Risk Management and Malicious Attacks Please respond to the

Risk Management and Malicious Attacks\" Please respond to the following: With regards to risk-response planning, there are four (4) responses to negative risks that an organization may pursue: avoid, transfer, mitigate, and accept. Develop an original and unique scenario to describe and contrast each of these responses. From the selected e-Activity article, describe in detail the way in which the malware was utilized to steal data or gain privileged remote access to a computer or network. Suppose you were an IT Security professional working at the attacked business, and detail the security controls that you would consider putting into practice that would help to prevent this and similar types of malware attacks moving forward.

Solution

This is about managing risks involved in the developement of projects. First , one must be able to identify what might eventuallly go wrong through the system/software design. The risks identified must then be documented and then, one must work out what to do with them. This is where the 4 mentioned responses come in.

Avoid -

Simply, if we avoid a risk, we stop it from happening! If you think that a particular feature in your product won\'\'t be popular.. just don\'t release it. To put this in a scenario asked, suppose Facebook was planning to include a dislike button for the users. How do you identify this as risk? One can conduct surveys and such.. and once you identify this as a potential problem.. you simply \"avoid\" it i.e. swtich the feature off!

This is a good approach to swftly end trouble, but can not be done for all risks.

Transfer -

As the name suggests, it deals with \"transferring\" the resposibilty of the risk to somebody else. This is why contracts come with a \"transfer of risk\" clause.

To understand this with respect to our FB scenario, let us look at FB ads. FB earns its money through selling ads to its users. What if an ad was not to someone\'s taste? From the billion or so FB users , how is FB supposed to know what content might offend who? So, this is whhere transfer comes in. FB displays its ad with the underlying disclaimer that it should not be held responsible for anything offensive with them!

Mitigate -

Mitigate is the response where you work towards actually building a response strategy sch that if a risk does happen , it is less of a problem.

Looking at the FB scenario, suppose FB has to introduce tap to like, like Instagram. You test the feature but it is taking too long. To quickly avoid this risk, and get the service tested quickly for production, one can add more testers to the resource pool. The risk might still happen, but we have made sure it is not as bad.

Accept-

Well, if you have analyzed the risk and seen that you can;t do anything about it, then well, you just have to accept the risk! Adapting to it is an imporrtant part in projject management.

This is a perfectly feasible thing to do, if you feel that it may be far too costly to implement a risk management strategy. If the chance of a risk happening is tiny, or the impact it will have if it does happen is very small, then doing nothing is a perfectly acceptable solution.

Looking at it through our fb scenario, suppose FB found out that even if the user is putting his/her pictures as private, it is visible and accesible to some through certain tweaks. Now, taking the feature is not an option, admitting to it can cause mass hysteria, how do you know what is causing this bug , so for PR you just accept this and let things be, until you find something concrete to mitigate the risk.

--------------------------------

There is no article provided that the question talks about, so it is impossible to know and answer about the scenario which is mentioned in the question. But IT professionals should identify the risks, document and categorize it depending on the nature, and then look to find solutions.

-------------------------

thank you