User Account

All Pages

Determine the impact factors for the asset

Assignment Help Other Subject
Reference no: EM132118637 , Length: word count:1500

Asset-based risk assessment and control

Objectives:

This assessment is designed to assess your level of understanding of the following topics:
- Information asset identification and classification.
- Information threat identification and classification.
- Asset-based risk assessment.
- Discuss risk control strategies and evaluate risk controls using cost-benefit analysis.
- Discuss the limitation of the current risk assessment and control approaches

The task

Step-1: Asset identification and classification
To perform the task, you have worked with the company to identify their information assets. After explaining to the company's staff about different types of information assets, you have asked them to come up with a list of information assets that they can identify. A week later you have the list of information assets as identified by different company's departments. The assets however are not listed with enough information so you need to add the missing information based on your judgement and then perform the asset classification. You will use an Excel worksheet to help to with this task. The worksheet with the asset list can be downloaded from the unit website.
For each asset in the list, you need to:
- Determine if the asset is relevant.If not the highlight it with red ink and set the classification column to NOTrelevant. If the asset is relevant, continue to:
- Provide a meaningful description for the asset e.g. what's it used for, what's included etc.
- Determine the asset location and ownership
- Assign a unique ID for the asset. Each id should give some hint about the asset. For instance HW.IN.01 can be interpreted as Hardware Asset number 1 for Internal Use.
- Determine the impact factors for the asset. In practice, you will have to consult the company manager in this step. In this assignment, you can assign the factor value based on your understanding and experience about each asset. You also use the public domain to help you in some cases. After you have entered the impact factors, the overall impact will be automatically computed based on the weight of each factor in the Settings sheet.
- You then sort the asset based on the overall impact factor in the descending order.

Step-2: Threat identification and classification
After you have identified and classified the information assets, you will perform the threat identification and classification. Navigate to the Classified Threat List sheet of the Excel worksheet. In this sheet, the common threats to information security have been listed. This is not a complete list so you can add new threats that you have identified.
For each threat in the list, you have to:
- Determine if the threat is relevant to the company context. If not the highlight it with red ink and set the relevance column to NOTrelevant. If the threat is relevant, set the degree of relevance and continue to:
- Assign the threat to its corresponding category.
- Assign a unique ID to the threat
- Assign the impact factor values to the threat. In practice, you will need to consult the company managers, security experts, service providers, and hardware and software vendors to determine these values. In this assignment, use your knowledge, experience, and public domain to help you with the task. The threat overall impact will be calculated automatically using the weights in the Settings sheet.
- Finally, sort the threat based on the overall impact factor in the descending order.

Step 3: Asset-based risk assessment
Once if you classified the assets and threats, you will select the most important assets and the most dangerous threats for risk assessments. Doing risk assessment for every threat and asset pair in most situation is not practical and not necessary due to the cost-benefit balance. In most cases, money is invested to protect most valuable assets from most dangerous threats.

In this assignment, you will select the top of 10 most important assets and 10 most dangerous threats to perform the risk assessment. Navigate to the TVA-Mapping sheet and replace the asset and threat cells with the corresponding threat and asset ID. Next, identify if there is any vulnerability exits for each threat-asset pair. Write down the number of vulnerability in the corresponding cell of each pair or colour the cell with green ink if no vulnerability exists. Once if you have done this mapping, navigate to the Risk Assessment sheet.

In the Risk Assessment sheet, you need to note down the detail of each vulnerability, estimate the impact of each vulnerability, its likelihood, the amount of risk due to the current risk control and the amount of risk due to the error in your estimation.The risk value will be calculated automatically after all values have been provided. The vulnerability impact value can be estimated from the asset impact value, and the likelihood value from the likelihood of the threat. Note that the likelihood of a vulnerability depends not only on the likelihood of the threat but also on other factors like the threat agent and the level of defence. In practice, statistical analysis, simulations and other techniques are used to carry out these estimations. In this assignment, however you will estimate these values directly from the asset impact values and the threat likelihood by assuming that the current level of control has uniformly reduced the probability of any threat to be exploited to 50%. We also assume that the estimation error is 20% for all cases.

After you have finished the risk value estimation for all identified vulnerabilities, sort the vulnerabilities by their risk value in the descending order and report the top five vulnerabilities.

Now, instead of using the risk formula to estimate risk values, use the quantitative risk analysis matrix for the task. In the quantitative risk analysis matrix method, you need to rate each vulnerability using the five-scale ratting scheme and work out the corresponding level of the risk for each vulnerability. After you have finished ratting the vulnerabilities using this method, sort the vulnerabilities by the risk levels from the extreme to very-low.
- Note down the top five vulnerabilities and report if they are different to the previously identified fives. (150 words)
- Finally, write a short paragraph to discuss the advantage and disadvantage of each risk value estimation method. (150 words)

Step 4: Risk control
Assume that after you present your risk analysis to the company managers, the company is willing to accept a moderate level of risk with a limited investment on risk control. Discuss which strategy option you would choose to protect the high-risk information assets.

Attachment:- Risk_Assessment.rar

Reference no: EM132118637

Questions Cloud

Create a set of Z schemas that adequately describes the CCS : ITECH7410 - Assignment - Formal System Specification, Federation University Australia. Create a set of Z schemas that adequately describes the CCS
Describe two global effects from polar ice and glacier loss : Describe how you would explain to a 9-year old why there are so many different breeds of dogs, and where they came from.
Develop corporate social responsibility programs : Do corporations have a legal right or legal obligation to develop corporate social responsibility programs?
Each facility is eligible to produce product : A company has 4 production facilities. Each facility is eligible to produce Product A, Product B or Product C, but it can only produce one of these products.
Determine the impact factors for the asset : IT Security Management - Determine the impact factors for the asset. In practice, you will have to consult the company manager in this step. In this assignment
Continuity planning to the forefront of company agenda : What are the disruptive forces currently that brings business continuity planning to the forefront of a company’s agenda?
Current yield on bond : The bond has 10 years left to maturity. The bond is selling for $822. The current yield (not yield to maturity) on this bond is?
Know your rights as job seeker or employee : Know Your Rights as a Job Seeker or Employee. Prepare a list of questions you might ask a prospective job applicant so that they do not violate federal laws.
How do the teams manage the team boundaries : Consider the different teams presented in your reading assignment. How do the teams manage their team boundaries? What are the trade-offs between internal.

Reviews

len2118637

9/21/2018 2:09:42 AM

Risk control Weight: 20% The discussion gives a deep analysis about risk control strategies, which explains the reason for selecting a specific risk control strategy over the others in this specific situation. Appropriately select the risk control strategy and provide a thoughtful discussion about the selection. The discussion may not comprehensive enough to justify why a control strategy should be selected over the others in the given situation. Appropriately select the risk control strategy and provide somelogics in the risk control strategy selection process. Appropriately select the risk control strategy but the explanation about the selection process may have serious flaws or not sufficient to justify the selection. Select a wrong risk control strategy or do not provide a thoughtful explanation about the selection process.

len2118637

9/21/2018 2:09:36 AM

Rationally identify most of relevant vulnerabilities for each asset-threat pair. Values assigned to the vulnerability factors are mostly rational. Vulnerabilities are sorted by their risk values. Correctly apply the quantitative risk matrix analysis. A thoughtful discussion about the pros and cons of the two risk assessment method. Rationally identify some relevant vulnerabilities for each asset-threat pair. Values assigned to the vulnerability factors are in general rational. Vulnerabilities are sorted by their risk values. Attempt to use the quantitative risk matrix analysis but not complete or correct. Identify some pros and cons of the two risk assessment method. Show no rationality in identify vulnerabilities for each asset-threat pair. Values assigned to the vulnerability factors are mostly irrational. Vulnerabilities are not sorted by their risk values. Incorrectly apply the quantitative risk matrix analysis. Fail to Identify pros and cons of the two risk assessment method.

len2118637

9/21/2018 2:09:29 AM

Risk analysis Weight: 40% Rationally identify all relevant vulnerabilities for each asset-threat pair. Values assigned to the vulnerability factors are rational. The vulnerability identification demonstrates a deep knowledge in the area information security through the use of facts and literatures to support the vulnerability identification process. Vulnerabilities are sorted by their risk values. Correctly apply the quantitative risk matrix analysis. A thoughtful discussion about the pros and cons of the two risk assessment method. Rationally identify all relevant vulnerabilities for each asset-threat pair. Values assigned to the vulnerability factors are rational. Vulnerabilities are sorted by their risk values. Correctly apply the quantitative risk matrix analysis. A thoughtful discussion about the pros and cons of the two risk assessment method.

len2118637

9/21/2018 2:09:05 AM

Weight: 20% Demonstrate a comprehensive knowledge ininformation asset identification and classification withsupported facts and literatures. All relevant assets are correctly identified and classified. Asset descriptions are meaningful and thoughtful. Values assigned to the asset factors are rational. Assets are sorted by their importance. All relevant assets are correctly identified and classified. Asset descriptions are meaningful and thoughtful. Values assigned to the asset factors are rational. Assets are sorted by their importance. Rationally identify and classify most of relevant assets. Most asset descriptions are meaningful and thoughtful. Values assigned to the asset factors are mostly rational. Assets are sorted by their importance. Rationally identify and classify most of relevant assets. Several asset descriptions may not meaningful and thoughtful. A large number of values assigned to the asset factors may not rational. Assets are sorted by their importance. Show no rationality in identifying and classifying relevant assets. A large number of asset description may not meaningful and thoughtful.

Write a Review

Other Subject Questions & Answers

  Develop a project plan which includes detailed level tasks

Develop a project plan which includes detailed level tasks, duration of each task creating an overall project timeline and identify the resources.

  Cultural expectations

Can you count on most managers to model the appropriate behavior? Who supervises the managers, and how are they held accountable, not only for product, but for cultural expectations?

  Evidence-based practice

What do ethics have to do with evidence-based practice? I need to come up with examples and a solution.

  What arguments can be made to oppose such statutes

In a paper, discuss the following statement: Should hate be a crime? What arguments can be made to support the use of sentencing enhancement penalties for hate crimes? What arguments can be made to oppose such statutes? Are hate-crime laws likely ..

  Achievement and aptitude assessments

Achievement and aptitude assessments serve distinct, but potentially complimentary purposes.

  Review the team members discussion and summary

Review the team members' discussion and summary and write a paper about it. Summarizing the issue.  Explaining why this is the underlying problem

  What is the mission and purpose of your organization

repare a 10- to 12-slide presentation using a modality of your choice. What is the mission and purpose of your organization

  Describe the diagnosis codes and how they are used

Describe the Diagnosis codes and how they are used, impacting reimbursement. Describe the features of third-party payers. Explain the reimbursement methods used and the effects of coding on reimbursement.

  Abnormality theory-biological-psychological-sociocultural

Abnormal psychology text presents three main theories of abnormality: biological, psychological, and sociocultural. How can these perspectives be integrated to explain symptoms of depression?

  Conduct additional research on unionization in health care

Consider the professional basis of nursing and the presence of unions in health care. Does unionization conflict with a professional nursing orientation?

  Write a research paper about lynch vs donnelly

Write a research paper about lynch v. Donnelly. When we discuss your topic in class, expe lead the classroom discussion. to A list of paper topics will be distributed.

  Strategic plan preparation

Strategic Plan Preparation

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd