1 Assets and Risk Management

Assets and Risk Management

Ravikumar Patel (SU200245464)

Strayer University

Instructor’s Name: Dr. Glenn Hines

CIS 527 Information Technology Risk Management

Date-01/22/2018
2 Assets and Risk Management

Explain at least two (2) different risk assessment methodologies.

There are two essential sorts of hazard appraisals. These hazard evaluations are

quantitative and subjective. Quantitative, "is a goal technique. It utilizes numbers, for example,

genuine dollar esteems." (Gibson, 2015, p. 117). To utilize the quantitative strategy there is a

considerable measure of information that is required and getting this information can require

some investment. However, once the information is accessible the hazard evaluation is only a

math issue that should be worked out. The responses to the issues will make it with the goal that

the hazard can be organized.

Also, there is the subjective strategy. "This is a subjective strategy. It utilizes relative

esteems in view of sentiments from specialists." (Gibson, 2015, p. 117). The specialists will give

their conclusions on the likelihood of the effect of dangers that would be included. Once the

directors got the conclusions of the specialists they could then do likewise as previously and

organize the dangers.

At that point there is a mix of the two, Semi-quantitative hazard appraisal. This is the

place specialists are utilized and in addition the qualities that will be spared or lost

simultaneously. The directors will get the conclusions of the specialists and in addition the dollar

sums that will be influenced by the dangers. At that point they will settle on their choices in view

of the two discoveries rather than simply the either.

OWASP Risk Rating Methodology:

3 Assets and Risk Management

Consider how laborers i.e. other people who might be adjacent like contractual workers

or organization, may be crippled. Demand your laborers what they trust the vulnerabilities are, as

they may watch things that are not reasonable to you and may have various great considerations

on the best way to deal with the risks. For each powerlessness you require to be obvious with

respect to who may be crippled; it will encourage you perceive the best strategy for ascertaining

the hazard (Tomhave, 2014).

Key Approche to identifying threats relevant:

To start with how about we make a point to characterize dangers, so everybody knows

precisely what will be distinguished. "A risk is any action that speaks to a conceivable peril. This

incorporates any conditions or occasions with the possibility to cause an unfriendly effect."

(Gibson, 2015, p. 194). This can affect privately, uprightness, and accessibility. These dangers

can even be separated further to, human or common. Classification is keeping the organizations

insider facts mystery. Uprightness is keeping everything together, like information or gear. At

that point Availability sort of runs with honesty also. If the uprightness is great on the gear. At

that point the accessibility ought to be great also. Since accessibility is having the gear when

required.

At that point dangers are for the most part ordered as a human or regular risk. Human

dangers can be either inside, like representatives, or outside dangers. At that point the

characteristic dangers resemble climate or not man made. The inside dangers could be a

disappointed representative or one that is attempting to steal from the organization. The outer

dangers would be the assaults that programmers dispatch toward the system, attempting to obtain
4 Assets and Risk Management

entrance. Once any of these dangers hit the framework, there could be a (DoS), dissent of

administration, to the system. This would cause loss of business through the representatives not

having the capacity to get stock or supplies requested or conveyed. Additionally, it would shield

clients from having the capacity to get on the site page for the organization. All these future

inconvenient to the organization. Not simply monetarily, but rather in dependability from the

client’s perspective. Every one of these things portrayed are purposes behind danger or hazard

appraisals to be finished.

Informal method:

In various conditions, there is nothing amiss with investigation the variables and

fundamentally catching the reactions. The analyzer ought to accept through the components and

perceive the clarification "driving" factors that are controlling the result. The analyzer may

discover that their early introduction was erroneous by considering highlights of the hazard that

weren't justifiable.

Describe different types of assets that need protection:

There are numerous sorts of advantages that need security. Some of these benefits are

equipment, programming, work force, and information and data resources. Each organization has

a type of a blend of these advantages. There are significantly more that are not specified here.

Since resources are, "property possessed by a man or organization, viewed as having worth and

accessible to meet obligations, duties, or inheritances." (Dictionary.com, 2016). Resources can

be either physical or money related. Be that as it may, for this discourse the physical side is the

thing that will be gone over. It has a money related an incentive too however.
5 Assets and Risk Management

Equipment resources are hardware that you can touch with your hands. These advantages

incorporate every one of the parts to the system, databases, switches, switches, workstations,

firewalls, and different peripherals. This could likewise be the gear used to make things and the

various things in the sequential construction systems.

Programming, then again is the projects that are having to run all the equipment. You can

not physically touch it, but rather it is there running out of sight and controlling the equipment,

systems, and all the distinctive peripherals. For both programming and equipment, the

organization must know every one of the information for the particular bit of gear of program.

Hardware would should be logged to where it was found, serial and model numbers, make, parts

like processors and RAM, and different gadgets that are connected to it. Programming would

should be logged with the framework where introduced, name, form, and administration packs

that have been introduced.

Faculty resources are generally the ones working for your organization. Be that as it may,

you can take a gander at the clients and providers as resources too. On the off chance that you

don't have clients you can't make any deals. On the off chance that there are no providers, the

production lines can't make the things to offer. Concerning the representatives, they are resources

as well. On the off chance that the organization does not have solid workers. It won't have the

capacity to work effectively. With respect to your workers, ensure there are sufficient to carry

out the activity and have them broadly educated too. Along these lines, in the event that

somebody doesn't appear, there will in any case be somebody that can carry out the activity for

that person.
6 Assets and Risk Management

Information and data resources is the data held in the organization's PCs and databases.

This information could be data about how the organization functions, licenses, trademarks, and

other organization privileged insights. At that point there is the information gathered on the

clients and providers. This information is at any rate secret if not a higher characterization. In

this way, the organization needs to take activities to secure the faculty data on every last one of

these advantages. Regardless of whether there is assurance of these advantages. They can even

now be traded off now and again. Take a gander at Target a couple of years back when there

charge card perusers got hacked into. The programmers got data on a great many clients amid the

shopping extravaganza following Thanksgiving shopping. (Sidel, Yadron, and Germano, 2013).

So regardless of whether you think it is protected. There still might be a possibility that

somebody will get into the framework.

Explain the relationship between access and risk and identify the tradeoffs of restricting

access to the organization’s assets.

In the first place, the connection amongst access and hazard. There is a connection

between the two. If the benefits have simple access to them, there will be more dangers that they

could be bargained. In this way, this is the place the prioritization of the benefits and dangers

become possibly the most important factor. The higher the dangers are that they will cause more

harm. At that point there ought to be a larger amount of control to restrain the entrance to the

information to just the general population that need get to.

The tradeoffs of confining access to the association's advantages would be that if the

general population that have the entrance are not around at the time data is required. It could
7 Assets and Risk Management

hamper a deal or business exchange. That is the reason, as expressed over that there ought to be

more than one individual for each activity. There is somebody to fall back onto if necessary. In

addition, with the prioritization this all can be investigated also. In the event that they know the

data might be required frequently. The directors may need to reduce the controls a little for this

information.

All in all, it is difficult to make tracks in an opposite direction from dangers in business.

There are great and terrible dangers engaged with nearly everything a business does. The main

thing is that organizations will attempt to remain with dangers that are not all that terrible. In the

event that there are a few dangers that can't be maintained a strategic distance from. At that point

the business needs to make sense of a work around. This is pass the dangers on to another

organization or motivate protection to cover the likelihood of the hazard happening.

References:

Controlling the risks in the workplace. (2012, March 25). Retrieved from

http://www.hse.gov.uk: http://www.hse.gov.uk/risk/controlling-risks.htm

Identifying and classifying assets. (2002, Dec). Retrieved from

http://www.networkmagazineindia.com: http://www.networkmagazineindia.com/200212/security2.shtml

Tomhave, B. (2014, jan 30). Comparing Methodologies for IT Risk Assessment and Analysis. Retrieved
from

https://www.gartner.com: https://www.gartner.com/doc/2659816/comparing-methodologies-it-risk-
assessment

cippguide.org. (n.d.). InfoSec Risks, Threats, Vulnerabilities & Countermeasures. Retrieved from

www.cippguide.org: https://www.cippguide.org/2011/11/22/infosec-risks-threats-vulnerabilities-

countermeasures/
8 Assets and Risk Management

Gibson, D. (2015). Managing Risk in Information Systems. (2nd). Retrieved from

https://strayer.vitalsource.com/#/books/9781284107753/