Security Risk Assessment the Steps

Security Risk Assessment

The steps involved with a Security Risk Assessment Preparation are to establish the security controls that are currently in place and to determine whether additional security controls are in place or if there are potential breach possibilities in the current security control setup. Essentially, the organization needs to perform a Gap Assessment (Landoll, 2006). The assessment preparation should also have the ability to detect the number of attacks on the security controls collectively and disseminate that information accordingly.

The security control assessment must also identify all assets that require the firm to secure any breach against either compromising information or to steal physical assets from the firm. Therefore, the organization must identify initially whether the security program is operating within acceptable security bounds as defined by senior security management.

There are four stages to the process of security risk management. These processes are security risk assessment; test and review; security risk mitigation; and operational security. The process of conducting the security risk mitigation is comprehensive and involves providing a Security Risk Assessment, Test and Review, Risk Mitigation, & Operational security.

II

Security Metrics are identifier that indicates the level of uncontrolled interactions (ISEMCOM, 2011) between the host and the source. According to Security Metrics, "The rav is a scale measurement of the attack surface, the amount of uncontrolled interactions with a target, which is calculated by the quantitative balance between operations, limitations, and controls. Having the ravs is to understand how much of the attack surface is exposed." (ISECOM, 2011)

Specifically however, the metrics are the unique identifiers within the organization that correlate the security measures with the assets under protection. Security metrics are used in a Security Risk Assessment to establish the identification of security measures in place for identification to what potential breaches are possible to the system and the methodology to be employed to rectify the situation. Security metrics are somewhat akin to performance metrics in so that the metric is to establish the level of performance w/in the organization and the effectiveness of the organization according to those metrics. The same does apply to security metrics such that these metrics establish the performance within the organization and the effectiveness of the organization's security.

The purpose of Risk Analysis is to spot and find security risks in the current framework and to resolve the risk exposure identified by the risk analysis. The type of security risk assessment for an organization is a function of a number of available assessments. However, the most important security protocol is to protect the organizations assets. Therefore, the most important security risk assessment for this purpose is the penetration testing proceeded by the vulnerability scan (Landoll, 2006). Protection of assets is of primary concern. Assets include both physical and non-physical assets. Non-physical assets are defined as assets that are not tangible. The Security Audit is indeed imperative, as is the Ad Hoc testing and Social Engineering test.

Annotated Bibliography

Campbell, G. (2010, What's state-of-the-art in security metrics? Security Technology Executive, 20(9), 19-19. Retrieved from http://search.proquest.com/docview/823012983?accountid=13044

Campbell (2010) delves into the newest technologies currently used in security technology. Contract security guards, he contests, account for more than $16 billion in the United States, employing more than public law enforcement. Campbell proposes musing metrics developed for the senior management team as well as providing a methodology on how to determine a particular metrics application.