Respond to the following discussions from classmates (X2) with approximately 100 words or more each. Include a reference to each response. Be thoughtful and insightful and it must demonstrate critical thinking and analysis.
1.Thanks for your post and feedback, good note in that: When assessing risk using the qualitative method, one of the challenges that arise is defining the rating scale.
For example, a scale can be created in the interval of most likely for the events which occur all the time, likely for events which are in high rate, occasional for irregular events and unlikely for events which rarely occur.
This intervals gives room for inaccuracy and error because it might be difficult to differentiate the events in a consistent manner. There is no objective method to classify the relentlessness of events which have uncertain magnitudes. Also the differentiation of the events depends on individual judgement hence may be subjected to misjudgment
Further, in risk assessment a quantitative approach determines the associated costs of risks or threats and ways to mitigate those costs to your organization if the calculated event occurs.
Another consideration is the cost of preventing risks identified. With a quantitative approach it is relatively easy to track analysis which facilitates justification of the subsequent decisions. In contrast its results can produce greater error margins, and it is not easy to attach monetary values to historical items like reputations. In this method historical information is paramount to accuracy. Your thoughts?
2.Thanks for your post, good note in that: By using SVA an organization can identify the threats and develop possible ways of securing the systems and prevent them from occurring.
Another situation is in the case of software vendors in the software companies. They develop software and they have to use SVA to identify any potential threats because the software is subject to human errors, or even they can be hacked or accessed by unauthorized persons. Therefore, SVA will be useful in identifying any threats which might arise in the software development and also ensure that they are secure.
Also, consider that An SVA or a Security Vulnerability Assessment is more so for the reason of assessing holes in the current setup which is implemented or will be. For instance, computer networks can have vulnerabilities which hack can exploit.
A buildings security can have vulnerabilities allowing for break ins or work place violence, i.e. active shooter, etc. Another circumstance is looking at a building and how it can withstand a hurricane given what it already has windows, doors, or glass, and the like. So, basically how vulnerable is the building? Thoughts?