This website uses cookies to ensure you have the best experience. Learn more

Approaches To Risk Analysis

1134 words - 5 pages

When planning any kind of project, especially an information security project, risk analysis is very important. Risk analysis, in the context of information security, is the process of assessing potential threats to an organization and the overall risk they pose to the continued operation of the organization. There are multiple approaches to risk analysis, and multitudes of literature have been published on the subject.
In their paper published in 2012, Bhattacharjee and associates introduced two approaches to the risk assessment of an information security system. Bhattacharjee and associates’ method is a two-stage method, with a consolidated analysis, identifying a single risk value for each asset, and a detailed analysis, which defines a threat-vulnerability pair for each risk factor (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012).
The method first identifies assets and defines seven requirements factors for each: confidentiality, integrity, availability, authenticity, non-repudiation, legal, and impact of loss. Each of these factors is assigned a sliding scale value based upon the intensity of the specific requirement (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012). Once all assets have been given their requirements values, the overall asset value is defined. This value is combined with the security concern value, “a function of threats and vulnerabilities associated with an asset” (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012). to assign an overall risk factor value to the asset.
Once the consolidated step is completed a detailed risk analysis is performed. This analysis begins by identifying security requirements that have been assigned a value of greater than two. Threats and vulnerabilities for these requirements are then defined. From these values a risk value is generated, which is a function of the security requirement value and the threat value (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012).
Another work by Breier and Hudec, explores the use of security metrics to support risk analysis. Breier and Hudec propose that risk analysis can heavily benefit from the use of information security metrics to “help the management decide whether the control objectives are fulfilled or not” (Breier & Hudec, 2011). The authors define four major security frameworks (Control Objectives for Information Technology, ISO/IEC 17799, Information Technology Infrastructure Library, and US NIST SP 800 Series) which can be used to help “quantify the effectiveness of security controls” (Breier & Hudec, 2011). Breier and Hudec go on to show that the ISO 27000 standards contain control objectives that should be used within an organization to ensure that security needs are being met. The authors show that metrics pulled from these standard control objectives can be utilized to determine if a particular risk factor is adequately accounted for. Finally, Breier and Hudec define a mathematical model for defining the risk...

Find Another Essay On Approaches to Risk Analysis

"Wuthering Heights" by Emily Bronte: To what extent do you see differing approaches to the analysis of your text useful in understanding the author's intention?

1507 words - 6 pages that despite our differing contexts, the textual integrity of Wuthering Heights still remains applicable to a contemporary audience. The relevance of Wuthering Heights can be seen through the exploration of universal themes that makes it a timeless literary masterpiece. Nineteenth century England was a time of great social and economic change and because of this, the idea of the 'angel in the house' emerged as the Victorian icon which played and

Give a brief analysis of current banking regulation within the United Kingdom, with particular reference to the threat of systemic risk

1904 words - 8 pages introduced which details the interaction between the Bank of England, the FSA and the Treasury in ensuring financial stability within the economy. There are four main objectives of banking regulation which are to prevent systemic risk, to protect consumers, the prevention of fraud plus money laundering and to encourage competition.The desired method of prudential regulation is to prevent unstable banks from actually entering the market place. This within

Learning-Style Responsive Approaches for Teaching Typically Performing and At-Risk Adolescents

1678 words - 7 pages Learning-style responsive approaches for teaching typically performing and at-risk adolescents. Summary: Chalk and talk lectures are hurting at-risk students achievement potential. Many at-risk students are not performing on standardized tests when they are taught using traditional teaching methods of lectures, note taking, and assigned reading and questioning. Furthermore, at-risk students usually struggle, lose interest and motivation and

The Risk Analysis Decision Making Tool

1010 words - 4 pages . Computer manufacturers employ risk management techniques in the lifecycle of a product to deal with the risks identified and evaluated in the risk assessment phase.It is also important to recognize that there are a number of distinct approaches to risk analysis. However, they are typically categorized into two types, quantitative and qualitative.Quantitative risk analysis is an approach that employs two fundamental elements; the probability of an

Risk Assessment Methods

971 words - 4 pages risk assessment are the qualitative, quantitative and semi-quantitative methods. Although for a more broad approach a combined method is usually used in order to gain a broader view (Kuo, 1998). QUALITATIVE APPROACH According to Ramona (2011) the qualitative approach is applied by small organizations. This method of risk analysis tries to establish the value of the potential loss from an identified hazard. This approach is selected when the

What´s Risk Management?

775 words - 4 pages Risk Management Risk management is the process of responding to uncertainty and potential hazards (Barnabei, 2008) which can be studied in different approaches: psychology, anthropology, sociology and interdisciplinary studies. Psychology deals with human behavior while anthropology and sociology explores on the effect of culture and societal values on the said process. The interdisciplinary approach on the other hand is the framework used to

Risks and Potential Impact Relating to Security, Auditing and Disaster Recovery

600 words - 2 pages will be on file with the insurance company and at an offsite location. System backups are also secured at an offsite location. Additionally, approaches to the elimination and minimization of the risks are suggested.Risk rating is as follows: 5 - Very High Risk; 4 - High Risk; 3 - Medium Risk; 2 - Low Risk; 1 - Very Low RiskTABLE 1 - SECURITY RISK ASSESSMENTAssets &FunctionsWeightHuman ErrorViruses, WormsTheft of Property / InformationHackers

Risk Identification Techniques

1106 words - 5 pages rejection or price cuts. Adhitya et al., (2009) argues that the risk management methods outlined can be best assessed using HAZOP-based approach. The current supply chain, as outlined in the article, has become complex and quite risky, and there is need for management to rely on approaches that can mitigate these risks. Based on the literature provided by Adhitya et al., (2009), in the article, the approaches have demonstrated ad-hoc and risk, and the

Risk Analysis

1367 words - 5 pages Risk AnalysisRisk is the possibility of something adverse happening. Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. Risk analysis should be performed to determine what is at risk when a disaster occurs. This should include such elements of a system as:·Loss of data·Loss of software and hardware·Loss of personnelBenefits of Risk

performance of mutual funds

1791 words - 8 pages relative to their mean returns and risks irrespective of weights assigned to time frames, this is achieved using two basic quadratic programming approaches. This effort is novel application of the philosophy of data envelopment analysis. This is a relatively new and non-parametric frontier estimation technique. It focuses on estimating `radial' contraction/expansion potentials. This approach eliminates a need for choosing subjective weights, to

International Financial Management: BHP

1862 words - 8 pages organization operate in a coordinated manner.On the other hand, Rio Tinto uses various tools in managing the financial risks in the business organization. The risk management approaches adopted and implemented in riot into is based on the fact that the business organization conducts a risks analysis in their financial systems of the business organization. In the risk analysis, a business organization is able to identify the various risks that can influence

Similar Essays

Sex Work And The Law: A Critical Analysis Of Four Policy Approaches To Adult Prostitution

1810 words - 7 pages Throughout Sex Work and the Law: A Critical Analysis of Four Policy Approaches to Adult Prostitution Frances Shaver discusses the need for change for women working as prostitutes. Shaver explains the ongoing problem surrounding prostitution in Canada and provides four possible ways to resolve the issue in her work. Three well thought out points Shaver writes about are the health benefits as well as personal safety for the women in the sex

Sherritt Goes To Cuba (A): Political Risk In Uncharted Territory (Case Study Analysis)

3241 words - 13 pages Sherritt Goes to Cuba (A): Political Risk in Uncharted Territory(Case study analysis)EXECUTIVE SUMMARYInvesting in developing countries requires not only an in-depth assessment of the economic, political and cultural factors involved but also the reconsideration of the investor's long-term strategies. Based on Sherritt International entry into Cuba, this case study analysis evaluates how Sherritt approached the Cuban government and how well it

Analysis Of Ministry Leaders’ Approaches To Discipleship

1954 words - 8 pages . Bertch sums up the order in which to teach: the disciple must know the “what to’s,” “why to’s,” and “how to’s” of the faith in that order. (Adsit 58-59) There are so many facets of this single dimension of discipleship one can easily become confused by going to the Christian bookstore and searching the shelves. The pastor’s and missionary’s approaches greatly differ in this area. The missionary starts in Ephesians and Romans grounding the disciple

A Risk Benefit Analysis Of Atypical Antipsychotics Clearly Indicates That They Are Superior To The First Generation Antipsychotics Both In Terms O

3448 words - 14 pages Atypical or second generation antipsychotics (SGAs) are generally replacing first generation antipsychotics (FGAs) in the treatment of schizophrenia. This report reviews the literature to report on the risk/benefit differences between the two groups. In terms of efficacy the literature is mixed; some studies report that the two groups have similar efficacy across the three main schizophrenic symptoms, or at least no clear advantage with SGAs