Requires reading Chapters 16 & 17. Please include page numbers in every in-text

Requires reading Chapters 16 & 17.
Please include page numbers in every in-text citation.
Please reply to the following:
In risk analysis, it is clear that certain countermeasures are needed to protect the asset. The countermeasure needs to cater specifically because each asset and organization is different. Before countermeasures are set, one must know the vulnerability of the asset and what the threat actor is. “For each countermeasure related to each vulnerability, estimate its ability to deter, detect, assess, delay, and assist in a response or to gather evidence. Estimate each from 0 to 1, with 1 being complete effectiveness and 0 being none. This process identifies the effectiveness of each countermeasure for its purpose” (Norman, 2016). In countermeasure selection, the organization should create countermeasures that design an environment that encourages appropriate behavior and discourages inappropriate, criminal, or terroristic behavior. The countermeasure should be able to detect, assess, and respond to exceptions. There should be plans to design the program to mitigate any potential harm from hazards and threats. In general, this will make sure that threat actors are not posing any threats to the organization.
“Deploying an appropriate collection of information security countermeasures in an organization should result in high-level blocking power against existing threats” (Norman, 20177). This is why it is necessary to best practice countermeasure selection. Any organization is likely to be a threat of risk. Though the probability of an organization might not be very high, it is still very important that security managements are prepared to handle unexpected threats. Taking the time to proactively identify, qualify, and quantify risks is a discipline that every project manager should pull out from their skills toolbox to stave off negative impacts to project scope, cost, time, or quality (Kestel, 2007). A company’s loss can very well affect a large mass. However; with proper assessment, the company will not have to face any consequences.
PLease reply to the following:
The best practices recommended by Norman in chapter 16 are to implement Baseline security program and special countermeasures to address special vulnerabilities. The baseline security program covers pretty much the organization’s daily operations and enables the detection of unwelcome exceptions so that they can be dealt with however Norman indicated this program isn’t built to handle extreme circumstances like terrorist attacks (Norman, 2016). According to Norman (2016), indicate BSP include three elements such as: 1) design an environment that encourages appropriate behavior and discourages inappropriate, criminal, or terroristic behavior; 2) detect, assess, and respond to exceptions; 3) design the program to mitigate any potential harm from hazards and threats. Moreover, chapter 17 discuses questions to follow and answer to measure countermeasure effectiveness such as: 1) effective against what?; 2) against what threat?; 3) versus what purpose?; 4) using what formula? (Norman, 2016). In addition, Chapter 17, indicate four dimensions of comparison for countermeasures include: 1) how many functions does the countermeasure fulfull? ; how well does the countermeasure perform each function?; what threat actions is this countermeasure useful against?; how much does the countermeasure cost? (Norman, 2017). That is to say, these questions are good practices to answer when comparing countermeasures. An essential concept indicated in the chapters is that analysts should understand the principles of security such as describing the physical and excluding identifying persons carrying weapons or explosives (Norman, 2017). Furthermore, chapter 17 indicate it’s vital to understand how facilities are attacked in order to protect facilities. According to Yang et al. (2016), indicate to estimate the safety benefits of various countermeasure, and computing the number of crashes reduced as a result of the safety implementation project, then the projected crash frequency is turned into monetary gain for reducing collisions each year. I think it is necessary to follow these practices mentioned by the author because it will help consultants know in order to use the devices correctly so that they cannot be easily exploited, make the best decisions and assist security program managers to make a clear case for security program budget (Norman, 2016).

The post Requires reading Chapters 16 & 17.
Please include page numbers in every in-text appeared first on Skilled Papers.

GET THIS ANSWER FROM EXPERTS NOW