This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Risk management

Admin 05 Jul 2020

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Risk management

Introduction

Risk management is essential for an organization’s success. It is hard for organizations such as a company to perform exceptionally well without taking risk. If an organization does not manage its risks effectively, it can end up failing. Effective management of threats commences with a deep understanding of threats as well as vulnerabilities faced by the organization.

Studies done on the topic of threat management have indicated that organizations can make substantial saves on their financial resources when threats are detected fast. Threat assessment is important to organizations is important because it enables them to detect threats early enough before they can cause damage to their systems. Therefore, organizations can avert direct financial losses and disruption of their operations. The management of threats is significantly beneficial to organizations because it enhance the cooperation between people, procedures and technology. Through the assessment and management of threats, organizations can swiftly detect threats and respond rapidly.

Vulnerability Assessment Steps

Initial Assessment

During the initial assessment of vulnerability, the assessor should identify the assets of the organization and determine the risk and the each device’s critical value. It is imperative to identify the significance of every device in the network of the organization. Importantly, the assessor should determine the accessibility of the device by the organization’s members. Examples of devices that need to be assessed at this stage include the computers used in the organization’s network. Some of the aspects concerning the devices that should be assessed include risk tolerance, risk treatment and mitigation practices as well as policies of all the devices. Additionally, the assessor should also undertake a business impact analysis.

Defining the Baseline

Secondly, the assessor should collect information about the organization’s systems. This review should take place before the actual assessment. This step involves reviewing devices with open ports, procedures and services that are not supposed to be open. Also, the assessor should identify the drivers and software that are approved. These are the software that ought to be working on individual devices. It is crucial to understand the fundamental configuration of all the devices. For instance, parameter devices are not supposed to have configuration of the username of the default administrator.

The assessor should try to understand, the type of public information which is accessible according to the baseline configuration. It is vital to consider whether the devices transmit logs to a security information and event management (SIEM) and whether there is a central storage repository. The assessor should collect vulnerabilities and information about the platform of the devices. Other important details to consider include the vendor and version.

Performing the Vulnerability Scan

The assessor should apply the appropriate policy based on the scanner for the accomplishment of favourable outcomes. Before initiating the vulnerability scan, the assessor should search for relevant requirements as per the position and nature of the organization’s operations. Imperatively, the assessor should consider the industry of the organization, and whether the scan can be performed wholly or there is need for segmentation. Besides, it is crucial to reconsider vulnerability scan approval. Some of the tools that can be used during vulnerability scan include Firewall scan, Stealth scan and Quick scan.

Continuous Monitoring Program

Continuous monitoring program is one of the steps undertaken during risk management. The purpose of continuous monitoring is to identify the whole array of security controls that are planned and required in the information system for effectiveness regardless of the changes that may take place with the passage of time. Continuous monitoring is vital process in the assessment of planned and anticipated changes on the hardware, firmware, software and operation environment.

Penetration Assessment

Penetration testing is important for the identification and assessment of vulnerabilities that are possible and in ensuring confidential data security. The process is anchored on testing method that is applied in the evaluation of the risks as well as vulnerabilities faced by given network. It effectively identifies the external forces can gain access to, and damage the reputation credibility of the organization’s operations environment.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask