Faced with the need to deliver risk ratings for your organization, you will have to substitute the organization’s risk preferences for your own. For, indeed, it is the organization’s risk tolerance that the assessment is trying to achieve, not each assessor’s personal risk preferences.
What is the risk posture for each particular system as it contributes to the overall risk posture of the organization?
How does each attack surface – its protections if any, in the presence (or absence) of active threat agents and their capabilities, methods, and goals through each situation—add up to a system’s particular risk posture?
In addition, how do all the systems’ risks sum up to an organization’s computer security risk posture?
System Architecture And Design
Full Answer Section
The overall risk posture of an organization is determined by the risk postures of all of its systems. Systems with high risk postures can contribute to the overall risk posture of the organization, even if they are not the most important systems. Attack surface is the sum of all potential ways that a system can be attacked. It includes vulnerabilities in the system's software, hardware, and network infrastructure. It also includes the ways that the system can be accessed by unauthorized users. The attack surface of a system can be reduced by implementing security controls, such as firewalls, intrusion detection systems, and access control lists. However, it is impossible to eliminate the attack surface completely. The risk posture of a system is determined by the following factors:- The value of the assets protected by the system
- The vulnerabilities of the system
- The capabilities of the threats
- The security controls in place to protect the system
- A system that is connected to the internet has a larger attack surface than a system that is not connected to the internet. This is because the system is exposed to a wider range of threats.
- A system with outdated software has a larger attack surface than a system with up-to-date software. This is because outdated software may contain vulnerabilities that can be exploited by attackers.
- A system with weak passwords has a larger attack surface than a system with strong passwords. This is because weak passwords can be easily guessed by attackers.
Sample Answer
Risk posture is a measure of the likelihood and impact of a threat to an organization's assets. It is determined by a number of factors, including the value of the assets, the vulnerabilities of the assets, and the capabilities of the threats.
The risk posture of each system in an organization will vary depending on the system's importance, its vulnerabilities, and the threats it faces. For example, a system that contains sensitive data will have a higher risk posture than a system that does not contain sensitive data. A system that is connected to the internet will have a higher risk posture than a system that is not connected to the internet.