Chat with us, powered by LiveChat ISSC661 All Forums Latest 2017 January | acewriters

ISSC661 Week 1 Forum Latest 2017 JanuaryDefine the purpose of a Risk Analysis, discuss the role of an asset inventory, the creation of an asset baseline, and describe how you, as an information security professional, would determine the type(s) of Security Risk Assessment(s) an organization would require, how those assessments might be structured, and why the selected assessments are useful to achieving organizational information security objectives (e.g. gap assessment, compliance audit, security audit, vulnerability scanning, penetration testing, process assessment). Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.ISSC661 Week 2 Forum Latest 2017 JanuaryIdentify and define the considerations required to fully describe a security risk assessment project, identify the preparation steps required for a security risk assessment, lay present five key security metrics that are important to effective security risk assessment activities, and address why each of these components are important to the success of a security risk assessment — why is definition and planning so important to an effective assessment?ISSC661 Week 3 Forum Latest 2017 JanuaryExplain the role of Project Management as it relates to managing Security Assessments; what are the key phases for managing a security assessment, describe each phase, explain how project management supports each phase, identify key information sources that are needed to conduct each phase of the assessment, and identify Project Management tools or documents / plans that are needed to effectively execute a security assessment project.ISSC661 Week 4 Forum Latest 2017 JanuaryIdentify, define and differentiate between administrative, technical and physical security controls (safeguards), give an example of each, explain how to gather data on each control, and discuss the importance of these controls to a security risk assessment — why are they important?ISSC661 Week 5 Forum Latest 2017 JanuaryImagine you are tasked with evaluating the Administrative Processes involved in hiring new employees within your organization. During a Security Risk Assessment, you identify that your organization does not have a policy which requires conducting background checks on applicants for hire. Define a background check’s key components, identify how background checks can address key ‘loss events’, and determine whether or not this is a risk to the overall security of the organization — why or why not is the lack of background checks a liability for the organization, what regulatory issues might surface?ISSC661 Week 6 Forum Latest 2017 JanuaryAssume that your class is the management team of a medium-size business that sells goods to consumers online. You conduct a security assessment, and identify that the information systems are vulnerable to information leakage, and that account and customer information can be stolen; in essence a breach of PII. What controls or safeguards would you recommend implementing to address this situation, how would you select a control based on effectiveness and cost, and, based on your selected control(s), what specific considerations would need to be factored into a high level implementation mitigation plan and why?ISSC661 Week 7 Forum Latest 2017 JanuaryDefine, explain, and provide examples of the difference between a Quantitative and Qualitative Analysis, identify two security metrics for each analytic approach, and select one of the risk assessment methods (e.g., FAA Security Risk Management Process, OCTAVE, FRAP, CRAMM, and NSA IAM) that would effectively employ an approach useful in your current work setting — why would your selected approach be more effective?ISSC661 Week 8 Forum Latest 2017 JanuaryIf you could, which security reporting methodology would you recommend to promote an organizational “security culture” within your present organization to achieve an objective wherein employees and stakeholders are more knowledgeable and proactive about threats to information security?

error: Content is protected !!