Prioritizing Risks and Threats

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

42 Managing Network Vulnerability Assessment

– Safeguard/control. Protect against this intrusion by ensuring that

modems are protected from brute-force attacks. Place these modems

behind ﬁrewalls, make use of one-time passwords, or have these

modems disabled.

 Trojan horses. Hackers will install “backdoor” or “Trojan horse” programs

on business computer systems, allowing for unrestricted access to internal

systems, which will bypass security monitoring and auditing policies.

– Safeguard/control. Conduct regular security analysis audits to identify

potential security vulnerabilities and security exposures.

 Threats to personal privacy. The accumulation of vast amounts of electronic

information about individuals by the government, credit bureaus, and

private companies, combined with the ability of computers to monitor,

process, aggregate, and record information about individuals, have created

a very real threat to individual privacy. The possibility that all this infor-

mation and technology could be linked together has loomed as a specter

of the modern information age. This phenomenon is known as “big

brother.”

Prioritizing Risks and Threats

Once the possible threats have been identiﬁed, it is necessary to prioritize

those risks so that the NVA can focus on those of highest concern. To

accomplish this task as quickly as possible, it is necessary to assemble a team

of interested employees. This team will determine the probability that the

identiﬁed risk might occur and what its impact would be if it did occur.

It is necessary to deﬁne what probability and impact mean so that the

team can use common criteria for assessment. Over the past ten years, the

following deﬁnitions have become a mainstay in the risk analysis process that

we use. These terms have been adopted and modiﬁed to meet each organi-

zation’s speciﬁc needs. You will have to do the same. Use the nine-box square

shown in Exhibit 2 to help establish the priority.

The deﬁnitions of probability and impact are as follows:

 Impact: a measure of the magnitude of loss or harm on the value of an asset

– Low impact: when the business objective or mission of enterprise is

not signiﬁcantly affected

– Medium impact: when the event is limited to a business objective or

a business unit is affected

– High impact: when the entire business or mission of the enterprise is

affected

 Probability: the chance that an event will occur or that a speciﬁc loss value

will be incurred should the event occur

– Low probability: highly unlikely that the risk will occur during the next

year

– Medium probability: possible that the risk will occur during the next year

– High probability: very likely that the risk will occur within the next year

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Prioritizing Risks and Threats

Create new playlist

Sign In

Sign Up

Table of Contents for
Prioritizing Risks and Threats