Our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. If you find papers
matching your topic, you may use them only as an example of work. This is 100% legal. You may not submit downloaded papers as your own, that is cheating. Also you
should remember, that this work was alredy submitted once by a student who originally wrote it.
The paper states that information security management requires both the threat assessment and the risk assessments. Security risks assessment is the term used to describe the procedures involved in the evaluation of the possibility of the occurrences of factors that affects the objectives using the information technology system…
Download full paperFile format: .doc, available for editing
Security Risk and Threat
Student’s Name
Institutional Affiliation
Security Risk and Threat
Introduction
Information security management requires both the threat assessment and the risk assessments. Security risks assessment is the term used to describe the procedures involved in the evaluation of the possibility of the occurrences of factors that affects the objectives using the information technology system (Renfroe & Smith, 2016). It can indicate the improvements that are done on the security or identify the gaps that still exist (Praxiom, 2015).
The security risk assessment access the organization based on the attackers perspective. It gives an analysis that can allow the company to access and enhance their security positions. The risk assessment on an organization security is done by the companies to establish the worth of the organizational data that is available (Bayne, 2002). The risk assessment is geared towards offering a quantitative possibility of the occurrences of the events that may hamper organization’s objectives.
The security threat assessment, on the other hand, tries to focus on all the possible factors that may affect the security whether natural or not (Holmberg & Evans, 2003). The threat assessment is usually done by identification of the threat types and categorizing them as either natural or accidental. The threats, especially from the attackers, may have a similar intention of sabotaging the applications (INFOSEC, 2014). Threat identification and assessment of the security is, therefore, a paramount process that assists in focusing the assessment operations within the organization (INFOSEC, 2014). It also hastens the discovery of the vulnerabilities within the security system that can be weighted and given attention based on their probabilities.
Similarities of the Security Threat Assessment and Security Risk Assessment
An organizational security assessment of risks and threats tend to have a similar focus. Despite the different methodologies employed in these assessments, they both aim at protecting the security framework (Colwill, 2009). The assessments tend to strive to assist in designing better procedures that can offer security protection.
The assessment techniques are also geared towards the identification of the threats and the threats that the information system may be experiencing (Tipton, & Krause, 2003). It, therefore, assists in the mitigation of these eventualities by either preventing their occurrences or by reducing the possible damage that they can cause (Praxiom, 2015).
Both assessment techniques establish the implications of the threats and risks on the security system thus assisting in minimizing their potential effects (Ralston, Graham, & Hieb, 2007). They, therefore, assist in the describing the main object in the applications that are used for security. The assessment methods thus assist the organizations in ensuring that they maximize the utilization of the available security resources.
Both the risk assessment technique and the threat assessment technique have a goal of establishing ways in which the exposure to the damage or loss can be reduced (Praxiom, 2015). The techniques tend to offer recommendations, which are usually used as the measure of their outcomes (Bernard, 2007). The suggestions approved by these assessments are often handled with high integrity and confidentiality as a means of protecting the security system (Bayne, 2002). The processes are usually collaborative involving the use of internal resources and external resources based on the situation being analyzed. The scope of both the assessments specifies what needs to be protected and the extent to which the protection is offered (Ralston, et al., 2007). The sensitivity level of the security applications usually depends on the knowledge of the analyst. Setting the scope in both the assessments is crucial in establishing whether the assessment should adopt the internal or the external perspective. It is because the context in which the security assessment is carried out is capable of influencing the security management.
Security threat assessment and risk assessment also possess some similarities in the data collection processes. The assessment techniques involve identification of all the necessary policies and procedures within the organization that can assist in the assessment process (Bayne, 2002). The information regarding the policies and procedures is usually retrieved from the present documents, and if they were undocumented, then an interview is conducted for the organizational employees. Either the interviews can be in the form of the questionnaires, or they can be done as a survey. The data collection stage in both the assessments gathers the information based on the current state of the security systems (Parker, 1981). In the data collection process the possible vulnerabilities that the security system is exposed to are also identified in both the security assessment methods.
Both assessment methods compare in the analysis of the identified policies and procedures. The step is crucial in both assessments as it enhances the understanding of the compliance level of the organization regarding the security applications.
The assessment methods also incorporate the step that analyses acceptable risks or threats (Bayne, 2002). In this stage, the assessment methods strive to measure whether the existing previously identified policies and procedures can offer effective protection to the security system. In so doing, both the assessment methods at this stage are capable of identifying whether the previously identified vulnerabilities in the security system were mitigated or not (Feng & Li, 2011). The system security analyst determines the threat and risks that are acceptable in the organizational security system. It is done by defining the security measures that are more effective and ensuring that they are used as the ineffective measures are detached from the system security protection (Chen, Paxson, & Katz, 2010). Despite the fact that most organizations try to cut down the costs involved in the security protection, the assessments at this level are capable of identifying g all the appropriate recommendations that can safeguard the information system in an appropriate manner.
Differences between Security Threat Assessment and Security Risk Assessment
While the security threat assessment focuses on all the possible factors that may affect the security whether natural or not, the security risk assessment tries to identify different factors that may affect the organizational security (CPNI, 2013). The security risk assessment involves an analysis that includes even the risks that the security management process may experience (Todd Sr, Glahe & Pendleton, 2001).
The security risk assessment is usually consequential in nature and strives to determine the likelihood of the occurrence of different risks (Fein, Vossekuil, & Holden, 1995). The security threat assessment, on the contrary, can be either qualitative or quantitative in nature.
Another significant difference that exists between the security threat assessment and the security risk assessment is the methodology that is employed to carry them out. The threat assessment of the security uses the threat metrics in the characterization of the security threats within an organization (Gleichauf, Randall, Teal, Waddell & Ziese, 2001). The metrics models elaborate how the threats and anomalies for the security system take place (Bayne, 2002). It highlights the proximity of different vulnerabilities that exists within the organization security system and establishes the potential magnitude they may have to the security. The term metric represents a measure and as such, threat metrics can yield both qualitative and quantitative threat analysis that can clearly indicate the results on how to manage the risks (Landoll & Landoll, 2005). Another method employed in the identification of threats in threat assessment is the threat models (Trend Micro, 2009). The models are also measurement structures that are adopted to enhance the consistency and to minimize biases during the security threat analysis (Bayne, 2002). A generic threat matrix is also applied in the security threat analysis to help in the categorization f the threats depending on their nature (Bayne, 2002). The generic threat matrix is also labeled into different magnitudes that denote various threat levels and can, therefore, quantify the threat.
In the risk assessment, methodology a checklist is implemented in the identification of the possible risks and threats. The checklist operates by identifying all the possible questions that may cause risks (Praxiom, 2015). It is usually adopted to enhance the creativity during risk assessment. A what-if analysis model that establishes all the possible eventualities that may contribute to risks can also be implemented during identification of risks (INFOSEC, 2014). It answers all the questions on the consequences of any mistake. It is usually carried out as a brainstorming activity for the system security analysts. In some cases, the risk assessment may involve the use of both the checklists and what-if analysis (Praxiom, 2015). The risk assessment methodology can also assume the use of a fault tree or conduct a hazard operability study in the security system to identify the all the possible causes of security risks.
Conclusion
The threat and the risk assessment of the security is a very significant step in the protection of the security system (Ullman, 1983). The assessment should not be regarded as the means to the end, but they should rather be done frequently to identify and mitigate different threats and risks that the security systems are facing (Borum, Fein, Vossekuil, & Berglund, 1999). The security threat and risk assessment have various similarities regarding their scope and objectives, but they are different especially in the models and techniques that are employed in collecting the information. The security threat assessment also tends to be quantitative in its outcome as compared to the security risk assessment due to the different models and techniques it employs. To improve the veracity, efficiency, and availability of the system used in information distribution, it is important that an organization conduct both the security assessment methods to fully identify both the threats and the risks and further mitigate them for proper security management (Landoll & Landoll, 2005). To identify the security gaps on time, the security assessments should be carried out at the beginning of the system development cycle to clearly identify its needs.
References
Bayne, J. (2002). An Overview of Threat and Risk Assessment. Sans.org. Retrieved 25 August 2016, from https://www.sans.org/reading-room/whitepapers/auditing/overview-threat-risk-assessment-76
Bernard, R. (2007). Information Lifecycle Security Risk Assessment: A tool for closing security gaps. Computers & Security, 26(1), 26-30.
Borum, R., Fein, R., Vossekuil, B., & Berglund, J. (1999). Threat assessment: Defining an approach to assessing risk for targeted violence. Behavioral Sciences & the Law, 17.
Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5 January, 20(2010), 2010-5.
Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days?. Information security technical report, 14(4), 186-196.
CPNI,. (2013). Personnel Security Risk Assessment. Cpni.gov.uk. Retrieved 30 August 2016, from http://www.cpni.gov.uk/documents/publications/2010/2010037-risk_assment_ed3.pdf?epslanguage=en-gb
Fein, R. A., Vossekuil, B., & Holden, G. A. (1995). Threat assessment: An approach to prevent targeted violence (Vol. 2). Washington, DC: US Department of Justice, Office of Justice Programs, National Institute of Justice.
Feng, N., & Li, M. (2011). An information systems security risk assessment model under uncertain environment. Applied Soft Computing, 11(7), 4332-4340.
Gleichauf, R. E., Randall, W. A., Teal, D. M., Waddell, S. V., & Ziese, K. J. (2001). U.S. Patent No. 6,301,668. Washington, DC: U.S. Patent and Trademark Office.
Holmberg, D. G., & Evans, D. (2003). Bacnet wide area network security threat assessment. US Department of Commerce, National Institute of Standards and Technology.
INFOSEC. (2014). Cyber Threat Analysis - InfoSec Resources. InfoSec Resources. Retrieved 25 August 2016, from http://resources.infosecinstitute.com/cyber-threat-analysis/
Landoll, D. J., & Landoll, D. (2005). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press..
Parker, D. B. (1981). Computer security management. Reston, VA: Reston Publishing Company.
Praxiom. (2015). Risk Assessment Methods and Procedures. Praxiom.com. Retrieved 26 August 2016, from http://www.praxiom.com/risk-assessment.htm
Ralston, P. A., Graham, J. H., & Hieb, J. L. (2007). Cyber security risk assessment for SCADA and DCS networks. ISA transactions, 46(4), 583-594.
Renfroe, N. & Smith, J. (2016). Threat/Vulnerability Assessments and Risk Analysis | Whole Building Design Guide. Wbdg.org. Retrieved 30 August 2016, from http://www.wbdg.org/resources/riskanalysis.php
Tipton, H. F., & Krause, M. (2003). Information security management handbook. CRC Press.
Todd Sr, R. E., Glahe, A. C., & Pendleton, A. H. (2001). U.S. Patent No. 6,185,689. Washington, DC: U.S. Patent and Trademark Office.
Trend Micro,. (2009). Security Threat Assessment. Retrieved 30 August 2016, from http://www.trendmicro.com/cloud-content/us/pdfs/business/datasheets/ds_security-threat-assessment.pdf
Ullman, R. H. (1983). Redefining security. International security, 8(1), 129-153.
Read
More
This paper will outline and discuss the negative aspects of public affairs.... Public Affairs plays a vital role in our routine missions and moulds the scope of the battlefield consistent with combat operations.... Public media is a key ingredient of this moulding.... ... ... ... The use of Public Affairs instils a sense of trust and belief in our military leaders and the forces they command....
The conflict represents 'the nadir of the cold war', being a 13-day confrontation that moved the closest to explosion point in terms of the threat of use of nuclear weapons, yet ended in a clean cut conclusion that finally settled the conflict.... The position taken by the EX-COM was simple – the Soviet Union had secretly begun to install missiles with nuclear capability in Cuba which posed 'a threat to peace' and as a result, their deployment was 'intolerable and not acceptable....
However, objectives of Security Risk and Threat assessment do vary from one organization to the other; this is because of contextual differences and potential and expected risks identified (Talbot and Jakesman, 2009).... Careful study of risks and threats in an organization constitute significant assessments of both the threats and risks which leads to an effective and efficient risk and threat management systems (Sutton, 2010).... Security has embraced the principles and application of risk management, for instance, a probabilistic risk approach to measure risk and aid decision making (Talbot & Jakeman, 2008)....
This paper will present the similarities and differences between risk assessment and threat assessment.... The paper 'Security Threat and security risk Assessments' is a brilliant example of an essay on management.... The paper 'Security Threat and security risk Assessments' is a brilliant example of an essay on management.... The paper 'Security Threat and security risk Assessments' is a brilliant example of an essay on management....
The paper "Security Threat Assessment and security risk Assessment" highlights the importance of auditing in the security system, the process of risk assessment used to mitigate the consequences of risk, the vulnerability rating, and assess the action plan for the specific threat and risk.... A security risk assessment looks at procedures that can be implemented to reduce the effect of the threats.... The study will seek to compare and contrast between a security threat assessment and a security risk assessment (Lo, C....
Consequently, organizations utilize security risk assessment and security threat assessments interchangeably (Umberger & Gheorghe, 2011).... The paper "Security threat and Risk Assessment" is an excellent example of an essay on management.... The paper "Security threat and Risk Assessment" is an excellent example of an essay on management.... As a result, different institutions globally are relying on security and experts on risk assessment in assessing a wide range of security risks and assessment of the threat....
Similarities between the Procedures Foremost, one of the similarities of risk and threat assessment arises from the objectives of both processes.... "Security Threat and security risk" paper examines the similarities and differences between the two procedures.... The paper "Security Threat and security risk" is a brilliant example of a term paper on management.... It is imperative for professionals to have the ability to distinguish between security risk assessment and security threat assessment....
However, despite the countless provocations facing the security sector, some of them are solvable through the process of Security Risk and Threat assessment.... The scope of this essay principally is in the critical assessment of risk and threat through a comparison of their similarities and differences besides the consideration of their importance in the security domain.... security risk assessment, therefore, is the process of identifying, evaluation and analyzing the contingencies to safety by determining the probability of their occurrence and the impacts emerging from it....
6 Pages(1500 words)Essay
sponsored ads
Save Your Time for More Important Things
Let us write or edit the essay on your topic
"Security Risk and Threat"
with a personal 20% discount.