computer Science DoS to Amazon Web
computer Science DoS to Amazon Web
Introduction to Risk
computer Science DoS to Amazon Web: Individuals, businesses and governments face risk daily. Risk is manifested in different forms and may be described as business, non-business, or financial. Irrespective of the type of risk, it’s important to remember the basic goals of security – to maintain confidentiality and integrity, while also ensuring the availability of data and systems. Organizations and governments usually employ different approaches to mitigating risks, but with a good understanding and consideration for risk elements including (i) vulnerabilities, (ii) threats & threat agents, (iii) impact, and (iv) likelihood. Other considerations include an organization or government’s appetite for risk, business goals, as well as internal and external drivers (laws, regulations, and standards). Proven strategies to deal with risk employ an enterprise risk management approach, and also rely on risk management frameworks including but not limited to: NIST’s risk management framework, ISACA’s risk IT framework, and COBIT 2019.
Overview
Follow these directions to complete the assignment: Identify a cybersecurity-related attack: Using scholarly sources and/or the web, research, identify, and share an example of a cybersecurity-related attack. Examples may include cyber warfare such as “Stuxnet” or the “Equifax” data breach. Feel free to use any of these. Once you’ve decided on the example you will share, “claim” it by posting it to the discussion. Do not post about the same type of attack as your classmates. Create your post: In a discussion post of approximately 600 to 800 words, explain risk and risk elements related to this attack, including a synopsis, attack type, characteristics, vulnerabilities, threats & threat agents, impact, and likelihood of this attack. You may need to make some assumptions as you write about the risk elements. Clearly state any assumptions that you make. Do not offer a potential solution to the attack;
computer Science DoS to Amazon Web
Action Items
- Complete all of the reading for this module.
- Claim the cybersecurity-related attack you intend to discuss by posting it to the discussion.
- Create your discussion post according to the directions in the overview.
CHAPTER 1
Risk Concepts
In this chapter, you will:
• Review basic security concepts
• Learn about standards, frameworks, and best practices related to risk identification, assessment, and evaluation
• Learn to describe how business goals, information criteria, and organizational structures affect risk
• Determine how information systems architecture presents risk to the organization
• Learn about risk ownership and awareness
• Recognize legal, regulatory, and contractual requirements for risk management within the organization
This chapter will review a large portion of Certified in Risk and Information Systems Control (CRISC) Domain 1: Risk Identification with coverage of fundamental information security and risk management concepts. We’ll cover a good deal of the terminology associated with risk management and many of the core concepts you’ll need to be familiar with for the exam, but we will go into more depth on many of these concepts in later chapters.
The CRISC exam topics that we cover in this chapter are as follows and include the following domain objectives and knowledge statements:
• 1.6 Identify risk appetite and tolerance defined by senior leadership and key stakeholders to ensure alignment with business objectives
• 1.7 Collaborate in the development of a risk awareness program, and conduct training to ensure that stakeholders understand risk and to promote a risk-aware culture
NOTE Throughout the book, the task and knowledge statements are listed in the order they are described in the CRISC Job Practice areas, not necessarily how they are presented in the chapter.
Basic Security Concepts
To successfully sit for the CRISC exam, you should be familiar with some basic security concepts. You can’t be expected to know how to manage risk in a security environment if you don’t understand the basics of security. We’ll assume you have some level of experience already as a security professional since risk management is a significant portion of (and a logical career progression from) the information security profession. You may also have had some level of experience in specific risk management processes during your career. As such, we won’t go into detail on the basic security concepts in the upcoming sections; this chapter will just serve as a quick refresher to remind you of certain security concepts.
The CRISC exam is not a technical exam; it is more of a process- and management-oriented exam, so we won’t delve into firewall configuration rules, protocol filtering, encryption, or any of the other fun stuff that security professionals do. We will, however, discuss a couple of other security concepts that are important to know for the exam since risk affects all of these concepts in different ways.
Goals of Information Security
Traditional security doctrine, as well as fundamental security knowledge you may learn from various training courses and on-the-job experience over the years, teaches that there are three fundamental security goals. These goals are what we’re striving for as security professionals; they are confidentiality, integrity, and availability. You’ll sometimes see these three terms strung together as an acronym, such as the CIA triad or, occasionally, as the AIC triad, depending upon the different security literature you read. In any event, these three goals are what you want to achieve for all of your information systems and data. They are also characteristics that you want all of your systems, processes, procedures, methods, and technologies to have. We will discuss these three items in the next few sections and why they are important to the security profession. We’ll also briefly describe some of the risks associated with these three goals.
