Description
As cybersecurity professionals, we are called upon to conduct risk assessments and identify and evaluate vulnerabilities, threats, and gaps in our organization’s cybersecurity posture. Therefore, it is essential to establish the context for a risk framework and risk process.
Prior to beginning this assignment, view the video “4-1 Introduction to Topic 4,” located in the topic Resources.
Using your company from Topic 1, establish a risk management framework using industry standards for compliance.
Part 1
Refer to the “CYB-535 Risk Management Framework Guide,” and create a risk management framework. Be sure to address the following:
Conduct a risk assessment and evaluate vulnerabilities, threats, and gaps in your organization’s infrastructure to identify appropriate security measures to reduce risks’ impact on business processes.
Evaluate and categorize risk with respect to technology, individuals, and the enterprise, recommending appropriate responses.
- Identify vulnerabilities and risks to an organization’s critical infrastructure.
- Explain risk transference, avoidance, acceptance, and mitigation.
- Describe the communication of risk to the board of directors, C-level management, and other stakeholders.
- Part 2
- Refer to “An Overview of Threat and Risk Assessment,” located in the topic Resources. In 500–750 words, discuss various risk assessment models, methodologies, and processes that can be used to perform a risk assessment of a particular system. Address the following:
Describe how risk relates to a system security policy.
Describe various risk measurement evaluation methodologies.
Demonstrate data-driven analysis to predict trends of IT strategies to meet business objectives.
- Compare the advantages and disadvantages of various risk assessment/analysis methodologies.
- Explain how one would select the optimal methodology based on needs, advantages, and disadvantages.
- Define and contrast the economics of the four-risk mitigation strategies: acceptance, avoidance, reduction, and transference.