Need Help With your assignment? Get expert academic writing assistance! We can write any paper on any subject within the tightest time.
Discussion: Risk Assessment Exercise
Nate Ewings (He/Him)No unread replies.No replies.
The purpose of this discussion is to get a start on assessing components of information security risk.
A risk management team can use several software tools to automate the task of identifying, assessing, classifying, and deciding on the value of digital assets and systems. A simple way to calculate the risk to our organization is as:
Risk = Threat * Vulnerability * Asset Value
For example, our organization may be using a cloud-based “software as a service” customer relations management system, which is automatically backed up and keeps multiple copies of our data for redundancy. The value of this asset may be close to the annual revenue—that is, if we were to lose all our customer relations data, we may have to spend an entire year rebuilding that data. Let’s say that is $1 million.
Although the high asset value can give us a high risk, let’s assume three situations for the cloud service:
HIGH security service provider with no breaches in the last 5 years: this would mean that the likelihood of a vulnerability is close to 0.
MEDIUM security service provider with 1 breach in the last 5 years could imply a 20% chance that there could be a breach within the next year, giving us a vulnerability of 0.2.
LOW security service provider that has suffered 1 breach a year each of the last 5 years, suggesting that we have a good chance of losing our data within a year—a vulnerability of 1.
And finally, we have to decide what the risk from threats is. If a particular ransomware gang has been targeting our organization, our threat likelihoods go up for all our assets, but if our customer relation data is in the cloud and separated from our systems by a secure API, it will be isolated from our systems and unlikely to be affected by an attack on our on-premise systems. If, however, the ransomware gang is known to be attacking our cloud provider, the threat likelihood may have just jumped to 50%.
In this case, we end up with these risk “values” for each service provider:
HIGH security: Risk = 0 (threat likelihood) * 0 (vulnerability) * $1 million
MEDIUM security: Risk = 0.5 (threat) * 0.2 (vulnerable) * $1m. Our risk of loss is about $100,000—this is our best estimate of the value of what we could lose in the next year.
LOW security: Risk = 0.5 (threat) * 1 (vulnerable) * $1m. The result of using a less expensive but vulnerable service is a potential $500,000 cost within the next year.
The end result is that we risk a potential loss of anywhere between $0 to half our yearly revenue within a year depending on the vendor we choose for our customer data.
Initial Post
Submit an original discussion post that answers the following prompts:
Prompt
Briefly comment on the risk likelihood scenarios for the customer relations management data. How would you qualify or change these figures?
Can you devise an alternative scale for measuring the risk of loss?
Suppose we want to study the risk of losing our organization’s research and development data, which we store on our on-premise servers. Losing all that data could bankrupt our $10 million organization. Although we back up our systems regularly, our most recent data could be vulnerable, and a ransomware attack could result in a demand for a $100,000 payment if we want to recover access to our data. What would you estimate is the value of the ransomed data to the organization?
Continuing with point 3, what range of risks can we have associated with a ransomware attack on our on-premise servers? What values or ranges of values would make sense for threat likelihood and our on-premise vulnerabilities? You are free to make assumptions as we did in the customer relations example above.
NOTE Your original post should be professionally organized. Ensure that you put the prompt headers before your response. These headers will not count toward the word limit. Break up your post into separate paragraphs that each communicate a single idea. Do not submit your response as one giant paragraph
Need Help With your assignment? Get expert academic writing assistance! We can write any paper on any subject within the tightest time.