User Account

All Pages

Security Risk Analysis Assignment Problem

Assignment Help Other Subject
Reference no: EM132403986

Security Risk Analysis Assignment -

AIM - To provide the security management professional with a methodology which they can use in their day-to- day security management activities in order to analyse security risk and set priorities for mitigation.

Unit Outcome 1.1 - Be able to carry out a facility characterisation.

Assessment Criteria -

1.1a. Produce a facility characterisation for a given organisation, facility or operation.

1.1b. Collect, collate and synthesise information relating to asset criticality and interdependencies.

Task 1.1 -

Developing your understanding of assets explained on Page 13-14 of the Unit Textbook, identify the core assets (tangible/intangible) in your organisation. Then analyse them in terms of:

Clusters (assets working together with critical interdependencies).

Relative criticality (i.e. putting aside the book value, are some assets more operationally critical than thers, for example at certain times of the day?)

Redundancy (is there back-up capacity or are there alternatives?)

External dependencies (are you critically dependent on external suppliers and what is their level of contingency?)

How the above points relate to the maintenance of operational continuity.

A comprehensive answer to this task will typically be in the region of 300-500 words.

Unit Outcome 1.2 - Be able to analyse security risk.

Assessment Criteria -

1.2a. Develop a methodology for a threat assessment.

1.2b. Critically evaluate methodologies to determine security risks to the candidate's organisation.

Task 1.2a -

A threat is a source of potential harm. In assessing a threat, it is useful to look at a range of factors, including the local criminal environment, potential adversaries, their motivation and determination, their actions and the targets to which they are attracted, crime facilitators etc.

Taking the examples of the intelligence-based threat assessment questions in the Unit Textbook and thinking of a threat context of your own, increase the asset analysis question set from 8 questions to 10 questions and the action analysis question set from 10 questions to 13.

Note: Be sure to also study the adversary question examples in the Unit Textbook and don't confuse these questions with those relating to asset and action.

Task 1.2b -

The Unit provides a description of a security risk analysis using two matrices to represent the point of intersection between the likelihood, impact and controllability of (or vulnerability to) risk.

First, using the ISMI methodology in the Unit, evidence your understanding of the process by filling in the gaps in the table opposite. (You will need good assimilation of the unit, including the case study beginning on Page 32).

Second, compare and contrast the ISMI methodology with the approach to risk management outlined in the API Security Vulnerability Assessment Guide (v2 2004), which can be found in the External Background Documents section of the Extranet Library.

Unit Outcome 1.3 - Be able to plan for security risk mitigation

Assessment Criteria

1.3a. Develop strategies for risk mitigation that can be adopted by the senior leadership team.

1.3b. Identify opportunities for integrated strategic risk analysis tools and templates.

1.3c. Produce tools for cross-functional involvement in the security risk analysis programme.

Task 1.3a -

Case Study - Billings Research (BR) is a laboratory complex based in the US state of Montana. The work of BR is considered by activists to be controversial and as such the facility is subject to a range of risks typically associated with activist actions.

The company uses a variety of risk mitigation techniques to manage security risk. For example, a contracted security guarding service provides round the clock security at the facility and also provides secure transportation and courier of materials between the facility and BR's various clients. For the present time, the security officers are unarmed, but there has been a discussion about arming guards in response to a small number of direct telephone threats made to senior staff at the facility. There has also been a discussion about augmenting the unarmed guarding force with an onsite quick reaction armed force, but for the time being the local sheriff's department is confident that it can provide the response necessary.

Data security is a primary concern at the site. Very sensitive personal medical information relating to hundreds of thousands of members of the public is held at the facility. Due to concerns about the security of sensitive medical data on mobile platforms, there is a blanket ban on issuing staff with laptops and company cell phones. All sensitive data is processed within the facility and is never allowed to leave in any form of the electronic storage device. Flash drives are banned, and all USB ports on desktop PCs have been removed. With the development of more reliable encryption products, this policy is under continual review.

In addition to guards, the site is extensively covered by CCTV (fixed cameras with video motion detection to detect perimeter abnormalities and assess alarms, and PTZ cameras to track and investigate suspicious activity). The site is enclosed by a 2.4m high chain-link fence, extending to 3m with the addition of coiled razor wire, bedded into V-shaped outriggers. Fibre optic cables run along the face of the fence to detect intrusion. The site is zoned and compartmentalised, and badge in/badge out access control operates across all zones.

After 9/11 there were concerns raised by some employees that the facility could be the target of terrorism. A consultant was called in to carry out a review and concluded that a terrorist attack by international terrorists was a very remote possibility. As such, anti-terrorism measures are focussed on issues such as postal devices sent by activists. There are no VBIED (car bomb) defences at the site as such a sophisticated attack is considered highly unlikely.

Analyse the above case study and using the template in the answer box, explain how BR practices each of the four elements of risk mitigation (represented by TEAR) and also explain how the concept of ALARP is put into practice at this site.

Note: A comprehensive answer to this task will typically be in the region of 300 words.

Task 1.3b -

The Unit advocates an integrated approach to security risk management. This is best achieved by senior management mandating the establishment of a cross-functional security risk management forum, under the leadership of the security management professional.

Aside from the security risk analysis methodology, the Unit presents two additional simple tools/templates that could further foster universal buy-in to the security risk analysis process. These are the Risk Management Action Plan and the Line Department Risk Register.

Familiarise yourself with these tools in the Unit Textbook and then from your experience/organisation, present another (different) tool/template of your choosing that can be used by the business in the security risk analysis/management process. If you don't have an example in your business, construct one.

Note: A good answer will explain how the tool or process is used, by whom, for what purpose, why, how successful or accurate it is etc. This is important as it constitutes the analytical element of this answer, and without this accompanying text, the assessor may not be able to make sense of the template/tool presented.

Task 1.3c -

You may have an idea of the book value of an asset, but what is the value of that asset to the business at any given time and what would be the potential cumulative consequential loss if stolen? For answers such as this, you will need to work closely with the asset custodians and users.

In the case of theft of critical copper wire delivering power to a manufacturing site where there is no alternative power supply, the direct losses associated with the replacement and reinstallation of the wire could cost tens of thousands of dollars.

But more critically, the associated operational downtime could have a crippling consequential impact in terms of lost business.

Specifically, what kinds of consequential losses would have to be taken into consideration in the analysis?

Attachment:- Security Risk Analysis Assignment File.rar

Reference no: EM132403986

Questions Cloud

How performance measurement helps to achieve goals : How performance measurement helps to achieve goals and objectives through setting targets and measure performance against those targets through control.
What amount of maintenance total cost is allocated : Frederick uses a step allocation method where Cafeteria Services is allocated to all departments and Maintenance Services is allocated to production department.
What is the importance of data handling policies : In Operations Security there are quite a few policies necessary for success. In this assignment, you will focus on Data Classification and Handling Policies.
Determine for december 31 the amount of earnings : The Common Stock account for Baltimore Corporation on January 1, 2018 was $62,500. On July 1, 2018 Baltimore issued an additional 7,000 shares of common stock.
Security Risk Analysis Assignment Problem : Security Risk Analysis Assignment - To provide the security management professional with a methodology. Produce facility characterisation for given organisation
The relationship between understandability and relevance : Explain the relationship between understandability and relevance in accounting and give examples. The response paper should be in APA format.
How do the teams manage the team boundaries : How do the teams manage their team boundaries? What are the trade-offs between internal cohesion and external ties within each type of team?
Explain how the concept of materiality enhance : Explain how the concept of 'materiality ' enhance the fundamental qualitative characteristic of 'relevance' of useful financial information and give examples.
Explain what it means to be overstated or understated : Explain what it means to be overstated or understated and what determines if something is over or under stated. Explain Effects of adjusting entries.

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd