p>The likelihood that a risk will occur is not the only metric in determining what risks to mitigate. The probability of the risk occurring, the
cost and time associated with the risk, and the overall impact to the organization are factors that must be considered.
To prepare for this Discussion, read Chapter 9, “Risk Management for Information Systems Security” from your course textbook Principles of
Information Security.
Think about the following four types of vulnerabilities:
1. Behavioral and attitudinal vulnerabilities
2. Misinterpretations
3. Coding problems
4. Physical vulnerabilities
Consider the IS of a large hospital and provide a specific example of each of the four types of vulnerabilities. Estimate the likelihood and
cost of each risk (as low, medium, or high) and explain your reasoning. If an organization were to try to focus on the vulnerability that would
be the least expensive to address while providing the most reward, which would it be? Why?
• Weekly Resources
During Week 4, you will use a variety of resources, both required and optional, including selections from the course textbook, Principles of
Information Security by Dhillon. The Weekly Schedule (a navigation link under Week 4), outlines the resources you will need to complete the
Discussion, Application Assignments, and the Group Project.
This page contains the Learning Resources for this week. Be sure to scroll down the page to see all of this week’s assigned Learning Resources.
To access select media resources, please use the media player below.
________________________________________
Media
Video: Week 4 Overview
Note: The approximate length of this media piece is 12 minutes.
This video provides an introduction to the week’s resources and assignments.
Accessible player
________________________________________
Reading
Course Text: Principles of Information Systems Security
• Chapter 9, “Risk Management for Information Systems Security”
Chapter 9 discusses how organizations assess risk and attempt to mitigate risk based on the cost and likelihood. Different risk
assessment/mitigation applications, such as I2S2 and COBRA, are discussed. Please pay particular attention when reading this chapter to the 9
steps deemed integral to risk assessment by the U.S. national Institute of Standards and Technology.
________________________________________
Reading
Course Text: Principles of Information Systems Security
• Chapter 10, “Security of Informal Systems in Organizations: An Introduction”
Chapter 10 discusses pragmatics and how organizations can have their security compromised through informal behavior of their employees as might
occur, for instance, if they discuss private customer information where a potential hacker could listen. Please pay particular attention when
reading this chapter to the implications silent messages can have on security.
________________________________________
Web Resource
Cocomo II
Cocomo II is another popular risk assessment/mitigation tool. Like COBRA and I2S2, Cocomo II is used to identify the cost associated with
different risks, though it is not limited solely to security risks. It is also used to determine the length of time and cost a project should
take based on a set of input parameters about the organization, project, and team.
Week 4 Discussion: Risk Assessment
Assessment Rubric
• (4 Points) Exceptional, complete, clear, exceeds performance indicators
• (3 Points) Excellent, complete, meets performance indicators
• (2 Points) Approaching performance indicators, missing some detail, not fully developed
• (1 Point) Developing competence, vague, weak, needs more detail
• (0 Points) Not present
Points Earned
Response to Discussion—The response includes comments related to each part of the Discussion prompt.
Quality of Comments—The content of the posts is substantive and enhanced the quality of the Discussion. The response illustrates a point with
examples, presents new ideas, and asks questions that help further Discussion. The response to peers’ posts is constructive and subject-related.
Insightful Feedback—The response provides insightful feedback to a response that agreed or disagreed with the original post. If the response
disagrees with the post, the response includes a constructive rationale.
Critical Analysis—The post exhibits critical analysis of posted ideas by asking for evidence to support claims, providing evidence to support
claims, and revisiting the Discussion to respond to other responses about the posting.
Form and Style—The post is well-organized and uses grammatically correct complete sentences that are free of spelling errors. The post provides
a correct reference of sources by using page numbers or URLs.
TAKE ADVANTAGE OF OUR PROMOTIONAL DISCOUNT DISPLAYED ON THE WEBSITE AND GET A DISCOUNT FOR YOUR PAPER NOW!
