In this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you
will create a paper-based plan.
You will need to create three security controls in your risk mitigation plan: one control that reduces the
asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your
security controls should also include examples of both strategic and tactical controls. You can refer to
the following table for a clearer picture of the requirements.
Security Control |
Reduces |
Level (strategic/tactical) |
|
Asset value
|
|
|
Vulnerability severity
|
|
|
Threat Impact |
|
Define three security controls designed to mitigate the risk associated with a recent leak of sensitive
information that was stored in cleartext files.
Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You
do not need to perform a management review in this section.
Trending nowThis is a popular solution!
Step by stepSolved in 2 steps
- How do you build a risk model?arrow_forwardWhich of the following steps in the SQUARE process does the following explanation belong to: This step becomes important when there are diverse stakeholders. Group of answer choices Elicit security requirements. Perform risk assessment. Select elicitation technique. Develop artifacts.arrow_forwardPlan for the worst-case scenario. Depending on the nature of the issue, a thorough plan for limiting the effect of the risk might take numerous forms?arrow_forward
- The second phase of threat modeling is to identify technologies and security measures that you are aware of.arrow_forwardHello I need help with this discussion for my Risk Management class. Risk assessment is an inexact science. One of the key factors in evaluating risk and developing a risk mitigation strategy is the tolerance for risk, which can be inexact as well. Read the following ARTICLE (Links to an external site.) and discuss the following questions: 1. What are some of the key factors in determining risk tolerance as it relates to information security? 2. How do you determine IS risk tolerance within an organization? 3. Based on your experience, do you consider your organization (current or prior) to be risk tolerant or risk averse when it comes to information security?arrow_forwardTake into consideration a variety of risk reduction approaches while planning device implementation projects. When it comes to the conceptual design phase, which strategy will be more effective? What do you think the approach is that is utilized to collect data and conduct risk assessments is, exactly?arrow_forward
- Perform a quick risk management analysis on your computer. It is necessary to do asset identification, threat identification, vulnerability assessment, risk assessment, and risk mitigation. Make a list of the elements under each category that pertain to your system. What critical faults did you discover? How might these risks be minimised? What safety precautions have you put in place for your computer? Do you intend to implement the strategy? Why not, if not?arrow_forwardConsider different risk mitigation strategies for system development programs. What type of strategy would work best for the conceptual design phase? what you perceive would be the approach to collect data and perform the risk analysis.arrow_forwardThis part of the project is a continuation of Project Part 1 in which you prepared an RA plan and a risk mitigation plan for Health Network. Senior management at the company has decided to allocate funds for a business impact analysis (BIA). Because of the importance of risk management to the organization, senior management is committed to and supportive of performing a BIA. You have been assigned to develop the BIA plan.arrow_forward
- Create a remediation plan to map vulnerabilities and risks found to appropriate remediation efforts. Provide a recommendation for the fixes and include an explanation of any resources you may need (i.e., funding, expertise, etc.). Use Appendix Q from the Howard textbook to assist you in your solution .arrow_forwardWhat is the difference between a risk appetite statement and just stating that you are prepared to accept risks?arrow_forwardSenior management at Health Network allocated funds to support a risk mitigation plan, and have requested that the risk manager and team create a plan in response to the deliverables produced within the earlier phases of the project. The risk mitigation plan should address the identified threats described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop this new plan.arrow_forward
- Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill EducationStarting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSONDigital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON
- C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSONDatabase Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage LearningProgrammable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education