Discussion 1


 

Introduction to Risk

Individuals, businesses and governments face risk daily. Risk is manifested in different forms and may be described as business, non-business, or financial. Irrespective of the type of risk, it’s important to remember the basic goals of security – to maintain confidentiality and integrity, while also ensuring the availability of data and systems. Organizations and governments usually employ different approaches to mitigating risks, but with a good understanding and consideration for risk elements including (i) vulnerabilities, (ii) threats & threat agents, (iii) impact, and (iv) likelihood. Other considerations include an organization or government’s appetite for risk, business goals, as well as internal and external drivers (laws, regulations, and standards). Proven strategies to deal with risk employ an enterprise risk management approach, and also rely on risk management frameworks including but not limited to: NIST’s risk management framework, ISACA’s risk IT framework, and COBIT 2019.

Overview

Follow these directions to complete the assignment:

Identify a cybersecurity-related attack:

Using scholarly sources and/or the web, research, identify, and share an example of a cybersecurity-related attack. Examples may include cyber warfare such as “Stuxnet” or the “Equifax” data breach. Feel free to use any of these. Once you’ve decided on the example you will share, “claim” it by posting it to the discussion. Do not post about the same type of attack as your classmates.

Create your post:

In a discussion post of approximately 600 to 800 words, explain risk and risk elements related to this attack, including a synopsis, attack type, characteristics, vulnerabilities, threats & threat agents, impact, and likelihood of this attack. You may need to make some assumptions as you write about the risk elements. Clearly state any assumptions that you make. Do not offer a potential solution to the attack;

 

Action Items

  1. Complete all of the reading for this module.
  2. Claim the cybersecurity-related attack you intend to discuss by posting it to the discussion.
  3. Create your discussion post according to the directions in the overview.