Given multivariate, multidimensional events generated by adaptive human agents, perhaps it would not be too far
Question:
Given multivariate, multidimensional events generated by adaptive human agents, perhaps it would not be too far a stretch to claim that no two events are precisely the same. Given the absence of actuarial data, what can a poor security architect do?
part 1
Length: Minimum of 400 words
Total points: 10 points
Students will be required to create 1 new thread, and provide substantive comments on at least 3 threads created by other students. Make sure to explain and backup your responses with facts and examples. This assignment should be in APA format and have to include at least two references.
PART 2
Length: Minimum of 600 words
Briefly respond to all the following questions. Make sure to explain and backup your responses with facts and examples. This assignment should be in APA format and have to include at least two references.
Faced with the need to deliver risk ratings for your organization, you will have to substitute the organization’s risk preferences for your own. For, indeed, it is the organization’s risk tolerance that the assessment is trying to achieve, not each assessor’s personal risk preferences.
1. 1. What is the risk posture for each particular system as it contributes to the overall risk posture of the organization?
2. 2. How does each attack surface – its protections if any, in the presence (or absence) of active threat agents and their capabilities, methods, and goals through each situation—add up to a system’s particular risk posture?
3. 3. In addition, how do all the systems’ risks sum up to an organization’s computer security risk posture?
1) A multivariate relapse model gauges more than one result dependent on a lot of indicators. This model endeavors to decide a recipe that portrays how components in a lot of factors react at the same time to changes in others. The primary trademark that recognizes multivariate relapse from various relapse is the utilization of numerous results.
This method analyzes the connection between a few clear cut autonomous factors and at least two metric ward factors. Though examination of fluctuation (ANOVA) evaluates the contrasts between gatherings, MANOVA looks at the reliance connection between a lot of ward gauges over a lot of gatherings. Normally this investigation is utilized in exploratory structure, and typically a speculated connection between subordinate measures is utilized. This procedure is somewhat extraordinary in that the free factors are straight out and the needy variable is metric. Test size is an issue, with 15-20 perceptions required per situation. Be that as it may, an excessive number of perceptions per situation and the system loses its functional hugeness. situation sizes ought to be generally equivalent, with the biggest situation having under 1.5 occasions the perceptions of the littlest situation. That is on the grounds that, right now, of the reliant factors is significant. The model fit is controlled by inspecting mean vector counterparts across gatherings. In the event that there is a huge distinction in the methods, the invalid theory can be dismissed and treatment contrasts can be resolved.
Multidimensional Analysis
The reason for MDS is to change buyer decisions of similitude into separations spoke to in multidimensional space. This is a decompositional methodology that utilizations perceptual mapping to show the measurements. As an exploratory system, it is helpful in looking at unrecognized measurements about items and in revealing similar assessments of items when the reason for correlation is obscure. Commonly there must be in any event four fold the number of articles being assessed as measurements. It is conceivable to assess the items with nonmetric inclination rankings or metric similitudes (matched examination) evaluations. Kruskal’s Stress measure is a “disagreeableness of fit” measure, a pressure level of 0 demonstrates an ideal fit, and over 20% is a poor fit. The measurements can be deciphered either abstractly by letting the respondents distinguish the measurements or impartially by the analyst.
A Security Architect needs to deliver the accompanying worries to make security successful
Absence of an all-encompassing enterprise security architecture framework
A need to change the security association
Enterprise-wide administrative and inward compliance
A requirement for business-result centered and risk-driven security reference architectures
Data protection worries corresponding to developing patterns and innovations, for example, cloud, BYOD and versatility security
It is imperative to adjust keeping up security or overseeing risks with convenience, and you need to offset all that with the craving of the business. You need to comprehend what the business needs and what you have to do so as to accomplish it.
Once in a while people in security dont see how users will carry on. Lamentably, a ton of things that might be security thoughts at the conceptual level reason genuine issues, on the off chance that you look about how they really play out.
2) Information security risk rating with incomplete data or inaccurate data is very difficult for the security architect. In that case the security architect should go with gut feeling and mental arithmetic calculation for analyzing and making some predictions with data. In terms of multivariant and multidimensions events like insurance risk calculations, where there are some standard formulas to calculate the information security risks.
For computing the risk using these standard equation needs information but, most of data are not accessible in measurable quantities for the statistical analysis when comparable to the actual data used by the organizations to calculate the information security risks. Data places a major role in analyzing and making decisions. If that data is incorrect or not accurate then the analysis predictions will not be accurate when it comes to reality. Organizations can’t not simply go on predictions; they will rely on the security architect to put their maximum efforts to calculate the information security risks. It is very difficult for the security architect for make predictions with incorrect and inaccurate data.
If the security architect is very experienced, then he did some calculations which are fairly and rapidly. Experience architect will have lot of knowledge on what basis they can start the analysis, they might have seen many systems. Providing risk analysis for more than hundreds of systems make them very sustainable positions to delivery the analysis. The architect needs to understand the risk posture of the organization. Risk posture is nothing but a plan to protect organizations sensitive data from any internal or external threats. The security architect also needs to aware of the capabilities and functionality of the systems and infrastructure of the organization which helps the assessor to measure the risk of attack vector or any vulnerability.
The security architect can also consider old years data and apply some famous mathematical formulas for some nearly by predictions. Indeed, the data analysis may not be accurate but still it can come little closer to the reality.
Security architect needs to be ready and confident in measuring the information security risk, even if data is incorrect or correct. The accessor should be capable of using his or her experience in making some predictions with gut feeling and using mathematical arithmetic. There are many risk analysis methods available in current market, the architect needs to be capable of making choosing the right approach for making predictions even with incorrect data.
3) Important to note, when it comes to multivariate, events that are multidimensional, for instance, calculations of insurance risks, it is very challenging for security agents to undertake security risk calculations, when there is no accurate statistical data. According to Schoenfield (2015), proper data is needed by human agents to identify security risks, as well as calculate their impacts in the information system at any given time. In a scenario where the statistical data is absent, a poor architect has a single option of utilizing mental arithmetic as well as gut feelings for purposes of making the right predictions for the target audience (Schoenfield,2015). Notably, the poor architect can deploy the concept of casino mathematic to handle the risk calculation process, even where there is no adequately articulated statistical data available. Casino math tends to be a mathematic branch, which is usually applied in probability calculation in cases where appropriate statistical data is absent. The application of the casino mathematics concept can help the poor architects to determine risk probability, associated with a different aspect of an organization’s information system posed by different human threat agents.
Furthermore, the poor architect has the freedom of using historical market data to come up with predictions, regarding risk probability. However, with the emergence of Deep learning and artificial learning technologies, an architect can apply computers when it comes to making accurate predictions about risk probability. The predictions can be made using training models that apply both unsupervised and supervised learning (Schoenfield, 2015). Importantly, calculations associated with risk are a vital medium for predictions of what would happen in the future. The calculations would be useful in saving the architects from undertaking unnecessary mathematics, which in some cases end up being redundant. For purposes of ensuring that a client system is not harmed by what is known as the risk treatment process, it is essential to offer them certain incentives as well as premiums. The goal is to protect the clients from total losses in a situation where they are exposed to certain risks that are difficult to control or prevent from causing huge losses. The incentives, as well as the premiums, should be provided to the clients based on the levels of risks associated with their information systems or other operations. The objective is to make the risk analysis process less disruptive on the overall organization’s operations, as this would be harmful to the welfare of the client in the long-run.
Can you respond to these three? 100 words min
Solution preview for the order on what is the risk posture for each particular system as it contributes to the overall risk posture of the organization
APA
1727 words