Post and Learn- Risk Assessment(3) Post and Learn- Risk Assessment

.docx

School

Concordia University Portland *

*We aren’t endorsed by this school

Course

543

Subject

Information Systems

Date

Jun 24, 2024

Type

docx

Pages

2

Uploaded by chanduRapolu123

In the company where I work, one big risk we face is a cybersecurity breach. This is a real concern because cyber-attacks are getting more advanced, and it's crucial to protect our sensitive company and client information. By using the Risk Assessment worksheet, we can carefully look at this risk and figure out the best way to handle it. Likelihood and Impact Assessment Likelihood (1 - Low): (Occurs once every 2 years) Impact Areas and Scores: Financial: High (Impact: 5, Priority: 5) Productivity: Medium (Impact: 3, Priority: 4) Reputation: High (Impact: 4, Priority: 5) Legal: High (Impact: 4, Priority: 5) Based on the impact scores, the overall impact score is significant, necessitating a robust risk mitigation strategy. Risk Score Calculation Impact Score = (Financial Impact * Priority + Productivity Impact * Priority + Reputation Impact * Priority + Legal Impact * Priority) / Total Priority Risk Score = Likelihood * Impact Score Using the scores from above: Financial: 5 * 5 = 25 Productivity: 3 * 4 = 12 Reputation: 4 * 5 = 20 Legal: 4 * 5 = 20 Total Impact Score = (25 + 12 + 20 + 20) / (5 + 4 + 5 + 5) = 77 / 19 ≈ 4.05 Risk Score = 0.5 * 4.05 ≈ 2.03 Assessment of Controls Control 1: Implementation of advanced firewall and intrusion detection systems. Control 2: Regular employee training on cybersecurity best practices, including phishing awareness. Control 3: Regular updates and patches to all software and systems to protect against vulnerabilities. Cost-Benefit Analysis Before Controls (ALE1): Asset Value (AV): $20,000,000 Exposure Factor (EF): 15% Single Loss Expectancy (SLE): $3,000,000 Annualized Rate of Occurrence (ARO): 1 (occurs once a year) Annualized Loss Expectancy (ALE1): $3,000,000 After Controls (ALE2): Annualized Rate of Occurrence (ARO): 0.01 (occurs once every 100 years) Annualized Loss Expectancy (ALE2): $3,000 Annual Cost of Safeguard (ACS): $200,000 Value Benefit of Safeguard = ALE1 - (ALE2 + ACS) = $3,000,000 - ($3,000 + $200,000) = $2,797,000 Analysis and Mitigation Strategy The worksheet demonstrates that implementing the identified controls significantly reduces the risk and potential loss associated with a cybersecurity breach. By investing $200,000 annually in
security measures, the company can save approximately $2,797,000 in potential losses. This cost-benefit analysis justifies the implementation of robust cybersecurity measures. Thoughts and Examples: From my work experience, cybersecurity breaches are always a big worry. I remember one time a coworker clicked on a phishing email, and it led to a ransomware attack. We had to quickly isolate the infected computers, thoroughly investigate the issue, and restore everything from backups. This showed us how crucial regular cybersecurity training and having a response plan really are. We've also started using advanced security tools like multi-factor authentication and real-time monitoring. These have been very effective in stopping unauthorized access and catching suspicious activities early. In our company, these practices are now the norm, and they have greatly improved our overall security. To conclude, Using the Risk Assessment worksheet helps us thoroughly evaluate and manage cybersecurity threats. By measuring the risks and putting the right controls in place, companies can protect their important assets, keep things running smoothly, protect their reputation, and follow legal requirements. Taking these proactive steps in cybersecurity is crucial in today’s digital world.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help