I need a minimum of 250 words per post and a minimum of 2 sources per post.
I also need post 1 back in two days.
Post 1: Security Risk Defined
Define the purpose of a Risk Analysis, discuss the role of an asset inventory, the creation of an asset baseline, and describe how you, as an information security professional, would determine the type(s) of Security Risk Assessment(s) an organization would require, how those assessments might be structured, and why the selected assessments are useful to achieving organizational information security objectives (e.g. gap assessment, compliance audit, security audit, vulnerability scanning, penetration testing, process assessment). Provide at least two peer reviewed sources to substantiate your posting.
Post 2: Assessing Security Risk Preps & Metrics
Identify and define the considerations required to fully describe a security risk assessment project, identify the preparation steps required for a security risk assessment, lay present five key security metrics that are important to effective security risk assessment activities, and address why each of these components are important to the success of a security risk assessment — why is definition and planning so important to an effective assessment?
Post 3: Project Phases of a Security Review
Explain the role of Project Management as it relates to managing Security Assessments; what are the key phases for managing a security assessment, describe each phase, explain how project management supports each phase, identify key information sources that are needed to conduct each phase of the assessment, and identify Project Management tools or documents/plans that are needed to effectively execute a security assessment project.
Post 4: Security Controls
Identify, define and differentiate between administrative, technical and physical security controls (safeguards), give an example of each, explain how to gather data on each control, and discuss the importance of these controls to a security risk assessment — why are they important?
Post 5: Security Risk Analysis
Imagine you are tasked with evaluating the Administrative Processes involved in hiring new employees within your organization. During a Security Risk Assessment, you identify that your organization does not have a policy which requires conducting background checks on applicants for hire. Define a background check’s key components, identify how background checks can address key ‘loss events’, and determine whether or not this is a risk to the overall security of the organization — why or why not is the lack of background checks a liability for the organization, what regulatory issues might surface?
Post 6: Security Risk Mitigation
Assume that your class is the management team of a medium-size business that sells goods to consumers online. You conduct a security assessment, and identify that the information systems are vulnerable to information leakage, and that account and customer information can be stolen; in essence a breach of PII. What controls or safeguards would you recommend implementing to address this situation, how would you select a control based on effectiveness and cost, and, based on your selected control(s), what specific considerations would need to be factored into a high level implementation mitigation plan and why?
Post 7: Assessing Security Risk & Metrics
Define, explain, and provide examples of the difference between a Quantitative and Qualitative Analysis, identify two security metrics for each analytic approach, and select one of the risk assessment methods (e.g., FAA Security Risk Management Process, OCTAVE, FRAP, CRAMM, and NSA IAM) that would effectively employ an approach useful in your current work setting — why would your selected approach be more effective?
Post 8: Reporting Security Risks
If you could, which security reporting methodology would you recommend to promote an organizational “security culture” within your present organization to achieve an objective wherein employees and stakeholders are more knowledgeable and proactive about threats to information security?
I need Turnitin report for all posts.