cyber security risk managment

1. What is the best value that should be assessed when evaluating the worth of an information asset to the organization-replacement cost or lost income while repairing or replacing?

While evaluating excellent value to be used when investigating the information that is significant in describing the assets of an organization, depends on the type of organization and the various types of information assets the firm uses. Furthermore, both aspects are critical depending on what type of job an organization does. For example, a firm may have a company that generates a lot of revenue while in some other business group, the amount of income got depends on the particular asset (Von Solms et al. 100). The assets that are available can also be critical in service delivery. In this scenario, lost income becomes crucial in evaluating the worth of the organization. In other different cases, organizations may be carrying out unique assets that are highly valuable. Some of the items that are highly expensive include machines which their total cost would be more than the cost of their spare parts. The high cost would be because of the unavailability of the tools. In these cases, replacement costs are taken into consideration.

2. What is the likelihood value of a vulnerability that no longer must be considered?

Likelihood has been defined as the prospect that a given susceptibility in a given organization will be attacked successfully. When carrying out a risk assessment, an absolute numeric value is assigned to a given vulnerability. When the vulnerability is stronger, the number that is supposed to be assigned should always be closer to 1.0 and vice versa. Additionally, the vulnerability value that is considered no longer effective should be assigned numbers close to zero because the chances of them bringing any form of harm are zilch (Von Solms et al. 99).

3. In what instances is baselining or benchmarking superior to cost benefit analysis?

Many have defined benchmarking as the criteria of moving to other organizations to gather information about other premises that would help your organization to move forward in the form of development activities. The skills learned from the given firm are directly duplicated into your organization.

Baselining is also related to the concept that is used in benchmarking enabling the management to use the profile or value related to metric performance can be easily compared to performance metric. Furthermore, cost-benefit investigation is defined as the scrutiny of the information important about assets that are supposed to be guided. The information about the losses that are encountered when the same types of assets are compromised by a given vulnerability (Wang et al. 1350). By the use of CBA, a company can determine whether a given asset is worth to be protected. When the value of the commodity has been well known and the total amount estimated, the cost of protecting the asset is determined. When the value of the asset is higher than the total cost of protection, adequate control measures are taken so that the organization can be managed against vulnerabilities and threats that may arise.

Benchmarking and Baselining are viewed as superior to cost-benefit analysis when organizations specifically want information about their firm compared to other competing companies. The information got can be used to determine strategic areas where opportunities can quickly arise instead of only getting the financial value of the organization. The information derived can be critical in determining the acceptance of installing security measures (Amin, 1963).

4. How can we find out what an organization risk appetite is? Why is this important?

The definition of risk appetite has been used to refer to nature and threat when firms are eager to freely assess the tradeoffs that exist among the accessibility that is limited and the perfect security. Every organization views risk from a different perspective. Over time, it has been difficult to get information about the test of risk appetite about an organization unless one speaks to senior members of the team about a given issue. The type of work which an organization does also determine the level of risk appetite. When the work is government sponsored, the test will be tiny while the one owned by an individual, the risk would be very high. Knowing the risk appetite of an organization is crucial because it will be critical in determining the proper security measure to take. The safety measures can put the organization according to the budget, needs and wants of the organization (Amin, 1963).

a) Where should we allocate the limited resources and time to reduce the risk exposures?

b) Which type of risk exposure would require immediate action?

c) Determine the level of risk exposure that would lead to the requirement of a proper answer that will ease the potential of matter effect.

d) Carry out an investigation on events that occurred in the past and ways in which they were managed. Develop at least four NEW questions to provoke thought and discussion. The questions should be neither too open-ended nor too limiting. Simple yes/no questions do not inspire deep conversations. A question can pose a somewhat controversial statement and ask students to prove or disprove it, agree or disagree with it, but always challenge the student to explain or defend his or her perspective.

 

Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.