Post and Learn- Risk Assessment(3) Post and Learn- Risk Assessment
.docx
keyboard_arrow_up
School
Concordia University Portland *
*We aren’t endorsed by this school
Course
543
Subject
Information Systems
Date
Jun 24, 2024
Type
docx
Pages
2
Uploaded by chanduRapolu123
In the company where I work, one big risk we face is a cybersecurity breach. This is a real concern because cyber-attacks are getting more advanced, and it's crucial to protect our sensitive company and client information. By using the Risk Assessment worksheet, we can carefully look
at this risk and figure out the best way to handle it.
Likelihood and Impact Assessment
Likelihood (1 - Low): (Occurs once every 2 years)
Impact Areas and Scores:
Financial: High (Impact: 5, Priority: 5)
Productivity: Medium (Impact: 3, Priority: 4)
Reputation: High (Impact: 4, Priority: 5)
Legal: High (Impact: 4, Priority: 5)
Based on the impact scores, the overall impact score is significant, necessitating a robust risk mitigation strategy.
Risk Score Calculation
Impact Score = (Financial Impact * Priority + Productivity Impact * Priority + Reputation Impact * Priority + Legal Impact * Priority) / Total Priority
Risk Score = Likelihood * Impact Score
Using the scores from above:
Financial: 5 * 5 = 25
Productivity: 3 * 4 = 12
Reputation: 4 * 5 = 20
Legal: 4 * 5 = 20
Total Impact Score = (25 + 12 + 20 + 20) / (5 + 4 + 5 + 5) = 77 / 19 ≈ 4.05
Risk Score = 0.5 * 4.05 ≈ 2.03
Assessment of Controls
Control 1:
Implementation of advanced firewall and intrusion detection systems.
Control 2:
Regular employee training on cybersecurity best practices, including phishing awareness.
Control 3:
Regular updates and patches to all software and systems to protect against vulnerabilities.
Cost-Benefit Analysis
Before Controls (ALE1):
Asset Value (AV): $20,000,000
Exposure Factor (EF): 15%
Single Loss Expectancy (SLE): $3,000,000
Annualized Rate of Occurrence (ARO): 1 (occurs once a year)
Annualized Loss Expectancy (ALE1): $3,000,000
After Controls (ALE2):
Annualized Rate of Occurrence (ARO): 0.01 (occurs once every 100 years)
Annualized Loss Expectancy (ALE2): $3,000
Annual Cost of Safeguard (ACS): $200,000
Value Benefit of Safeguard = ALE1 - (ALE2 + ACS) = $3,000,000 - ($3,000 + $200,000) = $2,797,000
Analysis and Mitigation Strategy
The worksheet demonstrates that implementing the identified controls significantly reduces the risk and potential loss associated with a cybersecurity breach. By investing $200,000 annually in
security measures, the company can save approximately $2,797,000 in potential losses. This cost-benefit analysis justifies the implementation of robust cybersecurity measures.
Thoughts and Examples:
From my work experience, cybersecurity breaches are always a big worry. I remember one time a coworker clicked on a phishing email, and it led to a ransomware attack. We had to quickly isolate the infected computers, thoroughly investigate the issue, and restore everything from backups. This showed us how crucial regular cybersecurity training and having a response plan really are.
We've also started using advanced security tools like multi-factor authentication and real-time monitoring. These have been very effective in stopping unauthorized access and catching suspicious activities early. In our company, these practices are now the norm, and they have greatly improved our overall security.
To conclude, Using the Risk Assessment worksheet helps us thoroughly evaluate and manage cybersecurity threats. By measuring the risks and putting the right controls in place, companies can protect their important assets, keep things running smoothly, protect their reputation, and follow legal requirements. Taking these proactive steps in cybersecurity is crucial in today’s digital world.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help