Risk Handling techniques: Â Avoid, sharing/transferring, Mitigating, and Accepting
Part 1: Â Reasonableness and Risk.
Assume you have are the only person in your family that is earning money. Â You and your spouse have decided that your spouse will stay at home and teach your three kids (7, 9, and 12 years old). Â Your commute is 30 miles each way in Northern Virginia. Â You own an average car that is four years
old and you still owe over $10k.
Answer the following question(s):
1. Â Â Â Â Identify and discuss three threats to the current situation.
2. Â Â Â Â Â You just received notice from your insurance company that your premiums are going to triple for the next year if you have another accident in the next 12 months. Â Identify two risk-handling techniques to deal with this potential risk to your financial situation.
Part 2: Â Risk Handling – The mailbox decision.
You live in a small community. Â In the last week, several mailboxes were destroyed by an unknown threat. Â How are you going to handle the potential risk of your mailbox being destroyed in the future? Â Justify at least one potential strategy for each risk handling technique. Â Recommend the best strategy and why you chose that strategy.
U.S. Compliance Laws
: The first part of this lesson provides an overview of U.S. compliance laws that are relevant to IT security. Select one of the laws below and discuss its purpose, why is it important, and research a current event or news story relating to the law to share with the class.
Federal Information Security Modernization Act (FISMA)
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act (SOX)
Family Educational Rights and Privacy Act (FERPA)
Childrenâ€™s Internet Protection Act (CIPA)
Childrenâ€™s Online Privacy Protection Act (COPPA)
: Threats. In chapter 2, the textbook discusses the different categories of threats. Â NIST SP 800-30 Â (page D-2) lists several Threat Sources (
click here (Links to an external site.)
). Â Review these two and determine what you consider in your experience to be the greatest threat. Â Provide an example of this threat in action. Â This does not necessarily need to be a specific cybersecurity-related example. Â In January of 2022, we experienced one of these threats-You can’t use the snowstorm and related power outages as an example.
Part 1: Â Risk Management. Â ”
Risk Management is not Risk Elimination”. Â Â What does this mean? Â Do you agree or disagree with the statement? Â Defend your answer. Â Â Note: This is not a yes/no question.
The Risk Management Process
(See chapter 1 page 20)
This week will start by looking at Risk management allowing you to reflect on your current situation. Â Please do not share any information that you do not want to share about yourself.
In the coming weeks we will look at Risk Management Planning, Risk Assessment, Risk Mitigation, and the Business Continuity Plan.
This week look at your personal situation and come up with a short Risk Management plan:
Identify key assets in your life (3)
Identify threats (2)
Identify vulnerabilities (2)
Identify the likelihood of a threat exploiting a vulnerability (Simple low, moderate, high is fine).
Identify the impact of a threat exploiting a vulnerability (again low, moderate or high)
What risk handling strategy will you use (This should be one of avoid, shared, mitigated, or accepted)
What controls/countermeasures will you use to reduce the vulnerability or impact
How will you test these controls and their effectiveness?