quantitative assessments are conducted to determine the significant
aspects like time and cost.
Qualitative assessment provides a detail elaboration of the assessed area, whereas in
the quantitative assessment provides knowledge between the relationship of two variables.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Agency Risk Assessment 2022lg...
|11
|2651
|19
Report on Risk Management and Mitigation Planlg...
|6
|1401
|65
Risk Analysis of Software Engineeringlg...
|8
|2110
|225
Effectiveness of The Approached Strategieslg...
|13
|2989
|19
Risk Assessment for CONVXYZ Organizationlg...
|12
|2947
|68
Advance Security Techniques : Echrs Ltdlg...
|15
|3951
|16