Risk
Assessment Professor Veletsos 4/30/2016 9:51:20 PM
Colleagues, as you explore and explain each question, such as Risk Analysis, please feel free
to give us examples, real-life situations, or something you read about applicable challenges
(and cite as necessary).
RE: Risk
Assessment Jennifer Wheeler-Davis 5/1/2016 7:25:40 PM
Modified:5/1/2016 7:27 PM
According to this week's lecture, "A risk analysis (RA) is a process by which
threats and vulnerabilities to an organization can be identified." Risk
analyses identify the probability and impact of various events on an
organization or system. In healthcare, I'm most familiar with using
Failure Modes and Effects Analyses (FMEA) to determine the
probability and severity of numbers potential events so actions can be
prioritized. For instance, the impact and probability of giving
medication A to the wrong patient may be much more severe than
giving medication B to the wrong patient so an organization
would prioritize action plans to mitigate the risks of giving
medication A to the wrong patient before medication B.
Reference: Define Risk. Week 1 Lecture. Risk Management. Keller Graduate
School of Management. Retrieved on May 1, 2016.
RE: Risk
5/3/2016 10:28:09 AM
Assessment Ivy Amy Dzimadzor
What is risk Analysis? How is risk analysis different from a vulnerability assessment?
Hello Professor and Class,
"Risk analysis is the process that allows management to demonstrate that it has met its
obligation of due diligence when making a decision about moving forward with a new
project, capital expenditure, investment strategy, or other business processes." Risk
analysis is different from a vulnerability assessment in the sense that performing a
vulnerability assessment is the process of identifying, quantifying, and prioritizing the
vulnerabilities in a company’s system. For example performing a vulnerability scan helps
in detecting if there are any gaps in the system that needs mitigation. I think risk analysis is
the bigger umbrella that management uses or looks at for decision making while a
vulnerability assessment is just the process to identify threats in the organization’s
network/system periodically.
Reference:
, Peltier, Thomas R. Information Security Risk Analysis, Third Edition, 3rd Edition.
Auerbach Publications, 20100316. VitalBook file. Pg.58
RE: Risk
Assessment Grant Cummings 5/7/2016 9:55:18 PM
Thanks for the example. I have also worked with analyzing risk. My experience comes
from the information technology area. As a manager in information technology it is
important to understand where your risks in order abilities are. Documenting your risks and
vulnerabilities is a first step to identifying how to build plans around these items. I have
been able to build the medication plans for various projects that I've been a part of.
RE: Risk
Idrissa Abdul Sangarie 5/4/2016 7:35:20 PM
Assessment
According to our lecture note risk analysis is “a process by which threats and vulnerabilities to an organization can
be defined” analyzing the risk is looking for the vulnerability and the, assessing then and finding the solution to
mitigate the risks. Vulnerability is the weakness and when you identified the weakness then you can have the
opportunity to analyze the weakness and find the ways to make it to your strength or prevent it to become a major
threats if it not already one. Example I am working for www. worlddove.com a new social network site that was
just form, one of the vulnerability of the site from business perspective is engaging the customers , and that was
the vulnerability, when I identify that as a vulnerability then I have the chance to analyze the situation the
weakness the good and the bad if it is not treated seriously, discussion it with the administration and the , they
deem it necessary to make it a huge priority.
RA and
Vulnerability 5/2/2016 3:29:11 PM
Shonita Stevenson
Assessments
What is Risk Analysis? How is risk analysis different from a vulnerability assessment?
Risk Analysis is a process for threats and vulnerabilities to be identified. The process can involve
analysis of those threats to determine probability that the organization may be exposed to such as;
impact, criticality (threats) The risk analysis can also determine through what threats are to be
mitigated and/or determine the threshold of what assets, or physical components at are higher ,
medium
, or low risk.
The Vulnerability Assessment is where the gaps or openings are identified within the organization and
then can be labeled or classified through the means of countermeasures that can be evaluated and then
deployed.
The difference between the two is the risk analysis identifies all potential threats and what the impact
could be … the threat of the potential vulnerability is recognizing the threat and mitigating the risk
prior to it happening or understanding how to remove the threat with use of countermeasures.
a. The qualitative- will ensure to improve awareness of Information systems security
problems and the security posture of the system(s) being analyzed
b. The quantitative – will identify where security controls should be in place or implemented and
the potential cost for the lost.
RE: RA and
Vulnerability 5/2/2016 5:11:17 PM
Mark Reyes
Assessments
IT Risk Analysis Report is used to align technology objectives with its businesses objectives. As
Shonita pointed out a risk analysis report can be either quantitative or qualitative.
With a quantitative risk analysis a attempt is made to numerically determine the probabilities of
various adverse events and the likely extent of the losses if a particular event takes place. This
means it places a numerical percentage that the likelihood an event may happen.
Qualitative risk analysis which is more commonly used does not use numerical probabilities.
Instead it involves defining the various threats, determining the extent of vulnerabilities and
devising countermeasures should an attack occur. This methods specifically defines threats and to
how severe the effects may be if these threats do occur.
http://searchmidmarketsecurity.techtarget.com/definition/risk-analysis
RE: RA and
Vulnerability Jason Chandonnet 5/3/2016 8:37:12 AM
Assessments
That is a good point for both types of risk analysis. Both become important as quantitative
is going to provide a better percentage of possibility that something will happen. If the
percentage can decrease, there will be less events to be concerned about. As for qualitative,
it is needed to point out what events or occurrences will happen. With security, the best
thing is to know how to decrease the risks and what will cause the risks to occur in the first
place. It won't be a total solution but does create prevention methods. The vulnerability
assessment is used to identify, rank and quantify any vulnerability with information on
Assessment Professor Veletsos 4/30/2016 9:51:20 PM
Colleagues, as you explore and explain each question, such as Risk Analysis, please feel free
to give us examples, real-life situations, or something you read about applicable challenges
(and cite as necessary).
RE: Risk
Assessment Jennifer Wheeler-Davis 5/1/2016 7:25:40 PM
Modified:5/1/2016 7:27 PM
According to this week's lecture, "A risk analysis (RA) is a process by which
threats and vulnerabilities to an organization can be identified." Risk
analyses identify the probability and impact of various events on an
organization or system. In healthcare, I'm most familiar with using
Failure Modes and Effects Analyses (FMEA) to determine the
probability and severity of numbers potential events so actions can be
prioritized. For instance, the impact and probability of giving
medication A to the wrong patient may be much more severe than
giving medication B to the wrong patient so an organization
would prioritize action plans to mitigate the risks of giving
medication A to the wrong patient before medication B.
Reference: Define Risk. Week 1 Lecture. Risk Management. Keller Graduate
School of Management. Retrieved on May 1, 2016.
RE: Risk
5/3/2016 10:28:09 AM
Assessment Ivy Amy Dzimadzor
What is risk Analysis? How is risk analysis different from a vulnerability assessment?
Hello Professor and Class,
"Risk analysis is the process that allows management to demonstrate that it has met its
obligation of due diligence when making a decision about moving forward with a new
project, capital expenditure, investment strategy, or other business processes." Risk
analysis is different from a vulnerability assessment in the sense that performing a
vulnerability assessment is the process of identifying, quantifying, and prioritizing the
vulnerabilities in a company’s system. For example performing a vulnerability scan helps
in detecting if there are any gaps in the system that needs mitigation. I think risk analysis is
the bigger umbrella that management uses or looks at for decision making while a
vulnerability assessment is just the process to identify threats in the organization’s
network/system periodically.
Reference:
, Peltier, Thomas R. Information Security Risk Analysis, Third Edition, 3rd Edition.
Auerbach Publications, 20100316. VitalBook file. Pg.58
RE: Risk
Assessment Grant Cummings 5/7/2016 9:55:18 PM
Thanks for the example. I have also worked with analyzing risk. My experience comes
from the information technology area. As a manager in information technology it is
important to understand where your risks in order abilities are. Documenting your risks and
vulnerabilities is a first step to identifying how to build plans around these items. I have
been able to build the medication plans for various projects that I've been a part of.
RE: Risk
Idrissa Abdul Sangarie 5/4/2016 7:35:20 PM
Assessment
According to our lecture note risk analysis is “a process by which threats and vulnerabilities to an organization can
be defined” analyzing the risk is looking for the vulnerability and the, assessing then and finding the solution to
mitigate the risks. Vulnerability is the weakness and when you identified the weakness then you can have the
opportunity to analyze the weakness and find the ways to make it to your strength or prevent it to become a major
threats if it not already one. Example I am working for www. worlddove.com a new social network site that was
just form, one of the vulnerability of the site from business perspective is engaging the customers , and that was
the vulnerability, when I identify that as a vulnerability then I have the chance to analyze the situation the
weakness the good and the bad if it is not treated seriously, discussion it with the administration and the , they
deem it necessary to make it a huge priority.
RA and
Vulnerability 5/2/2016 3:29:11 PM
Shonita Stevenson
Assessments
What is Risk Analysis? How is risk analysis different from a vulnerability assessment?
Risk Analysis is a process for threats and vulnerabilities to be identified. The process can involve
analysis of those threats to determine probability that the organization may be exposed to such as;
impact, criticality (threats) The risk analysis can also determine through what threats are to be
mitigated and/or determine the threshold of what assets, or physical components at are higher ,
medium
, or low risk.
The Vulnerability Assessment is where the gaps or openings are identified within the organization and
then can be labeled or classified through the means of countermeasures that can be evaluated and then
deployed.
The difference between the two is the risk analysis identifies all potential threats and what the impact
could be … the threat of the potential vulnerability is recognizing the threat and mitigating the risk
prior to it happening or understanding how to remove the threat with use of countermeasures.
a. The qualitative- will ensure to improve awareness of Information systems security
problems and the security posture of the system(s) being analyzed
b. The quantitative – will identify where security controls should be in place or implemented and
the potential cost for the lost.
RE: RA and
Vulnerability 5/2/2016 5:11:17 PM
Mark Reyes
Assessments
IT Risk Analysis Report is used to align technology objectives with its businesses objectives. As
Shonita pointed out a risk analysis report can be either quantitative or qualitative.
With a quantitative risk analysis a attempt is made to numerically determine the probabilities of
various adverse events and the likely extent of the losses if a particular event takes place. This
means it places a numerical percentage that the likelihood an event may happen.
Qualitative risk analysis which is more commonly used does not use numerical probabilities.
Instead it involves defining the various threats, determining the extent of vulnerabilities and
devising countermeasures should an attack occur. This methods specifically defines threats and to
how severe the effects may be if these threats do occur.
http://searchmidmarketsecurity.techtarget.com/definition/risk-analysis
RE: RA and
Vulnerability Jason Chandonnet 5/3/2016 8:37:12 AM
Assessments
That is a good point for both types of risk analysis. Both become important as quantitative
is going to provide a better percentage of possibility that something will happen. If the
percentage can decrease, there will be less events to be concerned about. As for qualitative,
it is needed to point out what events or occurrences will happen. With security, the best
thing is to know how to decrease the risks and what will cause the risks to occur in the first
place. It won't be a total solution but does create prevention methods. The vulnerability
assessment is used to identify, rank and quantify any vulnerability with information on
