Question

What are the definitions of a (security) risk assessment in the textbook and in Appendix B...

  1. What are the definitions of a (security) risk assessment in the textbook and in Appendix B of NIST SP 800-53a? Which definition do you prefer? Why?
  1. What is a security control? Give two examples of a security control.
  1. List the primary benefits of a security risk assessment. Which one do you think is the most important? Why?
  1. If security spending is not based on a security risk assessment, how are spending priorities typically determined?
  1. Why are security controls assessed?
  2. How do the guidelines provided in NIST SP 800-53A help achieve more secure information systems?
0 0
Add a comment Improve this question Transcribed image text
Answer #1

As it is Chegg policy to answer one question per answer. Hence, I am answering the first question and request you to post the rest of the question as individual questions. Thank you.

What are the definitions of a (security) risk assessment in the textbook and in Appendix B of NIST SP 800-53a? Which definition do you prefer? Why?

The definition of the risk assessment according to the NIST is as follows:

  • Risk assessment is one of the most fundamental components of organizational risk management processes. They are also used for identifying, estimating and prioritizing risks to the organizational operations, assets, individuals or any other organization which will be resulting from the operation and use of the information systems.
  • I prefer this definition as it provides the perfect purpose of why we are using risks assessments in our daily routine of security checks and what are the risk responses that must be taken care of.
  • It also clears the purpose of risk assessments for various purposes like:
    • finding vulnerabilities
    • identifying relevant threats for the organization
    • impact of the threats on the organization

Hence, this is the main reason why I prefer this definition of the risk assessment

Add a comment
Know the answer?
Add Answer to:
What are the definitions of a (security) risk assessment in the textbook and in Appendix B...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control...

    Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...

  • This week's topic, information security policies, is perhaps the most important topic that a Business major...

    This week's topic, information security policies, is perhaps the most important topic that a Business major can take from this course. This is the governance layer that lays the bedrock for your organization's security posture. Sure, the technical folks are responsible for executing on that policy but this is where the leaders of a business get together, reach agreement, at times do a sanity check on what is enforceable in the organization, and draft the rules that will make sure...

  • -Epidemiologic Analysis of Populations at Risk NURS 6020 ative Assessment- Ratio Worksheet nd the...

    i just need a detail answer to the math questions -Epidemiologic Analysis of Populations at Risk NURS 6020 ative Assessment- Ratio Worksheet nd the professor wonders whether using zinc spray on a regular basis m Update: More students keep getting sick a be correlated with the likelihood of havinB students with the outcome (let's call them use zinc spray on a regular basis ks cold, rather than whether the students have young children. She as cases) and 15 students without...

  • CHapter 8 from 978-0-13-408504-3 (Security in Computing 5th Edition) 1. Explain the differences between public, private,...

    CHapter 8 from 978-0-13-408504-3 (Security in Computing 5th Edition) 1. Explain the differences between public, private, and community clouds. What are some of the factors to consider when choosing which of the three to use? 2. How do cloud threats differ from traditional threats? Against what threats are cloud services typically more effective than local ones? 3. You are opening an online store in a cloud environment. What are three security controls you might use to protect customers’ credit card...

  • The discussion: 150 -200 words. Auditing We know that computer security audits are important in business....

    The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • Explain what enterprise resource planning (ERP) systems. Outline several of their key characteristics. Describe in reasonable...

    Explain what enterprise resource planning (ERP) systems. Outline several of their key characteristics. Describe in reasonable detail how a company leverages an ERP system and how its operations are improved after installing an ERP system like SAP. Explain how a supply chain management system helps an organization make its operations more efficient What is Upstream and Downstream management of the supply chain? Explain the concept of “Supply Network”, its benefits, and how technology made this concept available Explain the difference...

  • FISCAL POLICY IN THEORY: March, 2020: we are on the verge of Congress and the President...

    FISCAL POLICY IN THEORY: March, 2020: we are on the verge of Congress and the President passing legislation that will empower the federal government to spend an unprecedented amount of EXTRA money not seen since World War 2 ---- in order to address the pandemic but also to help cushion the blow financially of perhaps ten or twenty million Americans --- or more --- losing their jobs, and thus suffering a drop in income. The scale of the 2020 recession...

  • 1) Discuss the company's top risks? 2) Discuss whether the company treats risk reactively or proactively?...

    1) Discuss the company's top risks? 2) Discuss whether the company treats risk reactively or proactively? 3) Do you observe a lack of understanding of potential exposures? 4) Does the company focus on internal risks or external risks? 5) Do you think the company is well prepared to respond to potential risks? Orange County he t die Following the debocie Orange County o dmorych of control procedures and financial gove nonce and d e setof o n policies December 1994...

  • 23. What is the total net amount of capital gain reported on Form 1040? OA. $308...

    23. What is the total net amount of capital gain reported on Form 1040? OA. $308 OB. $2,411 C. $2,719 OD. $2,900 Advanced Scenario 7: Mark and Barbara Matthews Directions Using the tax software, complete the tax return, including Form 1040 and all appropri- ate forms, schedules, or worksheets. Answer the questions following the scenario. Note: When entering Social Security numbers (SSNs) or Employer Identification Numbers (EINS), replace the Xs as directed, or with any four digits of your choice....

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT