The corporation has assigned you the task of developing a plan to mitigate potential threats. The CEO has requested you to explain in a few words the relationship between influence, threat, and exposure. Make a single, succinct phrase that describes the connection.

The corporation has assigned you the task of developing a plan to mitigate potential threats. The CEO has requested you to explain in a few words the relationship between influence, threat, and exposure. Make a single, succinct phrase that describes the connection.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter6: Risk Management: Assessing Risk

Section: Chapter Questions

Problem 17RQ

See similar textbooks

Similar questions

What exactly is a poison package assault, and what does its occurrence mean? I'd appreciate it if you could provide me with two instances of this kind of attack.
After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?
In this discussion post, you will analyze and provide your perspective on why, in spite of verbose information and data on the likelihood and impact of a cybersecurity event, many organizations do not properly prepare for one. Begin by reading the article “Why Organizations Don’t Prepare for Information Security Incidents”. After reading the article provided above, respond to the following prompts in your post: Post at least three reasons you think organizations don’t prepare for information security incidents. Many applications that impact security and privacy are free. As a consumer, do you see more value in paying for an application that is more secure and does not use your personal information as part of the transaction? Justify your answer.
Where do you believe the responsibility for information security begins and ends in a company? In order to know when security policies and procedures become active and inactive, we must know how much control the organization has over those times. Perceived or actual, do you think any of these boundaries will be increased in size? If this is the case, tell us how and why you went about it. If this isn't the case, why is that?
To learn more about your institution's security rules, look them up on the intranet or website. Is there a corporate security policy somewhere? Where have you come across security rules that are tailored to address a particular problem? What agency or department is in charge of issuing or coordinating all of these policies, or are they dispersed across the organization? Use the framework provided in this chapter to determine whether or not the policies you found in the preceding exercise are complete. What are the omissions in these areas?
Senior management at Health Network allocated funds to support a risk mitigation plan, and have requested that the risk manager and team create a plan in response to the deliverables produced within the earlier phases of the project. The risk mitigation plan should address the identified threats described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop this new plan.
For each point, I need to write one paragraph ( I need the paragraph to be general and doesn’t go in details about the cyber aspects ) 1- what is cyber safety 2- How to protect yourself online 3- What will the future of cyber safety
A security policy is a document that provides employees with clear instructions about acceptable use of company confidential information, explains how the company secures data resources and what it expects of the people who work with this information. Most importantly, the policy is designed with enough flexibility to be amended when necessary. You are working in organization X, and you are supposed to develop an issue-specific security policy, you can pick one issue from Table.1 [1] (In the photos) Your Task is: To develop the different sections of your policy and adequate procedure(s), you can refer to SANS Policy Templates [2]. References: [1] Developing an Information Security Policy: A Case Study Approach, Fayez Hussain Alqahtani. 4th Information Systems International Conference 2017, ISICO 2017, 6-8 November 2017, Bali, Indonesia. [2] https://www.sans.org/information-security-policy/
There are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link to sources. PLEASE ADD YOUR SOURCES! Please have clear writing as well! Thank you!
Assume you are an information security professional for a corporation. You have been asked to review responses and recovery from real security incidents. In addition, senior management wants a summary of the types of tests you have run on the organization's computer incident response team (CIRT) plan, the results, and lessons learned.Why would senior management want to know how a CIRT plan has been tested and the results?
What does the use of a poison package in an attack imply, and what does the fact that it occurred imply? I would appreciate it if you could offer me with two instances of this type of assault for my consideration.
In this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you will create a paper-based plan. You will need to create three security controls in your risk mitigation plan: one control that reduces the asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your security controls should also include examples of both strategic and tactical controls. You can refer to the following table for a clearer picture of the requirements. Security Control Reduces Level (strategic/tactical) Asset value Vulnerability severity Threat Impact Define three security controls designed to mitigate the risk associated with a recent leak of sensitive information that was stored in cleartext files. Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You do not need to perform a management review in this section.