Risk Management and Cyber Network Attack Discussion Part 1 In 500 Words Respond to the following questions 1. Explain how the fundamentals concepts and p

Risk Management and Cyber Network Attack Discussion Part 1

In 500 Words Respond to the following questions

1. Explain how the fundamentals concepts and principals of Risk Management apply at home, at work, in the community, and at critical infrastructure locations. Describe how risk management alternatives are developed and evaluated in order to support better decisions on managing risk. (Cyber security Industries)

2. Cyberspace is a complex domain. be sure to address the differences between Cyber Network Defense, Cyber Network Exploitation and Cyber Network Attack. Additionally, address how the history of the cyber effort and cyber war impact our national security and national intelligence?

part 2

Analyze and Respond to the following / attached post ( what more can you add to it? ) While all the questions, and their answers, were interesting, the question I chose for this discussion is
Question#4. This question relates to getting industry buy in to computer security and connecting these
industries to the security research agenda (National Science Foundation, 2009). Essentially, the overall
goal is to have various industries support computer security as well as the security research agenda. The
answer to this question begins with stating the importance of industries supporting research agendas
and helping to move research findings from theory to application. Next, the answer states that there are
some factors that would help industries align their priorities with those of the research agenda including
participation providing a leg up with the competition, fear of falling behind a competitor due to lack of
participation, participation as part of following laws and regulations, and finally participation to avoid
notoriety from having a major security incident (National Science Foundation, 2009).
Overall, I agree with the response to the question posed regarding industry buy in to the
research agenda. First, industries must be motivated to align their priorities with those of the research
agenda and the factors listed in the answer can be powerful motivators for this alignment. The methods
of leveraging these motivators to essentially incentivize industries to participate in the research agenda
over other industries can also be effective including the competitions and prizes as well as reducing the
liability of companies who most align their agenda with that of the research agenda (National Science
Foundation, 2009). These methods can help gain the additional funding needed for research as well as
give industries who participate a sense that they are doing something good.
While I agree with the overall response to the posed question, I did find a gap in the answer that
should be addressed. I think that the cost of participation in the research agenda, including
implementation of systems developed through research is a factor in whether or not an industry aligns
itself with the research agenda. The high cost of implementation combined with either delayed benefits
or benefits that cannot be seen may cause a lack of eagerness to participate by various industries.
Effective security systems prevent many attacks from ever happening which can result in industries
questioning why they spent an egregious amount of money to implement systems when there aren’t any
attacks occurring. This can then cause a lack of participation due to not seeing a strong reason to
continue to participate. In order to gain continued participation, a way must be developed to incentivize
these industries to offset the high cost of system implementation that generates a low probability of an
actual attack.
References
National Science Foundation (2009). Responses to Questions Posed by Ms. Melissa Hathaway During
Her Presentation at the National Science Foundation on March 18, 2009. Retrieved May 3, 2019 from
https://edge.apus.edu/access/content/group/security-and-global-studies-common/EDMG/EDMG600/
National%20Science%20Foundation%20-%20HathawayQuestions%20Mar%2031%202009.pdf
Jeremie Wright(May 6, 2019 3:35 PM)- Read by: 1
Risk management is the process for identifying, analyzing, and communicating risk and
accepting, avoiding, transferring, or controlling it to an adequate level considering
associated costs and benefits of any actions taken (The Department of Homeland
Security, 2011). Risk management is a method for formulating and applying enhanced
homeland security judgments. Essentially, the risk management process is how
organizations approach risks and how they plan on managing those risks. Another key
thing to remember about risk management is that it will not prevent unfavorable actions
from happening, risk management, however, will help organizations concentrate on
those events that will bring the most destruction or thwart those incidents.
So how does risk management apply at home? That’s easy. Let’s look at an example of
your home. There are several risks that exist such as burglaries or fires. After seeing
what the risks are we more than likely will analyze and see the probability of
occurrence. Afterward, home owners may decide to either lock their doors or purchase a
home alarm system. Depending on if they believe they do not have anything of value or
the neighborhood is fairly safe. Next, they will evaluate and monitor to see if the
decision they came to on how to handle the risks work. If they did not, then look at the
other options alternatives you had listed and implement that one.
This same fundamentals and concepts apply at work as well. If someone works in the IT
field and the risks involve hackers who are trying to install malicious hardware. In
the community, this can apply while you are walking around the neighborhood, going
for a jog, or even when you are riding around in your vehicle. There are so many risks
associated with the community that people only tend to think about the big ones that can
cause a lot of financial trouble, serious injury, or even death. People don’t think of small
risks such as falling and tripping or being stung by a bee. When it comes down to it, risk
management is a plan with potential solutions on how you plan on dealing with it. You
Developing alternatives requires understanding the technical and operational measures
that can either break the cause and effect linkage to the likelihood or reduce the
consequences that would result if a given hazard or threat were to be experienced
(FEMA). Even though every situation is one of a kind, having feedback from
professionals using different approaches can be utilized. Different ways that alternatives
are created are by studying past incidents, asking specialists, reviewing government
guidelines, brainstorming, modeling and simulation, and engineering experiments and
field trials.
When it comes to evaluating identified potential alternatives courses of action, the costs
or estimates for each alternative has to be considered. Costs do not necessarily mean
money, but can also mean cost of civil liberties, political impact, and so on. When the
cost and benefit of possible courses of action have been made, key decision makers can
now be given the full picture of the risk, different courses of action, the costs and
benefits associated with each. If the decision maker decides, you can present to them
which one course of action you believe is better (FEMA).
References
FEMA. (n.d.). Lesson 4: The DHS Risk Management Cycle (Part 2). Retrieved May 6,
2019,
from https://emilms.fema.gov/IS454/lesson4/lesson4Print.htm
The Department of Homeland Security. (2011). Risk Management Fundamentals:
Homeland Security Risk Management Doctrine. Retrieved May 6, 2019, from
https://www.dhs.gov/xlibrary/assets/rma-risk-management-fundamentals.pdf
Read Responses to Questions Posed by Ms. Melissa Hathaway During Her Presentation at the National
Science Foundation on March 18, 2009 March 31, 2009.
Choose a question from the list, and discuss it.
Do you agree with the response? Why? Why not?
What are the gaps or weaknesses in the response?
While all the questions, and their answers, were interesting, the question I chose for this discussion is
Question#4. This question relates to getting industry buy in to computer security and connecting these
industries to the security research agenda (National Science Foundation, 2009). Essentially, the overall
goal is to have various industries support computer security as well as the security research agenda. The
answer to this question begins with stating the importance of industries supporting research agendas
and helping to move research findings from theory to application. Next, the answer states that there are
some factors that would help industries align their priorities with those of the research agenda including
participation providing a leg up with the competition, fear of falling behind a competitor due to lack of
participation, participation as part of following laws and regulations, and finally participation to avoid
notoriety from having a major security incident (National Science Foundation, 2009).
Overall, I agree with the response to the question posed regarding industry buy in to the
research agenda. First, industries must be motivated to align their priorities with those of the research
agenda and the factors listed in the answer can be powerful motivators for this alignment. The methods
of leveraging these motivators to essentially incentivize industries to participate in the research agenda
over other industries can also be effective including the competitions and prizes as well as reducing the
liability of companies who most align their agenda with that of the research agenda (National Science
Foundation, 2009). These methods can help gain the additional funding needed for research as well as
give industries who participate a sense that they are doing something good.
While I agree with the overall response to the posed question, I did find a gap in the answer that
should be addressed. I think that the cost of participation in the research agenda, including
implementation of systems developed through research is a factor in whether or not an industry aligns
itself with the research agenda. The high cost of implementation combined with either delayed benefits
or benefits that cannot be seen may cause a lack of eagerness to participate by various industries.
Effective security systems prevent many attacks from ever happening which can result in industries
questioning why they spent an egregious amount of money to implement systems when there aren’t any
attacks occurring. This can then cause a lack of participation due to not seeing a strong reason to
continue to participate. In order to gain continued participation, a way must be developed to incentivize
these industries to offset the high cost of system implementation that generates a low probability of an
actual attack.
References
National Science Foundation (2009). Responses to Questions Posed by Ms. Melissa Hathaway During
Her Presentation at the National Science Foundation on March 18, 2009. Retrieved May 3, 2019 from
https://edge.apus.edu/access/content/group/security-and-global-studies-common/EDMG/EDMG600/
National%20Science%20Foundation%20-%20HathawayQuestions%20Mar%2031%202009.pdf
Jeremie Wright(May 6, 2019 3:35 PM)- Read by: 1
Explain how the fundamentals concepts and principals of Risk Management apply at home, at work, in the
community, and at critical infrastructure locations. Describe how risk management alternatives are
developed and evaluated in order to support better decisions on managing risk.
Risk management is the process for identifying, analyzing, and communicating risk and
accepting, avoiding, transferring, or controlling it to an adequate level considering
associated costs and benefits of any actions taken (The Department of Homeland
Security, 2011). Risk management is a method for formulating and applying enhanced
homeland security judgments. Essentially, the risk management process is how
organizations approach risks and how they plan on managing those risks. Another key
thing to remember about risk management is that it will not prevent unfavorable actions
from happening, risk management, however, will help organizations concentrate on
those events that will bring the most destruction or thwart those incidents.
So how does risk management apply at home? That’s easy. Let’s look at an example of
your home. There are several risks that exist such as burglaries or fires. After seeing
what the risks are we more than likely will analyze and see the probability of
occurrence. Afterward, home owners may decide to either lock their doors or purchase a
home alarm system. Depending on if they believe they do not have anything of value or
the neighborhood is fairly safe. Next, they will evaluate and monitor to see if the
decision they came to on how to handle the risks work. If they did not, then look at the
other options alternatives you had listed and implement that one.
This same fundamentals and concepts apply at work as well. If someone works in the IT
field and the risks involve hackers who are trying to install malicious hardware. In
the community, this can apply while you are walking around the neighborhood, going
for a jog, or even when you are riding around in your vehicle. There are so many risks
associated with the community that people only tend to think about the big ones that can
cause a lot of financial trouble, serious injury, or even death. People don’t think of small
risks such as falling and tripping or being stung by a bee. When it comes down to it, risk
management is a plan with potential solutions on how you plan on dealing with it. You
Developing alternatives requires understanding the technical and operational measures
that can either break the cause and effect linkage to the likelihood or reduce the
consequences that would result if a given hazard or threat were to be experienced
(FEMA). Even though every situation is one of a kind, having feedback from
professionals using different approaches can be utilized. Different ways that alternatives
are created are by studying past incidents, asking specialists, reviewing government
guidelines, brainstorming, modeling and simulation, and engineering experiments and
field trials.
When it comes to evaluating identified potential alternatives courses of action, the costs
or estimates for each alternative has to be considered. Costs do not necessarily mean
money, but can also mean cost of civil liberties, political impact, and so on. When the
cost and benefit of possible courses of action have been made, key decision makers can
now be given the full picture of the risk, different courses of action, the costs and
benefits associated with each. If the decision maker decides, you can present to them
which one course of action you believe is better (FEMA).
References
FEMA. (n.d.). Lesson 4: The DHS Risk Management Cycle (Part 2). Retrieved May 6,
2019,
from https://emilms.fema.gov/IS454/lesson4/lesson4Print.htm
The Department of Homeland Security. (2011). Risk Management Fundamentals:
Homeland Security Risk Management Doctrine. Retrieved May 6, 2019, from
https://www.dhs.gov/xlibrary/assets/rma-risk-management-fundamentals.pdf

Purchase answer to see full
attachment