Computer Security: Principles and Practice (4th) Ch. 14 Security Management & Risk Assesment Question with complete solution 2023

Computer Security: Principles and Practice (4th) Ch. 14 Security Management & Risk Assesment Question with complete solution 2023Asset A system resource or capability of value to its owner that requires protection. Consequence A Risk Analysis specification that indicates the impact on the organization should a particular threat actually eventuate. Control A management, operational, and technical process and procedure that act to reduce the exposure of the organization to some risk by reducing the ability of a threat source to exploit some vulnerability. IT security management The formal process used to develop and maintain appropriate levels of computer security for an organization's asset, by preserving their confidentiality, integrity, availability, authenticity, and reliability. Level of risk A Risk Analysis metric that is typically determined after likelihood and consequence of each threat have been identified, and is given values (e.g. insignificant, minor, moderate, major, catastrophic, & doomsday) that details the risk the risk level assigned to each combination. Likelihood A Risk Analysis metric that quantifies the likelihood that an identified threat could occur and cause harm to some asset. Organizational security policy A document that provides a clear overview of how an organization's IT infrastructure supports its overall business objectives in general, and more specifically, what security requirements must be provided in order to do this most effectively. Threat A potential for a threat source to exploit a vulnerability in some asset, which if it occurs may compromise the security of the asset and cause harm to the asset's owner. Vulnerability A flaw or weakness in an asset's design, implementation, or operation and management that could be exploited by some threat. Risk The potential for loss computed as the combination of the likelihood that a given threat exploits some vulnerability to an asset, and the magnitude of harmful consequence that results to the asset's owner. Risk Appetite The level of risk the organization views as acceptable. risk assessment A process that identifies what assets require protection, and helps determine what management, operational, or technical controls are needed to reduce identified risks. Fundamental three questions of IT security management and risk assessment 1) What assets do we need to protect? 2) How are those assets threatened? 3) What can we do to counter those threats?