This activity will address module outcomes 1, 2, 3, and 4. Upon completion of this activity, you will be able to:
Identify the need for effective risk management. (CO 1, 4, 5, 6)
Discuss various risk assessment models. (CO 1, 4, 6)
Analyze how leaders and organizations may manage risk differently. (CO 1, 5)
Define the term risk. (CO 4)
Business leaders have discovered over time, that with the increase of sophisticated cyber attacks, they must integrate risk management into daily operations. Many organizations are attempting to manage similar types of risks that other agencies also face, but that is not always the case. It is important to remember that risk and assets are defined by each individual organization. As a result, depending on the business objectives, leaders may adopt different risk assessment methodologies.
Review the following four approaches to risk assessment and answer the discussion questions.
The Facilitated Risk Analysis Process (FRAP)
Peltier, T. R. (2000). The Facilitated Risk Analysis Process [PDF file size 193 KB]. Retrieved from http://www.ittoday.info/AIMS/DSM/85-01-21.pdf
The NIST Cybersecurity Framework
National Institute of Standards and Technology. (2014, February 12). Framework for improving critical infrastructure cybersecurity [PDF file size 930 KB]. Retrieved from https://web.archive.org/web/20170624195120/https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
Energy Sector Risk Management Framework.
Hoffman, P. A. (2012). Electricity Subsector cybersecurity risk management process. Federal Register (National Archives & Records Service, Office of the Federal Register), 77(100), 30517-30518. Retrieved from http://vlib.excelsior.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=76338659&site=eds-live&scope=site
NIST Risk Management Guide for Information Technology Systems
Stoneburner, G., Goguen, A., & Feringa, A. (2002, July). Risk management guide for information technology systems [PDF file size 737 KB]. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
After examining the various frameworks, respond to the following:
Compare and contrast two of these methodologies, focusing on how they meet an organizations needs. What are some similarities and differences? Why are they important to consider?
Outline two different types of risk assessment methodologies.
Keep the following points in mind:
Different risk assessment methodologies are identified, compared, and explained accurately.
Examples are pertinent and explained well.