Please read chapter 2. put page numbers in every in-text citation.
Norman, T.L. (2016). Risk Analysis and Security Countermeasure Selection, 2nd ed. CRC Press.
Please reaply to the following:
In risk analysis, it is very critical to understand the risk to prevent danger. Every organization is different which means that a potential loss of assets varies. However; the common goal is to protect the asset despite the risk. “The object of risk analysis is to understand the risks, threats, vulnerabilities, criticalities, and consequences well enough to develop or improve security countermeasures that can effectively deter, detect, assess, delay, respond to, and gather evidence of serious threat actions against the facility in question” (Norman, 2016). Any organization is likely to be a threat of risk. Though the probability of an organization might not be very high, it is still very important that security managements are prepared to handle unexpected threats. Taking the time to proactively identify, qualify, and quantify risks is a discipline that every project manager should pull out from their skills toolbox in order to stave off negative impacts to project scope, cost, time, or quality (Kestel, 2007). A company’s loss can very well affect a large mass. However; with proper assessment, the company will not have to face any consequences.
Please reply to the following:
There are a variety of risk assessment methodologies that make for good risk assessments however because of the varied methodologies facilities first seek creates a perplex situation for risk analysts to perform since different models set different formulas with variables that sum differently creating concerns of the effectiveness. Despite the fact tof different models, risk analysts, must present an effective security countermeasure that can effectively deter, detect, assess, delay, respond to, and gather evidence of serious threats actions against the facility in question (Norman, T.L. 2016). According to Norman, (2016), indicate different types of models are known to be effective to work in facilities such as: 1) Risk Assessment Methodology(RAM) focus on terrorist threats and little focus on internal economic threats, well suited for for facilities like nuclear storage facilities and nuclear power plants; 2) NIST 780 focus on the expertise and experience of the risk analyst for estimating the factors originally created for oil/gas/chemical facilities but works for government, industry, or commercial sectors, 3) ISO 31000 simplifies the formula including vulnerability with the probability caluclation expressing threat actors decisions based on the facility’s vulnerability in formula risk equals likelihood times consequences displaying the variables of risk. The steps in assessing risks are the following: 1) Determine the organization’s assets includes people, property, proprietary, and business reputations; 2) be able to recognize and describe threats to assets of the company; 3) ranking the criticalities of each of the listed assets to the organization’s mission; 4) describing what unwanted consequences could occur if a threat actor exploits a vulnerability in the critical assets of the organization’s mission; 5)explaining the vulnerabilities of the organization’s assets ;6) understanding the likihood of how threat actors view organization’s assets and which assets the threat actors would find most attractive to exploit; 7) expressing risk in the form of a calculation; 8)prioritizing the risks so that the most important risks can be mitigated first and the least important risks will be mitigated last; 9) making recommendations for risk-mitigation countermeasures (Norman, T.L. 2016). Furthermore, facilities are trying to develop risk assessments for the next generation in the biological data in the molecular, computational, and system biology level.. According to Cote et al., (2016), indicate the Environmental Protection Agency (EPA) prepared a science prototype development to elaborate in what way toxicogenomic studies of exposed human population can inform risk assessment and predict known outcomes includes, characterizing early key events in the biological cascade that results in adverse outcomes, identifying and characterizing biomarkers of exposure and effects, identifying factors contributing to population variability and susceptibility, and elucidating lower exposure-response relationship. As mismatch it may sound from previous risk assessments discussed it is not unlike.