Comprehensive Report on Security Risk Analysis in IT Systems

Verified

Added on 2023/03/23

AI Summary

This report provides a comprehensive analysis of security risks within an IT infrastructure, covering vulnerability management, compliance, and risk assessment methodologies. It addresses key aspects such as identifying vulnerabilities, comparing them with threats, and implementing mitigation techniques. The report also discusses the importance of compliance with laws like FISMA, HIPAA, and GLBA, and explores the limitations of risk awareness in non-compliance situations. Furthermore, it differentiates between qualitative and quantitative risk assessments, highlighting their benefits and limitations. The document delves into disaster recovery plans (DRP), business continuity plans (BCP), and business impact analysis (BIA), emphasizing the differences between vulnerability, threat, and exploit assessments. It also outlines the benefits and pitfalls of security logs and best practices for risk mitigation and business impact analysis, concluding with an examination of CIRT plans for threat identification and damage mitigation. Desklib offers this and many other solved assignments to aid students in their studies.

Running head: Report on Security Risk Analysis
ANALYSIS
OF
INFORMATION SECURITY RISKS
Name of the Student
Name of the University
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1Security Risk Analysis
Answer to Question 1:
According to the studies it has been noticed that there is a significant impact of the
vulnerabilities on the Information Technology infrastructure. As it restricts the effectiveness
of the IT services. However, studies as also mentioned that there are several practices which
are highly impactful in order to mitigate those vulnerabilities to invoke the services of the IT
infrastructure. Those practices are listed below:
 The identification of the vulnerabilities.
 Comparison of the identified vulnerabilities with the identified threats.
 Depending upon the IT infrastructure use the most feasible mitigation technique.
 Followed by all the above steps it must perform the assessment on the vulnerabilities.
Followed by the above aspects, according to the study it has mentioned that there are
several sources to assess the information about the vulnerabilities present in the IT
infrastructure. Those resources includes the primary resources by sharing the information
among the professionals present in an organization along with that the analysis of the blogs,
forums, security newsletters as well as from the common vulnerabilities and exposure.
Answer to Question 2:
According to the study of Risk management it has been noticed that there is a
significant importance of compliance as this can involve the laws in an IT infrastructure in
order to manage the risk present in the IT infrastructure. Followed by this it has been also
noticed that there are several limitations related to the risk awareness as well as the risk
management present while dealing with the non-compliance situation.
FISMA: Stands for Federal Information Security Management Act.
HIPAA: Represents Health Insurance Portability and Accountability Act.
GLBA: Stands for Gramm-Leach-Bliley Act.

2Security Risk Analysis
SOX: Stands for Sarbanes-Oxley Act.
PCI DSS: Stands for Payment Card Industry Data Security Standard.
COBIT: Represents Control Objectives for Information and related Technology.
ITIL: Represents Information Technology Infrastructure Library.
CMMI: Represents Capability Maturity Model Integration.
DIACAP: Stands for Department of Defence Information Assurance Certification and
Accreditation Process.
Answer to Question 3:
One of the fundamental objective of the risk management plan to enhance the
organizational services by mitigating the major risk factors present in that particular
organization, thus it can be concluded that the risk management plans vary with the different
organization due to its different framework as well as with the different organizational
services.
Considering the major aspects of the POAM which is starting time, end time, project
goals as well as the project outcome it has been noticed that one POAM cannot fit all type of
organization as the above mentioned aspects differs with the change of the organization.
Answer to Question 4:
Qualitative assessment is entirely conducted on the investigation of impact and
possibilities whereas the quantitative assessments are conducted to determine the significant
aspects like time and cost.
Qualitative assessment provides a detail elaboration of the assessed area, whereas in
the quantitative assessment provides knowledge between the relationship of two variables.

3Security Risk Analysis
Answer to question 5:
Considering the aspects of the Replacement value, recovery value as well as by
addressing the aspects related to the system availability, functionalities as well as data and
information assets.
DRP represents Disaster recovery plan, as the name suggest it works to recover the important
information.
BCP represents Business Continuity Plan, as the name suggest it works by reducing the
business loss.
BIA represents business impact analysis, as the name suggests it determine the business
impact as well as the important aspects which invokes the success of the business.
Answer to Question 6:
According to the studies it has been noticed there is a major difference between the
vulnerability, threat and the exploit assessment. That difference includes the primary
objective of these assessments as vulnerability assessment stands for identifying the
vulnerability present in the business, threat assessment stands for identifying the threats
present in the business which may cause significant impact on the services of the business,
whereas the exploit vulnerability stands for identifying the possibility of vulnerability present
in the business structure.
According to studies a software attack on the server is more dangerous than the a
attack on hardware as a business server holds several information related to the business
thus , the misbehaviour of the software server may reduce the working efficiency of the
business.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4Security Risk Analysis
Answer to Question 7:
Benefits of Security logs increased security, advance risk management, compilation
demonstration as well as provides the detail of the insight.
Pitfalls of Security logs related to the centralized location, security monitoring and events
monitoring, less effective user interface.
Answer to Question 8:
After analysing the mentioned implementations it has been noticed that there are
several complexity related to the security standards, work efficiency as well as the centralized
nature which causes to fail the desired requirement.
Answer to Question 9:
One of the best practices for the effective risk mitigation includes the successful
identification of the assessed risk, determine the possible mitigation plans recommended by
the individuals, and lastly establish the risk mitigation plans.
Answer to Question 10:
Best practices for Business Impact Analysis opt for a critically analysing the business
functionalities and process then analysis of the dependencies. Followed by this rank the assed
processes, identify the customer demands, and lastly deploy the business continuity plan.
Answer to Question 11:
BCP works by evaluating the business threats as well as the vulnerabilities with the
purpose to eliminate the risk as well as to enhance the processes and operations of the
respected business.