MIS 180 CERTIFIED QUALITY EXAM NEWEST A+ SCORE
SOLUTION REVIEW
Multi-layer security solution
Discuss how the cia security triad can be implemented at the
organizational, network, application, and end user levels to
safeguard against cyberattacks.
Step 1—identify the set of it assets about which the
organization is most concerned. Priority is typically given to
those assets that support the organization's mission and the
meeting of its primary business goals.
Step 2—identify the loss events or the risks or threats that
could occur, such as a ddos attack or insider fraud.
Step 3—assess the frequency of events or the likelihood of
each potential threat; some threats, such as insider fraud, are
more likely to occur than others.
Step 4—determine the impact of each threat occurring. Would
the threat have a minor impact on the organization, or could it
keep the organization from carrying out its mission for a
lengthy period of time?
Step 5—determine how each threat can be mitigated so that it
becomes much less likely to occur or, if it does occur, has less
of an impact on the organization. For example, installing virus
protection on all computers makes it much less likely that a
computer will contract a virus. Due to time and resource
limitations, most organizations choose to focus on just those
threats that have a high (relative to all other threats)
, probability of occurrence and a high (relative to all other
threats) impact. In other words, first address those threats
that are likely to occur and that would have a high negative
impact on the organization.
Step 6—assess the feasibility of implementing the mitigation
options.
Step 7—perform a cost-benefit analysis to ensure that your
efforts will be cost effective. No amount of resources can
guarantee a perfect security system, so organizations must
balance the risk of a security breach with the cost of
preventing one. The concept of reasonable assurance in
connection with it security recognizes that managers must use
their judgment to ensure that the cost of control does not
exceed the system's benefits or the risks involved.
Step 8—make the decision on whether or not to implement a
particular countermeasure. If you decide against implementing
a particular countermeasure, you need to reassess if the
threat is truly serious and, if so, identify a less costly
countermeasure.
The general security risk assessment process—and the
results of that process—will vary by organization. Table
2.4illustrates a risk assessment for a hypothetical
organization. The estimated cost includes the cost of the direct
impact, the business disruption, the recovery efforts, and the
legal and reputational damage.
Identify eight steps that must be taken to perform a thorough
security risk assessment.
SOLUTION REVIEW
Multi-layer security solution
Discuss how the cia security triad can be implemented at the
organizational, network, application, and end user levels to
safeguard against cyberattacks.
Step 1—identify the set of it assets about which the
organization is most concerned. Priority is typically given to
those assets that support the organization's mission and the
meeting of its primary business goals.
Step 2—identify the loss events or the risks or threats that
could occur, such as a ddos attack or insider fraud.
Step 3—assess the frequency of events or the likelihood of
each potential threat; some threats, such as insider fraud, are
more likely to occur than others.
Step 4—determine the impact of each threat occurring. Would
the threat have a minor impact on the organization, or could it
keep the organization from carrying out its mission for a
lengthy period of time?
Step 5—determine how each threat can be mitigated so that it
becomes much less likely to occur or, if it does occur, has less
of an impact on the organization. For example, installing virus
protection on all computers makes it much less likely that a
computer will contract a virus. Due to time and resource
limitations, most organizations choose to focus on just those
threats that have a high (relative to all other threats)
, probability of occurrence and a high (relative to all other
threats) impact. In other words, first address those threats
that are likely to occur and that would have a high negative
impact on the organization.
Step 6—assess the feasibility of implementing the mitigation
options.
Step 7—perform a cost-benefit analysis to ensure that your
efforts will be cost effective. No amount of resources can
guarantee a perfect security system, so organizations must
balance the risk of a security breach with the cost of
preventing one. The concept of reasonable assurance in
connection with it security recognizes that managers must use
their judgment to ensure that the cost of control does not
exceed the system's benefits or the risks involved.
Step 8—make the decision on whether or not to implement a
particular countermeasure. If you decide against implementing
a particular countermeasure, you need to reassess if the
threat is truly serious and, if so, identify a less costly
countermeasure.
The general security risk assessment process—and the
results of that process—will vary by organization. Table
2.4illustrates a risk assessment for a hypothetical
organization. The estimated cost includes the cost of the direct
impact, the business disruption, the recovery efforts, and the
legal and reputational damage.
Identify eight steps that must be taken to perform a thorough
security risk assessment.
