StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Threat and Security Risk - Term Paper Example

Cite this document
Summary
"Security Threat and Security Risk" paper examines the similarities and differences between the two procedures. Security management is rapidly expanding essentially with the increased levels of insecurity all over the world. It is imperative for professionals to have the ability to distinguish them. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.1% of users find it useful

Extract of sample "Security Threat and Security Risk"

Security Threat and Security Risk Introduction Security management is rapidly expanding essentially with the increased levels insecurity all over the world. It is imperative for professionals to have the ability to distinguish between security risk assessment and security threat assessment. This will assist in developing accuracy and competence when dealing with both processes. Security risk assessment and security threat assessment are two divergent processes that exhibit both similarities and differences. This paper seeks to examine the similarities and differences between the two procedures. Similarities between the Procedures Foremost, one of the similarities of risk and threat assessment arises from the objectives of both processes. A key objective of the procedures is to offer recommendations that aim at promoting protection against various dangers that may affect assets and the society in general (Bayne, 2002). Another objective of both processes is to develop approaches that can be used in coming up with a complete security and safety program. Both processes also aim at reducing the gravity of risks that may affect the society ( Editore, 2014). A second similarity arises from the fact that the risk assessment process incorporates threat assessment. As outlined by the AS/NZS HB167:2006 Security Risk Management standards, security risks are considered as a threat. This basically implies that the process of risk assessment integrates threat assessment (Brooks, 2011). Figure 1.0 below demonstrates the AS/NZS HB167:2006 process of risks assessment and the manner in which it also encompasses that threat valuation. Conducting a threat assessment is integral in the risk management process because if assist in the identification of threats to assets, information and people while determining the probability and the impact of the occurrence of the threat (Standards Australia, 2006). Figure 1.0 HB167:2006 Security risk management framework A key similarity between the security threat assessment and security risk assessment procedures is that both conduct vulnerability assessment. Vulnerabilities can be defined in simple terms as the gaps or weaknesses in a security program that can be exploited by threats in order to get access to an asset. They may include procedural, structural, human, and electronic elements that create an opportunity to attack an asset (Vellani, 2006). In both process, after the threats have been recognized, an assessment of vulnerability has to be conducted. The basic importance of the vulnerability assessment is to evaluate the probable implication of loss that arises from an attack that is successful. In addition, it examines the susceptibility of a location/ facility to an attack. Additionally, the assessment of vulnerability effectively outlines the effects of loss (Renfroe and Smith, 2014). As highlighted by Radvanovsky and Brodsky (2016), the similarity between the security risk assessment and security threat assessment is that both processes form the heart of many organizations’ information security framework. Schmittling (2010) further argue that the two processes form the procedures that not only establish the rules, but also the guidelines of security policy, which are useful in establishing key controls as well as mechanisms that help in minimizing threats as well as vulnerabilities. Another similarity is that both procedures are continuous. It can be stated that the risk and threat assessment are not a means to an end. Both processes are incessant in the sense that they should be conducted regularly in order to ascertain that the mechanisms of protection that exist currently could still meet the set objectives. The processes should have the ability to handle the security concerns of an organization or a country at all times. The risk and threat assessment procedure should, therefore, be a significant part of the overall lifecycle of security management (Bayne, 2002). Differences between the Procedures A difference that exists between the two processes is that the threat assessment process deals with a component that cannot be controlled while the risk assessment process works with an element that can be controlled. Pinkerton (2014) highlights that threats cannot be controlled. For instance despite implementing the threat assessment process, one cannot discontinue dangers such as a tsunami, threats from terrorist groups and a hurricane. It is possible to identify a threat nevertheless, they continue to be outside an individual’s outside control. The inability to control threats, therefore, makes the threat assessment process difficult. Risks, on the other hand, can be controlled and their overall effects can be reduced. Based on the ability to control or mitigate risk, it can be stated that the risk assessment process is much easier. Also, a difference exists in the techniques that are used in conducting the two processes. The Standards Australia HB 89–2012 Risk Management Guidelines on risk assessment techniques offers recommendations concerning the approaches that are used in the process of risk assessment. Some of the main approaches highlighted by the regulation include brain storming, conducting interviews, undertaking the SWOT analysis, PEST analysis in order to examine the external environment , writing down check lists and the analysis of the scenario (Standards Australia HB 89- 2012). The threat assessment process on the other hand, involves techniques such conducting interviews in order to get basic information concerning the threat. The second approach involves the identification of trends and patterns in the occurrence of the threat and then gauging the level of threat is the next step which is then followed by looking for indictors that demonstrate a decline in the level of threat (Dworken, 2003). It, can therefore, be stated that although the two processes have been integrated together for instance in the case where the risk assessment procedure incorporates the threat assessment, what is evident in the process of security management is that different methods are used in conducting threat and risk assessment. Alternatively, another significant difference between security risk assessment and security threat assessment pertains to one process triggering the other. Indeed, whereas security threat assessments form the initial step in assessing the security of an organization, security risk assessment is often triggered by the security threat assessment process, which often determines not only the type as well as the level of danger likely to be experienced by an organization. In this regard, Strachan-Morris (2010) notes that security threat assessments specifies not only the most significant and the most probable dangers, but also evaluates their degree of risk as compared to each other.­ The comparison is often conducted to help determine the interaction pitting the cost breach as compared to the probability of that particular breach. According to Strachan-Morris (2010), as an initial step in assessing the security of an organization, security threat assessments primarily consider a great number of factors. To gauge capability, security threat assessments analyze the quality of an organization’s past performance, the present trends, logistic support, command, and control in addition to the degree by which a particular group may derive its own opportunities and attack. Alternatively, having ascertained the degree of threat, as informed by the security threat assessment, the security risk assessment, which is a significant role of probability and damage, follows. Thus, security threat assessment triggers the security risk assessment. Another significant difference between the two processes can also be explained based on their differing goals. Although they have similar objectives as stated earlier, security risk assessment significantly focuses on analyzing the possibility as well as the tendency of an organization’s valuable resources to experience various attacks, on the other hand, security threat assessments greatly focuses on analyzing the potential attacker’s resources. According to Land et al. (2003), security threat assessments are often carried out to establish the most effective approaches in as far as safeguarding an organization against any given threat. As Land et al. (2003) note that analyzing potential threats may help an organization to not only come up with, but also implement various security policies that are in concordance with policy priorities as well as the particular implementation requirements for securing an organization’s valuable resources. Finally, another significant difference between the two processes is that while security risk assessment assesses an organization’s assets, with an aim of accounting for not only the criticality, but also the vulnerability of the assets in order to ascertain the security investment, the security threat assessments analyzes every information asset and thereafter establishes its liability (Meloy & Hoffmann,2013). According to Land et al. (2003), the process of threat assessment states that each situation of distress should not only be viewed, but also assessed individually. The implementation of the security threat assessment is done based on facts regarding a particular threat and conducted through an evaluation of its characteristics. Conclusion From the analysis, what is clear is that security risk assessment and security threat assessment are two divergent processes that exhibit both similarities and differences. The analysis has clearly highlighted a number of both the similarities as well as the differences between the two processes. Some of the highlighted similarities arise from the fact that they both have the same objectives, the risk assessment process also integrates the threat assessment procedure, both conduct vulnerability assessment and the two procedures are continuous. Some of the noted differences arise from techniques used and their roles when it comes to security management. Establishing the differences and similarities between the two processes is essential especially for security professionals. References Bayne, J. (2002). An Overview of Threat and Risk Assessment. SANS Institute. Biringer, B, Matalucci, R & O'Connor, S. (2007). Security Risk Assessment and Management: A Professional Practice Guide for Protecting Buildings and Infrastructures. New Jersey: John Wiley & Sons Brooks, D. J. (2011). Security risk management: A psychometric map of Expert Knowledge structure. International Journal of Risk Management, 13(1/2), 17–41. doi: 10.1057/rm.2010.7. Dworken, J. ( 2002). Threat Assessment. Institute for Public Research Editore, C. (2014). Risk Management. Cacucci. Land, M, Truett, R & Bobby, R. (2013). Security Management: A Critical Thinking Approach Occupational Safety & Health Guide Series. Boca Raton, Florida. CRC Press Meloy, R & Hoffmann, J. (2013).International Handbook of Threat Assessment. Oxford: OUP USA Pinkerton. (2014). Risk vs. Threat vs. Vulnerability. Pinkerton Radvanovsky, R & Brodsky, J. (2016).Handbook of SCADA/Control Systems Security. Boca Raton. Florida: CRC Press Renfroe, N and Smith, L. (2014). Threat/Vulnerability Assessments and Risk Analysis. Applied Research Associates, Inc. Schmittling, R. (2010). Performing a Security Risk Assessment. ISACA Journal .1(2010). Pp.1-7 Standards Australia. (2006). HB 167:2006 Security risk management. Sydney: Standards Australia International Ltd. Strachan-Morris, D. (2010).New Threats and Risks: What is the Difference? Pilgrims Group Limited Standards Australia HB 89–(2012). Risk Management – Guidelines on risk assessment techniques. Vellani, K. (2006). Strategic Security Management: A Risk Assessment Guide for Decision Makers. Butterworth-Heinemann. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Security Threat and Security Risk Term Paper Example | Topics and Well Written Essays - 1500 words, n.d.)
Security Threat and Security Risk Term Paper Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/management/2067350-security-threat-and-security-risk
(Security Threat and Security Risk Term Paper Example | Topics and Well Written Essays - 1500 Words)
Security Threat and Security Risk Term Paper Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/management/2067350-security-threat-and-security-risk.
“Security Threat and Security Risk Term Paper Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/management/2067350-security-threat-and-security-risk.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Threat and Security Risk

Criminal Justice: Introduction to Security

he risk is defined as the frequency or intensity of threat to any target.... Other types of risk can include criminal activity, arson, theft, and banditry.... This essay considers one of the primary concerns of human beings since the time when rudimentary forms of civilizations began to emerge such as security and safety.... The essay discusses the history of security services, threats to modern society, protection and mitigation against specific threats....
5 Pages (1250 words) Assignment

The Disaster Management Cycle

This paper talks that the prevention & mitigation of any sort of risk should be the first priority in the disaster management process.... The steps taken to prevent any risk are stringent security checks, surveillance, detection and raids.... security checks at all the entries are a must.... hellip; According to the discussion security checks of the entire premises are also very important throughout the course of the games.... In any of these cases, it becomes very important to understand the fact that security breaches are possible and consequently, security needs to be tightened....
8 Pages (2000 words) Essay

Risk and Security

Besides these, the usage of portable Risk and security AFFILIATION: Risk and security The current era is that of fast information flow.... ConclusionIn a nutshell, technology has its own merits and demerits, and for companies to avoid information security breach, it is necessary that risk assessment be done properly (Elky, 2006).... An introduction to information system risk management.... rg/reading_room/whitepapers/auditing/introduction-information-system-risk-management_1204Gordon, P....
1 Pages (250 words) Essay

YOUR FIRST DRAFT

Apart from the security threat, illegal immigration burdens the nation's resources and increases competition for resources and economic opportunities against citizens.... Organized to operate through an agency, Department of Homeland security, its efforts include counter terrorism measures, management of the nation's borders, disaster management,… In this paper, I explore immigration enforcement, security, and disaster management initiatives of Homeland security. The wider scope of Homeland security's mandate is to ensure the nation's safety from First draft: Homeland security Homeland security defines collective efforts that ensure internal security in the United s....
2 Pages (500 words) Essay

Security Risk Mitigation Policies

security risk Mitigation Policies It is imperative to protect the integrity, confidentiality, and availability of data from misuse by people inside or outside any facility or organization.... Security policies and risk assessment aspects should be identified and characterized.... Thorough and sound assessment of the risk provided in the environment should be done in order to develop a plan to mitigate it.... Security policies and risk assessment aspects should be identified and characterized....
2 Pages (500 words) Coursework

Identify risks/threats and countermeasures in given scenarios

On the same note, an organization cannot risk access of its data by unauthorized persons.... Delegation of change of passwords to a colleague by the administrator is another risk posed to the security of ABC Company's data.... Regular change of passwords is required so as to ensure maximum security of the data.... Encryption of the passwords serves to add to the security of the data (Mahmood 2014, p.... Cloud storage promises high data availability and reduced infrastructure but, on the other hand, it poses a problem of security of the stored data....
4 Pages (1000 words) Essay

Risk Management and Security Threat

Risk Management and security Threat Analysis Program risk can be defined as a measure of uncertainties that any aspect of a program will perform its required functions under the required schedule and performance constraints.... In the report, it is underlined that program risk can be defined as a measure of uncertainties that any aspect of a program will perform its required functions under the required schedule and performance constraints.... he Department of Veterans Affairs has incorporated security measures into its risk management framework....
2 Pages (500 words) Essay

Information Security - the Difficulty in Estimating the Probability of a Threat or Attack Occurring

This is done by hackers who never sleep to see that they have a solution to pose a threat and outdo a certain security mechanism.... The frequency of particular information access and the amount of personnel who have the right to access it can be a determinant to the probability of information security threat.... To assess the probability of information security threat especially by people there has to be an identified motive, the means or ways of launching the threat, and the opportunity that is a potential vulnerability existing in the organization....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us