PART I 1. How should threat identification be performed within an ...

  1. Home
  2. Homework Library
  3. Law
  4. Criminal Justice
  5. PART I 1. How should threat identification be performed within an ...

QuestionQuestion

PART I
1. How should threat identification be performed within an organization, should every threat be planned for. Why or why not?

2. Which is more important to the information asset classification scheme: that it be comprehensive or that it be mutually exclusive? In your opinion why?

3. What types of organizations might gain a competitive advantage by focusing on information security? Why?

4. What is competitive advantage? How has it changed in the years since the IT industry began? What is competitive disadvantage? Why has it emerged as a factor? Provide an example.

PART II
1. Using the web, search for at least 3 tools to automate risk assessment. Collect information on the tools. What do they cost? What features do they provide? What are the advantages and disadvantages of each one? Provide the link to each that you have evaluated.

2. Complete Exercise #1 on page 319. You can use an Excel spreadsheet to do this.

Solution PreviewSolution Preview

These solutions may offer step-by-step problem-solving explanations or good writing examples that include modern styles of formatting and construction of bibliographies out of text citations and references. Students may use these solutions for personal skill-building and practice. Unethical use is strictly forbidden.

Information Security

1. How should threat identification be performed within an organization, should every threat be planned for. Why or why not?

Threat identification should be performed systematically within an organization. The goal of threat identification is to establish vulnerabilities within the IT system resulting from insufficient security controls (Gupta & Sharma, 2010). When an organization is performing threat identification, all the team members should all be involved. The process must also be well-documented and recorded. The team should have the skills, knowledge, and expertise needed to identify possible threats and vulnerabilities (Whitman & Mattord, 2010). As part of threat identification, the team should establish threat sources and include them during risk assessment (Virtue & Rainey, 2015). It must not be repeated during an individual risk assessment when information is classified as a threat during the identification process. After the threats are identified, they are classified in terms of high, medium, and low impact. Risks classified as high likelihood and high impact have high occurrence rates, and necessary measures must be put into place.

Threats are either planned or unplanned. In most cases, security threats are scheduled because organizations undertake risk assessments early in advance and point out possible security threats. Therefore, security threats are planned because organizations, when identifying threats, take preemptive actions early in advance.

2. Which is more important to the information asset classification scheme: that it be comprehensive or that it be mutually exclusive? In your opinion why?

Information Asset classification entails the categorization of information using a level of sensitivity. A comprehensive is more critical than mutually exclusive to the information asset...

By purchasing this solution you'll be able to access the following files:
Solution1.docx, Solution2.docx and Solution3.xlsx.

$38.00
for this solution

or FREE if you
register a new account!

PayPal, G Pay, ApplePay, Amazon Pay, and all major credit cards accepted.

Find A Tutor

View available Criminal Justice Tutors

Get College Homework Help.

Are you sure you don't want to upload any files?

Fast tutor response requires as much info as possible.

Decision:
Upload a file
Continue without uploading

SUBMIT YOUR HOMEWORK
We couldn't find that subject.
Please select the best match from the list below.

We'll send you an email right away. If it's not in your inbox, check your spam folder.

  • 1
  • 2
  • 3
Live Chats