Discussion

profilejimpop1998
Action1.docx

Discussion 3

Purpose

· Describe the risk response process.

· Evaluate risk response options and align choices with business objectives.

· Identify the bad actors in cyberspace and compare and contrast their resources, capabilities/techniques, motivations, and aversion to risk. [NSA CTH 1]

· Select the optimal methodology based on needs, advantages, and disadvantages. [NSA SRA 4]

Responding to and Mitigating Risk

When it comes to responding to risk, there is no one size fit all approach. Individuals, businesses, and governments will need to determine how they will deal with these risks, whether to accept, transfer, or mitigate such risks. Understanding the source of the risk, whether man-made or natural, will need to be considered when responding to risks. Several other factors will also need to be considered, including the organization’s mission, goals and objectives, risk appetite, resources, and capabilities. Risk response frameworks, as well as the Plan-Do-Check-Adjust (PDCA) life cycle are good references to consult when planning responses to risks. Whatever risk response is chosen, it’s important to remember that low-cost responses to high-risk scenarios are the goal of risk response prioritization.

Overview

This discussion is based on the same scenario as  Discussion 2. You’ll remember that the scenario mirrors a natural event (world-wide pandemic), the COVID-19 outbreak, but is based on a fictitious company. Again, feel free to make some assumptions as you work on this module’s discussion.  Note: For this assignment, you will not be able to see your classmates’ posts until after you post.

The scenario (Discussion 2):

You work for a U.S.-based company called Hintel, an IT company that manufactures computer chips. The company’s factories handle over 70 percent of its manufacturing operations. The factories are geographically located in China, Italy, and South Africa.

In January 2020, the U.S. Centers for Disease Control (CDC) announced that they were responding to “an outbreak of respiratory disease caused by a novel (new) coronavirus that was first detected in China and which has now been detected in more than 100 locations internationally, including in the United States. The virus has been named SARS-CoV-2 and the disease it causes has been named Coronavirus Disease 2019 (abbreviated COVID-19). On January 30, 2020, the International Health Regulations Emergency Committee of the World Health Organization (WHO) declared the outbreak a public health emergency on International concern.1

Since January 30, 2020 when the outbreak was declared a public health emergency, many businesses have suffered major financial losses due to a temporary loss of confidence in financial markets, restricted movements, and in the case of “Hintel”, the closures of its major factories in China and Italy. The company currently reports approximately $75m in losses per day as a result of this pandemic.”

 1  https://www.cdc.gov/coronavirus/2019-ncov/cases-updates/summary.html

Include the following in your post:

· As the CIO of “Hintel”, you have been summoned by the organization’s board to share your response plans. Identify and explain 3 to 5 risk response options that you would share with the board. Note that these points could essentially be included in your disaster recovery plan.

· Describe 3 to 5 factors that you would consider when evaluating the risk response options that you shared above, bearing in mind the importance of establishing and maintaining trust throughout the process.

· Pandemics such as COVID-19 may enable bad actors in cyberspace to harm businesses. Identify and describe potential opportunities that these actors could exploit to harm businesses.

· Describe technical controls “Hintel” could implement to reduce cybersecurity-related risks from these bad actors.

Action Items

1. Create discussion post according to the directions in the overview.

2. Read the assignment rubric to understand how your work will be assessed.

Module:

Here are the resources you need to prepare for this module:

· Chapter 5, Risk Response and Mitigation  (Links to an external site.) , in Rogers & Dunkerley (2016)

· The Phoenix Project: Remediation of a Cybersecurity Crisis at the University of Virginia  (Links to an external site.)  Case Study

· NIST Guide for Conducting Risk Assessments  (Links to an external site.)

· The Three Ts of the Cyber Economy