Evaluate Importance Of The Organizations Asserts

Published Date: 02 Nov 2017

The purpose of this step is to describe the overall system of Yummy Good Treats. Analyze assets that required reliable protection. In this phase chief security officer and project manager is involved that will concentrate on specific rules and regulations by involving funds.

Identify asserts for evaluation:-

In this phase management is responsible for identifying specific asserts that are involved in this process. It is related to classification of asserts in the Yummy Good Treats such as, Information asserts, functional asserts, system asserts. In this step DFD is used to identify threads and related mitigation strategies.

Evaluate Importance of the organization’s asserts:-

In this step importance of asserts is focused that are related to business operation. The threats and vulnerabilities and their impact is discussed and senior management concentrate on risk reduction plan. Data classification procedures and classification controls for Yummy Good Treats were discussed from the point of view of certain security implementation.

Identification of threads and vulnerabilities:-

In this phase security team member are involved that will concentrate on technology tools that are used to identify vulnerabilities. It includes vulnerability scanners, penetration testing and checklists. Threads will be identified and estimated based on the available data and expert judgment of knowledgeable individuals. Common threads vectors will be discussed e.g. malicious code, outsider attack over the internet, telephone, insider attack from within the organization, LAN etc.

Developing risk profile:-

The information security staff, sale support and operations team are responsible for developing risk profile in Yummy Good Treats. Although risk can be avoid through mitigation technique but it cannot be avoided. In this profile do analysis of risk and giving them rank from the point of view of its impact on the organization. Normally it involves matrix that represents vulnerabilities of the organization, threads sources can involved and the risk of the exposure areas. This profile will used to represents likelihood level of thread source in the shape of high, medium and low. This profile is also provides loss impact in terms of CIA (Confidentiality, Integrity, Avaliablity) by involving magnitude of impact. Risk-level Matrix is formed by involving assigned rating for threads likelihood and magnitude of impact value. Risk levels are used to represent risk level e.g. high, medium, and low. By keeping view of risk level certain mitigation actions must be followed. High level needs a strong corrective measure; medium requires a certain plan to incorporate these actions, low risk is involved requirements needs if cost of corrective measures is greater than risk then it will be avoided and will be accepted. At the end the comparison of risk profile with the baseline security profile is involved. If the outcome of risk profile comes in the shape of acceptable levels of risk then reliability is achieved. Deviations from the base line security are noted by the project manager and needs risk reduction plan.

Determine risk reduction plan:-

It involves focused existing countermeasures, certain safeguard (risk mitigation, risk acceptance, risk transfer) should be focused. The risk reduction recommendation falls into following categories.

Preventive safeguard ii. Mitigation safeguard

Detective safeguards IV. Recovery safeguards.

The project manager followed these recommendations to senior management in order to take preventive step. Senior management is responsible for taking further step by involving cost of the plan and apparent value of risk reduction in order to focus on organization goals.

Detailed overview of 2 steps:-

Identifying Assets for Review:-

Who will be involved:

Answer: - In Yummy Good Treats chief security officer is responsible for identifying the assets to the risk assessment team. The chief security officer will work with project manager in this phase.

What will they do?

Answer:- The chief security officer and project manager are responsible for identifying asserts and their value central to the business operations.

Database server, web server

Windows based operating system using in the organization

Windows based services running on the systems

Hardware, software, networking, and applications.

Project manager do interview with Sales Support and Operations team and business manager and these assets are collected via documentation review.

What are the expected outcomes?

Answer:- By using this step the expected , Information asserts, functional asserts, system asserts of the organizations are achieved. It defines dependencies of tracking based application on database server and web server. Defining vulnerabilities and possible security issues to given assets. Potentials shock to business if critical assets are unavailable for business.

What will be done based on the outcomes?

Answer: - The online tracking system is an web based applications so above mentioned outcome is very important for the flow of business. Since client is interactive with the application from untrusted zone so chance of hacking will be accrued if the above mentioned asserts are not being secured by implementing security measures. So the organizations will implements certain security plan and policy for these assets in order to avoid from potential loss.

Why is this step important in the risk assessment?

Answer: - This step is very impornatant from the point of view of business over all data flow. If the above mentioned assests are secured properly then bossiness application will be able to work properly. This step highlights all important assests of the business.

Identification of threads and vulnerabilities:-

Who will be involved?

Answer: - In this step the project manager is identify threads and vulnerabilities with the staff members that are expertise in security for hardware, software, networking, and applications.

What will they do?

Answer:- The staff members have knowledge and experience with technology tools that will be used to identify threads and vulnerabilities to online tracking system. Vulnerability scanners, penetrating testing and checklists are used for this process. These are used to Detect unauthorized hosts

Detect unauthorized services

Identify common vulnerabilities

What are the expected outcomes?

Answer:- Identify threats that could harm and, thus, adversely affect critical operations and assets. Estimate the likelihood that such threats will materialize based on available data and judgment of knowledgeable individuals.

What will be done based on the outcomes?

Answer:- The outcomes gives valuable data for insuring security measures. BY identifying these vulnerabilities and threads malicious code, Outsider attack over the Internet, Outsider attack over the telephone, Insider attack over the LAN, Insider attack on the local system can be detected. These provide implementation of defense mechanism.

Why is this step important in the risk assessment?

Answer:- This step is very important from the view point of risk assessment because vulnerabilities and threads cannot be ignored. So these tools provide mechanism to detect these vulnerabilities and threads. BY implementing certain business plans and security the online tracking application can be work properly and efficiently in an organized, compact and secure manner.