StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Risk Analysis and Threat Assessment - Term Paper Example

Cite this document
Summary
The paper 'The Risk Analysis and Threat Assessment' presents a threat assessment methodology that will provide the means to analyze and understand the threat agents in order to anticipate their moves and ways of engagement. Until now, threat assessment was just a part of risk analysis…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.6% of users find it useful
The Risk Analysis and Threat Assessment
Read Text Preview

Extract of sample "The Risk Analysis and Threat Assessment"

Four 2 Page Papers Swarnambika S Academia Research Risk Analysis and Threat Assessment A threat assessment methodology will provide the means to analyse and understand the threat agents in order to anticipate their moves and ways of engagement. Until now, threat assessment was just a part of risk analysis. Risk analysis is a process to assist management in defining where time and money should be spent (Nosworthy, 2000). There are two types of risk analysis, the quantitative and the qualitative. The first is a mathematical approach based on probabilities and the second is a high/medium/low approach. Unfortunately the majority of threats defy all sorts of probability analysis. The reasons for conducting a risk assessment are (Neumann, 1995; Smith, 1993; Reid and Floyd, 2001; Katzke, 1988; Hancock, 1998; Brewer, 2000): new threats, new technology, new laws and new available safeguards. The issue taken for the risk analysis and threat assessment was the students’ violent behaviour at school. The aim of the assessment was to identify the next rebel by developing the profile of a typical rebel. To achieve this, a four spiked model of assessment was designed. This model provides a framework for evaluating a student in order to determine if he or she has the motivation, means, and intent to carry out a proclaimed threat. The assessment is based on the sum of the circumstances known about the student in four major areas. Spike 1 (Personality of the student): Evidence to a student’s personality can come from observing behavior when the student expresses characteristics like, managing with conflicts, disappointments, failures, insults, or other stresses encountered in everyday life, anger, frustration, disappointment, humiliation, sadness, or similar feelings. Spike 2 (Family background): Family background involves patterns of behavior, thinking, beliefs, traditions, roles, customs and values that exist in a family. Spike 3 (Academic History): Academic history involves patterns of behavior, thinking, beliefs, customs, traditions, roles and values that exist in a school’s culture. Spike 4 (Social History): Social history involves patterns of behavior, thinking, beliefs, customs, traditions, and roles that exist in the larger community where students live. Findings Spike 1 (Personality of student): There may be involuntary signs shown by the student about his inclination to violence in his behavior, thoughts or attitudes. The student might often show out frustration and tries to alienate. There is a collection of acts of “injustice” done against him registered in his mind. The student often shows signs of depression such as lethargy, physical fatigue or lack of interest towards any activity performed. He exhibits selfishness and has self-centred thoughts with great inclination towards entertainment filled with violence. He behaves inhumane and has low tolerance levels. Spike 2 (Family Background): The student might have a damaged relationship with parents. He might have easy access to weapons at home, unlimited non-monitored access to the media and internet. Spike 3 (Academic History): The student might have a low tolerance for punishments and bullying at school. He might be with a school having fixed culture with unsupervised computer access. There might little trust with the teachers. Spike 4 (Social History): The student might have companions who have great inclination to violent activities. He might have unlimited access to internet, computer and media. The knowledge of a student and his attitude towards the use of drugs and alcohol too play a vital role. The Intervention Process An effective intervention process by the school would be to manage the threat effectively by taking the following measures: 1. Inform the students and parents of the school policies 2. Appoint a Co-Ordinator for threat assessment 3. Enforcement of law in three levels – low, medium and high – while the intervention at low level would involve interview with the student and parents; the intervention at the medium level involves an investigation and the one at high level ends up with a criminal prosecution. The Future of the Security Industry over the Next Two Decades There has been a lot of debate during the past two years about the future of intrusion prevention. Some have argued that the future of network security lies in intrusion prevention and that intrusion detection is dead. Others have made the case that detection is simply evolving into prevention. But now that prevention technology has had time to evolve, it is clear that enterprises require security that not only combines high-quality detection and prevention, but is more than just a sum of these two parts. Once prevention is added to detection, this combination must progress on its own to become a truly comprehensive internal network security solution. You cannot prevent an attack if you do not first detect it, so the detection of attacks, anomalies and policy violations are the foundation of intrusion prevention. As detection becomes more critical to internal network security policy enforcement, intrusion prevention will drive the need for continuous improvement in the quality of detection, as well as the quality of policy enforcement management. The result will be that enterprises have much greater control over the security policy and risks within defined segments of their networks. The debate is no longer about which technology will prevail but rather how it will evolve. The future of intrusion prevention is not simply in the speed and sophistication of new hardware. Instead, the future lies in the security content and expertise that enterprises must demand from vendors, both in the design of the products and in the security intelligence fed into the products in real time. The evolution of intrusion prevention is shifting the focus to making smarter and more effective products that provide the knowledge to make correct decisions. IT administrators cannot afford a product that makes unnecessary mistakes. The knowledge behind the box is just as important as the product itself, so vendors must develop and be able to provide the security intelligence that is critical to making intrusion prevention a success. If security intelligence is incorporated into a sophisticated product, intrusion prevention will undoubtedly become a key component of the security architecture, just as firewall and antivirus are today. “As the internet and technological advances continue to reshape the way we do business in government and industry, and as competition and economic pressures create quicker and more efficient ways to do business, the reality of increased economic crimes has a serious impact” (Nasheri, 2005). Not all enterprises have the security expertise or, in some cases, the personnel required for security coverage 24 hours a day, seven days a week. Intrusion prevention puts control back in the hands of administrators, and as it evolves will allow even more flexibility and control. When taken to the next level, it can also restore confidence that the enterprise is protected. This next level of security will not come from speed or fancy hardware, but will require rich security intelligence. Security vendors must become partner in protecting the enterprise by providing regular security updates and early warning threat notification. This security intelligence, combined with technology, will allow security policies to dynamically modify the threat defense landscape and guard against the latest vulnerabilities before exploit code can potentially cause harm. In the past, using intrusion detection alone was like driving with blinders on – it only allowed administrators to see a narrow segment of what was happening in the network. With intrusion prevention, the blinders have come off a little. And in the future, the blinders can be removed even more by having the knowledge of whats going on not just in your network, but also on the Internet as a whole. The more security intelligence enterprises have, the easier it will become for administrators to create policies that activate the proper blocking capabilities at the right time, minimizing disruption to their networks during threat outbreaks. In the next two decades, products will become more sophisticated and more dependent on rich security content and the intelligence going into them. That, in turn, will allow IT managers to develop expectations of the benefits of intrusion prevention and make it a standard part of a secure network. Impact of the convergence of traditional physical security and IT security The most important trend in security today is convergence. Convergence includes the merging of physical and computer security departments, as well as increasing involvement of IT vendors, departments and personnel in the manufacture, purchase and operation of security equipment. Next-generation equipment and software combine the monitoring and management of physical and computer security. Similarly, another goal of convergence is to have employees use only one employee ID to access the premises and equipment. Approximately 39% of businesses worldwide are considering integration of access control and security systems for their premises, according to Access Control Technologies and Market Forecast World Over (2007), Sept. 2005, published by RNCOS. Another important element of convergence is the use of open IT standards to develop comprehensive security systems. The end results of these actions are standardized technology platforms that enable enterprises to eliminate redundant systems, technologies and data. This enables security/IT personnel to solve problems once and take common approaches to threats, be they physical or logical. Convergence also results in the creation of clear responsibilities for handling security threats and promotes close cooperation amongst all IT and physical security professionals working together. “Technical systems for performing work through social interactions of workers quickly evolved, and the term socio-technical systems came into use to describe the merger” (Fayo, 2001). While convergence helps to streamline security systems, processes and procedures, the tasks at hand for ensuring security continue to grow in complexity and expense. Fortunately, IT staffs that have been watching over non-physical IT/IP-based assets for many years can manage new IT/IP-based security systems. As convergence unfolds, security and IT staff can team together to perform activities such as identity management, investigations, and infrastructure. The enterprise enjoys the cost savings this provides. In addition to meeting their own security needs, converged systems enable companies to meet security requirements being shaped by the worlds political climate and legislation such as HIPAA, GLBA and Sarbanes-Oxley. Top executives and boards of directors are under great pressure to maintain a secure workplace and ensure that their companies are meeting legislative demands. Role of Al-Qaeda Al-Qaeda still exists as a terrorist structure differentiated from other groups in the global neo-Salafi Jihadist movement and it continues to pose a real threat to European societies. This threat may be direct or indirect. It is particularly serious in the case of the United Kingdom, although by no means insignificant for other European Union countries. The most plausible attack, if al-Qaeda itself participates in its planning and execution, would be highly lethal, probably catastrophic and perhaps even involving the use of non-conventional weapons. However, other less spectacular and very lethal incidents is more likely if simply instigated or facilitated by al-Qaeda. In the short and medium term, it will be difficult for state security agencies to successfully thwart all these planned terrorist attacks on European citizens and interests. Indirectly, al-Qaeda has often instigated attacks on European targets by its affiliated groups and organisations or by independent cells whose activities are inspired by the ideas and repertoire of violence promoted by the main figureheads of international terrorism. Of all this there is past evidence as well as recent indications that al-Qaeda continues to pose a serious threat for European institutions and populations. Its leadership, its closest associates and the activists most closely linked to the organisation are still determined to commit a spectacular attack on European soil, which could even include an act of non-conventional terrorism, while they continue to encourage or facilitate the terrorist activities of other groups and organisations related with the global neo-Salafi Jihadist movement. Five years ago, immediately after 9-11, American support for how the Bush Administration was responding to terrorism was nothing short of extraordinary. Today, support has plummeted, and more than a third of Americans believe their government was complicit in the events of that day. In the United States, the bipartisan consensus on Iraq did not survive the uneasy U.S. occupation or the beginning of presidential campaigning in late 2003. U.S. domestic opinion largely supported the initial decision to intervene in Iraq, but may well be turning on other, newer factors. These factors include the lack of evidence that Iraq did in fact have weapons of mass destruction (or was making substantial efforts in that direction), the burden of a U.S. occupation that has cost more funds and human casualties than the Administration publicly anticipated, and the perception that the Bush administration should be giving more attention to a stalling domestic economy with continuing joblessness. As one New York Times columnist characterized it, President Bush has gone quickly from “swagger to stagger” (Dowd, 2003). While the majority of Americans wish for multilateral support, we should recognize that the word multilateral has a unique connotation in today’s United States. U.S. multilateralism post-9/11 seems chiefly to refer to a means or process. Multilateralism in these terms is not a meeting of minds. It is a process of engineering consent, with the ultimate aim of assuring a U.S. audience that its executive is not acting alone or in defiance of the common wisdom of the international community. Thus, in the run-up to U.S. action in Iraq, the Bush administration stressed the number of states, big and small, near and far, that supported its decision, even if they made no substantial contribution (Dowd, 2003). References Brewer, D. 2000. Risk Assessment Models and Evolving Approaches, Gamma Secure Systems, p.22. Dowd, Maureen. 2003. “Bush, from Swagger to Stagger,” New York Times, p.8-9. Fayo, John. 2001. Contemporary Security Management, Butterworth-Heinemann College, 1st ed, p.6. Nasheri, Hadieh. 2005. Economic Espionage and Industrial Spying, Cambridge: England, Cambridge University Press, p.1. Hancock, B. 1998. Steps to a successful creation of a corporate threat management plan, Computer Fraud & Security, (7): 16-18. Katzke. 1988. A government perspective on risk management of automated information systems, Computer Security Risk Management Model Builders Workshop, Denver Colorado. Nosworthy, J. 2000. A Practical Risk Analysis Approach: managing BCM risk, Computers & Security, 19(7): 596-614. Neumann P. 1995. Computer Related risks, New York, Addison-Wesley, pp.23-29. Reid R., Floyd S. (2001). Extending the Risk Analysis Model to Include Market-Insurance, Computers & Security, 20(4): 331-339. Smith M. 1993. Commonsense Computer Security: your practical guide to information protection, London, McGraw-Hill. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Risk Analysis and Threat Assessment Term Paper, n.d.)
The Risk Analysis and Threat Assessment Term Paper. Retrieved from https://studentshare.org/technology/1708504-i-need-four-2-page-papers
(The Risk Analysis and Threat Assessment Term Paper)
The Risk Analysis and Threat Assessment Term Paper. https://studentshare.org/technology/1708504-i-need-four-2-page-papers.
“The Risk Analysis and Threat Assessment Term Paper”. https://studentshare.org/technology/1708504-i-need-four-2-page-papers.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Risk Analysis and Threat Assessment

HUMAN TOXIC THREAT RISK ASSESSMENT

om has an argument that food and drink additives have many advantages which include improving its natural color and nutritional value, adding flavor to the food or drink, increasing its shelf life and, by keeping the food or drink in question fresh, reduces the risk of food poisoning (Monosson 42).... Name Professor Course Date Human Toxic Threat Risk assessment Threat Selection Most of the manufactured foods and drinks contain additives either meant to preserve them longer than they would last in their natural form or to alter the way they taste....
5 Pages (1250 words) Essay

Security findemental (contract security guard service selection exercise)

The most vulnerable employees to the risk factors are those working in the public setting, including those working late at night or in the early morning hours, in small groups, in uncontrolled access environments open to other employees and the public, and other areas of previous concern that include the community and workplace settings (Hess 262).... The most viable solution is worksite analysis, with mangers and supervisors being familiar with the temporary and permanent worksites of employees to enable sound decision-making options....
4 Pages (1000 words) Essay

Risk Assessment for Effective Physical Security

The paper "Risk assessment for Effective Physical Security" justifies the point physical security threats are as detrimental to an organization as non-physical attacks.... It is imperative that risk assessment be conducted on the various security measures that can be undertaken.... This paper will analyze the importance of physical security measures then the critical considerations used for physical security risk assessment in order to institute an effective physical security system....
8 Pages (2000 words) Essay

Emergency preparedness

This is done by security personnel who look at a threat, vulnerability, and consequences of a suspected risk (Threat/Vulnerability Assessments and risk analysis, n.... Top of FormBibliography:Threat/Vulnerability Assessments and risk analysis.... Risk and vulnerability assessment is the process of investigating whether or not there is a risk or threat that poses danger to a specific institution.... Prioritizing and taking these measures… I would say that trauma services in institutions can better prepare and be more effective when Disaster strikes by having a weekly or if possible daily training which would involve possible scenarios so Emergency Preparedness risk, psychology and sociology of emergency preparedness are important issues of today....
1 Pages (250 words) Assignment

Article Review: Assessing and Managing the Terrorist Threat

This is through the use of monograph whose core aspects in the quest of addressing risk management include threat, vulnerability, and criticality assessment.... Hence, aligning with this article author's suggestion that the entire US law enforcement agencies as well as security entail both risk-assessment and management capacity.... Presently, according to Leson's article risk assessment has emerged as the new activity though its... However, in the article “Assessing and Managing the Terrorism threat” Leson highlights significant changes that characterize law enforcement operations since then to date, for instance, increased sharing of intelligence information among key security levels....
4 Pages (1000 words) Essay

Determination of the Best Candidate for the Proposed Brownfield Project

This property has only the Phase I assessment completed, on October 10th, 2008.... The SWOT analysis is an assessment technique that identifies the positives and negatives in the inside of a project and the outside in the external environment.... hellip; In almost all the communities in America, former fueling and gas stations, auto repair and service shops are a threat to the environment and pose a potential danger to human and animal health in the neighborhood due to oil, gas and other chemical compound contaminations....
8 Pages (2000 words) Assignment

The Main Concerns of the Risk Management

According to this assignment, three methodologies that are useful in risk assessment/management are the Maritime Security risk analysis Model, Operational Risk Management, and CARVER, which is Criticality, Accessibility, Recoverability, Vulnerability, Effect, and Recognizability.... The MSRAM generally aligns with the criteria established by DHS for risk assessment.... nbsp;… Each of these has advantages and disadvantages, but the most common problem is that they are aligned in terms of the specific operation that they were designed for, and not necessarily for more broad perspective with the exception of the Operational risk Management methodology....
11 Pages (2750 words) Assignment

Risk Management as an Essential Part of Project Planning

The main reason why the risk management function does not seem to work is that there are very many variables to be considered, most of which are beyond the capacity of the risk managers.... the risk assessment process presents information system managers with information on different courses of action.... When this happens, it is considered to be a sign of breakdown on the part of the risk managers (Senn 1998 p.... In order to determine why risk management often ends up in failure, it is important for attention to be put on both qualitative and quantitative risk assessment methods....
10 Pages (2500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us