Risk Management and Problem Management of a Compromised Unix Operating System

4090 Words Jun 1st, 2014 17 Pages
Running head: RISK MANAGEMENT AND PROBLEM MANAGEMENT RELATION

The effectiveness of the relationship between risk management and

problem management of a compromised UNIX operating system

CSMN 655

Computer Security, Software Assurance, Hardware Assurance, and Security Management

Abstract

Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. The entire risk management process balances the operational and economic costs of protective measures and contributes to mission capability by protecting the
…show more content…
8 Operating system vulnerability findings. 9 Summary of Findings 9 Relationships among networking and OS vulnerabilities. 9 Four-step methodology. 10
Summary and Conclusion 10
References………………………………………………………………………………………..12
Table 1……………………………………………………………………………………… ...…13
Table 2………………………………………………………………………………………… ...13

Risk Management Overview

Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. Risk is the potential for realizing adverse program consequences due to future events or undesirable conditions. Feringa, Goguen, & Stoneburner (2002, p. 4) state that “risk management encompasses three processes: risk assessment, risk mitigation, and evaluation and assessment.” Within these three categories, risk assessment is the act of identifying and evaluating risks and their impacts, and measures needed to reduce those risks. Risk mitigation is the process that involves prioritizing, implementing, and maintaining those appropriate risk-reducing measures that were identified by the assessment process. Lastly, a continual evaluation process must be implemented for the lifespan of the system. After all measures are in place, the system authorizing official determines whether or not the remaining risk is at an acceptable level.

Related Documents