Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Risk Management
Risk and vulnerability analysis
Risk can be defined as a prediction of future events and their outcomes and consequences. Initially, as these predictions are being made, there is no guarantee that these event will actually occur. At this point, it becomes vital to apply probabilities in order to determine the likelihood of the event occurring. Risk analysis, therefore, is a process of describing risks involved in any situation or organization. Vulnerability on the other hand, tends to focus more on the consequence an event will have on the organization if it occurs. It combines, therefore, the aspects of uncertainty of the event and the consequences that come with it (Lewis, 2006).
Process used to analyze threats
US-VISIT is a department within the Department of Homeland Security (DHS) that enhances the department's mandate of providing security to the citizens of U.S.. U.S.-Visit's main objective is to provide biometric services to other departments and institutions of the federal, state and local government. These biometric services include mostly digitized photograph and fingerprints. Mostly, this information is retrieved from entry points into the country such as airports and also at the Visa issuing officers across the world. Therefore, with this information at hand, it is possible for the immigration offices to determine the eligibility of international travelers to be issued with an American visa. This process is very important in preventing identity theft and denies criminal elements from gaining access into the U.S. Moreover, it becomes easier to identify individuals who may be staying in the U.S. illegally or have overstayed beyond the time they were granted permission to be in the U.S. Therefore, the U.S.-Visit department is very crucial since the information it avails for the various departments assists in decision making and legislation of relevant policies (Homeland Security, 2012).
Since this department holds sensitive and private information, it becomes highly susceptible to risks associated with privacy (DHS, 2004). These threats have been identified and categorized into four major groups as shown in the table below:
Table 1: Risks to privacy of information at the U.S.-VISIT
Type of Threat
Description
Unintentional threats (posed by insider)
These may include mistakes in the design of information systems, its development, configuration and operation. Some errors are also committed by employees of the various institutions that store this information. This may happen physically, for example when an...
As such, confidential information can fall into the wrong hands.
Intentional threats (from insider)
Actions involving the incorrect use of authority and disregard of regulations. These may include browsing for information that is confidential or deleting information from a workstation.
Intentional and unintentional threats from authorized outsiders
These threats include misuse of authority to access confidential information with malicious intent and circumventing procedures to gain access to information systems without proper authorization. Flaws in policies and system hiccups can lead to unintentional access to confidential information.
Intentional threats from unauthorized outsiders
Threats may be electronic, personnel attacks, and physical attack. These entails actions such theft of information equipments, hacking and tapping of communications and social engineering in general.
Source: U.S.-VISIT Program, Increment 2: Privacy Impact Assessment; In Conjuction with the Interim Final Rule of August 31, 2004.
The threats indicated in table 1 were identified through the process of information life cycle. At all the stages of the cycle; collection, use, processing, and destruction, issues are analyzed and threats to privacy identified (DHS, 2004).
Operational risks mainly focus on failures within an organization that are intentionally committed. For example, a hacker can cause an interruption in the ICT system within the organization leading to losses and security threats. Intertwined here is the cause analysis which is related to the threat identification process. Figure 1 gives a comparison of the threat identification process and the cause analysis process.
Fig.1 A comparison of the threat identification process and cause analysis process
Threat identification process
Cause analysis process
Discussion of uncertainties
Discussion of causes
Discussion of probabilities
Discussion of scenarios
Probability assignment
Uncertainty assessment
Identification of scenarios
Information gathering
It is also crucial to analyze the resources at the attacker's disposal and this should include issues such as the resources needed by the attacker to carry out the specific attack, an in depth intelligence on who are the most likely attackers, what motivates the attacker, and the knowledge and technical know-how necessary to carry out the attack. For…
References
Aven, T. (2008) Risk Analysis: Assessing Uncertainties Beyond Expected Values and Probabilities. Hoboken, NJ: John Wiley & Sons.
Department of Homeland Security (2004) Privacy Impact Assessment: In Conjunction with the Interim Final Rule of August 31, 2004. Visitor and Immigration States Indicator Technology, September 14, 2004. Retrieved from http://epic.org/privacy/us-visit/us-visit_pia2.pdf
Homeland Security (2012) U.S.-Visit. Retrieved from http://www.dhs.gov/files/programs/usv.shtm
Johansson, J. (2007) Risk and Vulnerability Analysis of Large-scale Technical Infrastructure: Electrical Distribution Systems. Department of Industrial, Electrical Engineering and Automation, Lund University. Vol.1(2)
This means that you must train employees how to identify various forms of phishing. At the same time, you must implement some kind of security procedures that will place a restriction, on how personal information is distributed. For example, employees could be trained in spotting various kinds of fictitious emails. However, when they run across an email like that is requesting information, there would be a procedure where the
Social Vulnerability Analysis Compare and contrast your findings based on your research and provide a summary. Describe the correlation between environmental and socioeconomic risk and vulnerability for the counties you selected. This is Part III of the Social Risks and Vulnerabilities Project. St. Lawrence County, New York State and Missoula County, Montana were chosen from the Hazard Vulnerability and Risk Institute web site because they have similar population size but are from
Social Risk and Vulnerability Analysis Comment by Babyliza: There's No Abstract Vulnerability to hazards is affected by several factors, comprising age or income, the power of social networks, and neighborhood individualities. Social vulnerability takes into account the socioeconomic and demographic factors that influence the resilience of populations. The Sovi for Bexar County is 0.230416 whereas that for Philadelphia County is 3.418284. This indicates that Philadelphia County as a geographical expanse has
Threat Identification The threats How the threats are detected Ever since the September 11, 2001 terrorist attacks, businesses have had to critically rethink on the level of adequacy of their disaster recovery arrangements in relation to their business continuity plans as noted by Lam (2002,p.19). The September 11, 2001 tragedy effectively highlighted the importance for organizations to continue with their commercial operations even under the most exceptional of circumstance. My business which has
Risks of Climate Change THE RISK OF CLIMATE CHANGE: IMPLICATIONS FOR ARCHITECTS AND ENGINEERS Climate Change Impacts on Engineering Infrastructure Key Impacts on Water and Resources Risk Management Analysis Coping Methods Possibility And Probability Theories Recommendations And Guidelines For The Vulnerability Of Climate Change Impacts Using Risk Management Methods And Analysis THE RISK OF CLIMATE CHANGE: IMPLICATIONS FOR ARCHITECTS AND ENGINEERS This work examines climate change in relation to impacts upon infrastructure, utilities, and water in relation to the
Risk Assessment at the Wal-Mart Stores Inc. Industry and company information Risk assessment System characterization Threat identification Vulnerability identification Control analysis Likelihood determination Impact analysis Risk determination Control recommendations Concluding remarks Bibliography (Annotated) The current economic climate is more challenging than ever and economic agents face incremental difficulties in registering profits through the serving of a population with a decreasing purchasing power. Nevertheless, in a context in which most economic agents register decreasing revenues, America's number one retailer -- Wal-Mart -- registers growing