Threat for Information Technology - Research Paper Example

1. Discuss the difference between a “Threat” and a “Threat Agent”. A “Threat” is anything that brings danger to an asset while a “Threat Agent” is an individual or group that spreads the threat.
2. What are the typical steps in the Risk Assessment Process? According to Edward, the typical steps in the Risk Assessment process are the following: System Characterization, Threat Identification, Vulnerability Identification, Control Analysis, Likelihood Determination, Impact Analysis, Risk Determination, Control Recommendations, and Documentation findings.
3. Provide four examples of physical security safeguards. Install antivirus software, make the room fireproof and earthquake-proof, back up the data, and continuous power supply.
4. Define/describe the concept of criticality as it relates to asset valuation. The concept of criticality as it relates to asset valuation is to show how important is the asset to the mission.
5. Briefly explain the difference between the qualitative and quantitative risk analysis processes. The qualitative risk analysis process is done through the use of questionnaires and workshops to calculate the relative values of assets while a quantitative risk analysis is done by assigning hard financial values to assets.
6. Why is it so necessary to have a diversified team with a variety of experiential and work-related backgrounds for the RA? It is necessary to have a diversified team with a variety of experiential and work-related backgrounds for the RA to be able to bring out their knowledge, experience, and understanding about the assessment and to respond effectively to new dangers as they arise.

7. a) Briefly describe how each selection below is a threat to a network and b) list two vulnerability examples that you would look for/interview for when researching each. Do not provide the same vulnerability for more than one threat.
1. Inadequate environmental controls.
The computer software will crash or will have system failure that results in software bugs, power failures, and malfunction of the system. The improper use of computers by humans and the system was not designed well are the vulnerability examples of this kind of threat.
2. Misuse of computer resources
They can create a serious risk to information security. Using unauthorized personal devices such as USBs on secure networks and passing secret information over nonsecure methods or systems to get information are vulnerable examples of this kind of threat.
3. Unauthorized communication alteration
This threat alters or removes information from files. Read More