SEC280 Course Discussions Week 7

$8.50

SEC280 Course Discussions Week 7
Your CEO says to you, “You mentioned that risks always exist. If I take enough measures, can’t I eliminate…

SKU: SEC280 Discussions Week 7 Categories: , Tags: , , ,

Description

SEC280 Course Discussions Week 7

SEC280 Course Discussions Week 7

All Students Posts – 24 Pages 

Mitigating Risk – 12 Pages 

Your CEO says to you, “You mentioned that risks always exist. If I take enough measures, can’t I eliminate risks?” Explain why risks always exist. What are some of the ways you can quantify risk in order to determine how and where to take measures e.g. spend money?
In addition to mitigating risk or transferring risk, it may be acceptable for a manager to accept risk in that despite the potential cost of a given risk and its associated probability, the manager of the organization will accept responsibility for the risk if it does happen.

The manager accepts the risk that the programmer could possibly make unauthorized changes because of the high-availability requirement of that system.

There should always be some additional controls such as a management review or a standardized approval process to ensure the assumed risk is adequately managed.

One final thought to keep in mind is that the risk itself doesn’t really change, no matter what actions are taken to mitigate that risk.

Actions can be taken to reduce the impact of that risk if it occurs…

Incident Handling – 12 Pages 

Let’s start the week by discussing the incident-handling process. Risk management involves the process of understanding vulnerabilities and providing the appropriate level of security to handle the possibilities. When an incident occurs, we need to effectively identify how it occurred and what we will do to see that it is less likely to occur in the future. Who are the members of the IRT?

Once the incident response team has determined that an incident most likely has occurred, it must attempt to quickly contain the problem.

At this point, or very soon after containment begins, depending on the severity of the incident, management needs to decide whether the organization intends to prosecute the individual who has caused the incident, in which case collection and preservation of evidence is necessary, or simply wants to restore operations as quickly as possible without regard to possibly destroying evidence.

In certain circumstances, management might not have a choice, such as if specific regulations or laws require it to report incidents.

If management makes the decision to prosecute, specific procedures need to be followed in handling potential evidence.

The incident response team must decide how to address containment as soon as it has determined that an actual incident has occurred.

Another response might be to stay connected and attempt to determine the origin of the intruder.

Your incident response policy should identify who is authorized to make this decision…