Need Help With This Assignment?

Let Our Team of Professional Writers Write a PLAGIARISM-FREE Paper for You!

Discussion – Mitigating Risk

Discussion – Mitigating Risk

Risk is the probability of a particular threat occurring successfully. In the modern world, risk management and mitigation are important as they help an enterprise be prepared for the worst and also find a way of recovering from a bad situation. A threat in terms of cybersecurity can be defined as any action or event that can lead to any negative effects on an information system. Some of the threats include unauthorized access to data by hackers and other malicious users, physical destruction of servers and computer systems, and virus infections. One tool for scanning and solving some threats, such as malicious software, is Kaspersky. Kaspersky is one of the most used antivirus software and is very efficient at identifying and deleting malicious software from a computer system (Cohen & Palmer, 2018).

Vulnerability in a computer system is a point of weakness where an attack can be launched. Vulnerabilities can be either physical, such as an unsecured perimeter or a hole in the wall, or virtual, such as a weak firewall or expired antivirus software or weak firewalls and DNS servers. Vulnerabilities in firmware and hardware are being discovered on a regular basis, and no information system can be 100% free of vulnerabilities. It is, however, the role of risk managers to reduce them as low as possible. One of the major vulnerability scanners is Nessus, which can detect password vulnerabilities and denial of service vulnerabilities. An exploit, on the other hand, is a tool that makes it easier for malicious users to take advantage of a vulnerability. One such tool is Netsparker; the tool is used to analyze a network and find vulnerabilities such as SQL injection and XSS (Royer, 2020).

Physical and logical security control measures. In order to secure an information system, one must cater to both the logical and physical aspects of the system. The use of a biometric system can act as a physical control measure where all individuals who enter a particular room are identified and authorized. The use of a CCTV camera can also work as a physical security control where any individual who enters a particular area is noted. Network firewalls, on the other hand, can work as logical control measures where network traffic is sifted, and some packets from unwanted locations are blocked. Passwords also work as logical control measures. Passwords and more so strong passwords block access to malicious users who do not have the correct credentials to log into the system.

When a risk assessment is performed and concluded, a risk mitigation plan is then drawn in order to try and avoid all the possible risks. One of the considerations is the likelihood of the risk occurring. High-likelihood threats should be prioritized, and more resources should be allocated towards mitigating such risks. Another consideration is the impact a particular threat would have on an information system. High-impact threats should be prioritized and concentrated upon, with very low-impact ones being given a backseat. Some threats have a very low impact, and it might be easier to solve the problem caused by the threat than to mitigate than it is to just let the threat action occur. The other consideration when moving from a risk management platform to risk mitigation is the cost of mitigating the risk. If the cost of conducting repairs from a particular threat is lower than the cost of mitigating the same threat, then it is easier and more cost-effective to risk the threat occurring than to mitigate the same risk (Tesch, Kloppenborg & Frolick, 2017).

Risk mitigation has various goals and objectives, such as protecting the organization from incurring huge costs and repairing damages from a threat. In this event, the objective is to save costs and utilize resources in a more efficient manner. Another objective can be to ensure business continuity. Risk management techniques such as backing up data on a remote server can be used to pick up the business from where it was in the event of a disaster that destroys the entire office. Risk mitigation can be the difference between a company that succeeds and the one that fails. Another objective of risk management and mitigation is to understand the operations of a particular enterprise better. Conducting a risk analysis ensures that the risk management expert analyses the company’s operations procedures better. The report that is written after conducting a risk management analysis also acts as a training platform. Employees of the company can be informed on areas that are lagging behind and the steps that can be taken in order to ensure that the company performs better and improves upon its current state. Risk analysis, management and mitigation are also useful in terms of providing the management with an overview of the competence of their employees as well as the efficiency in which they work. The report that is written after a risk management procedure can be used by managers and shareholders to make more informed decisions. The report is also useful in reviewing company policy and standards.

References

Cohen, M. W., & Palmer, G. R. (2018). Project risk identification and management. AACE International Transactions, IN11.

Royer, P. S. (2020). Risk management: The undiscovered dimension of project management. Project Management Journal31(1), 6-13.

Tesch, D., Kloppenborg, T. J., & Frolick, M. N. (2017). IT project risk factors: the project management professionals perspective. Journal of Computer Information Systems47(4), 61-69.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore known or common threats.

Discussion - Mitigating Risk

Discussion – Mitigating Risk

Instructions
Write a 3–4 page paper in which you:

Explain the differences in threat, vulnerability, and exploit assessments for information systems and define at least two tools or methods to perform each type.

Describe at least two tools or methods used to implement both physical and logical security controls (four in total), then identify the type of security personnel that would be used to implement each and discuss their roles and responsibilities.

Describe three considerations when translating a risk assessment into a risk mitigation plan, then discuss the differences between a risk mitigation plan and a contingency plan.

Explain the two primary goals to achieve when implementing a risk mitigation plan and discuss the methods of mitigation for common information system risks.

Use at least two quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. The Strayer University Library is a good location for resources.