1) Using the Web, search for at least three tools to automate risk assessment. C

Question

1) Using the Web, search for at least three tools to automate risk assessment. Collect information on automated risk assessment tools. What do they cost? What features do they provide? What are the advantages and disadvantages of each one? Write a one paragraph summary for each.

2) Using the list and tables of threats to information security presented in this chapter (pages 278-295), identify and describe two instances of each threat not previously mentioned in the chapter. Tell why these threats may have not been listed in the text. Write one paragraph for each threat.

Explanation / Answer

The following toold are used to automate risk assessment so that risks can be found at an early stage before they can any further damage:

1.SISA assistant:It si used to generate 80% of the risk assessment in less than 5 minutes using the various risk scenarios,vulnerabilities and mitigation measures.It is simple and cost effective.The biggest advantage is that it can do risk assessment of various types includng.– PCI, ISO 27001, HIPAA, FFIEC, SSAE 16, application security, mobile security.It improves credibility of risk assessment as risks are found in a short time and they can be mitigated immediately as soon as they are found.

2.RiskWatch for Information Systems & ISO 17799 :It is one the leading risk analysis package which performs automated risk analysis which involves the assessments of data centers,applications programs,networks,The results of the risk analysis are available in the form of reports,tables,bars,pie charts and this is the biggest advantage as the user can understand them and can get rid off the risk immediately by judging these reports.It is entirely customzable by the user.. Users can also automatically import questions and data created by other users into their analysis.

3.Regulatory Controls Compliance System (Preventsys):This is another automated solution present in the companies to translate their own paper bases-regulatory controls to auditable rules to emasure the information technology security risk and automate compliance reporting across the IT infrastructure.This helps the companies to get rid off risks.

2.The various information security threats are:

A)cyber criminals :They can perform man in the middle attacks by accessing an email or data that is being transmitted from sender to receiever and the misuse the informationFor example while payments they can come between the useraccount to the bankaccount and can access money and misuse all the money if the banking is not secure.This can lead to loss of information.

B)Malware mercenaries

There are programmers and certain companies who only program malware in order to gain unauthorised access intot he system.For example if a person open an email his computer will have malware and this can spread to the computer and can lead to hackers accessing the computer of the person who has opened the email along with his information and that can pose a trheat to his privacy.

These threats are not mentioned as a large number of threats are increasing day by day .It is impossible to cover them in our books.Only the important ones have been discussed.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.