ITS360 Introduction to Cyber Security and Digital Crime

Option 1: Understanding Risk Assessment Methodology

ITS360 Introduction to Cyber Security and Digital Crime

Option 1: Understanding Risk Assessment Methodology


Consider the risk to "integrity of customer and financial data files on system" from "corruption of these files due to import of a worm/virus onto a system," as discussed in Problem 14.2 in your textbook. From the list shown in Table 15.3 in your textbook, select some suitable specific controls that could reduce this risk. Indicate which you believe would be most cost effective (CSU-Global Assignment material – Module 5 Critical Thinking Assignment, 2018).

Security Risk Assessment Controls

  1. The security risk assessment is a priority for all organizations from small all the way up to multinational.
  2. One of the main aspects of the organizational security policy is security risk assessment.
  3. The possibility of vulnerabilities and threats within an organization must be determined before applying and installing protective shields to the organization.
  4. These processes will reduce the frequency of threats including making the security policy more successful.

Incident Response Team Controls

  1. The most important team within an organization is the incident response team.
  2. The issues regarding computers, security, and other forms of security incidents will be supervised by an outstanding team called the Computer Security Incident Team.
  3. According to the organizations security policy the incident must be announced to this Computer Security Incident Team who supplies an adequate repair.
  4. Then the incident response team reduces the loss for the organization by reconstructing the computer network as soon as is possible.
  5. The incident response team will conduct the following measures when an email worm is discovered in the organization’s network.

Measures Conducted to Prevent the Spread of Email Worms

  1. These email worms are detected in the computer network system.
  2. The email worm infects and spreads quickly throughout the entire computer network.
  3. As soon as this infection is discovered, the computer network must immediately be disconnected from the Internet service.
  4. The devastation of this incident within the operations of this organization can be greatly reduced if the email worm is blocked
  5. This blocking measure will prevent the infection from continuing its devastation before it has a chance of spreading out into the World Wide Web.



Existing Controls



Level of Risk

Risk Priority

Customer/Financial data files onto a system

Corruption of files from worm/virus onto a system

Antivirus software and user password

Possible to almost certain




Considering the likelihood that the security patches and updates are not recently up to date there is a strong possibility of a worm or virus infection. This could cause major corruption


to their customer and financial data files. The level of risk is extreme because the existing controls will now have to be changed to prevent further corruption and loss of data from the data files. The risk priority would be a one due to the severity of file corruption (Stallings, W., & Brown, L., 2015).

Most Cost-Effective Security Control Measures

The following measures are the most cost effective to protect the assets against threats:

  1. Repetitive system updates and frequent computer system maintenance with new security patches.
  2. Protecting the computer network by identifying all threats including malware and malicious code by blocking them.


This paper has provided some suitable specific controls taken from the table 15.3 of the Stallings textbook which will help to reduce the risk and damage that could take place within the computer network of an organization from an email worm or virus. Included are measures to reduce and if possible block the spread of the worm/virus not only inside the organizational network but also block its spread out into the WWW internet.



CSU-Global Campus. (2018).  Option #1: Understanding Risk Assessment Methodology

            Retrieved from CSU-Global Campus, Module 5 Critical Thinking Assignment, ITS360 -  

            Introduction to Cybersecurity & Digital Crime website.

Stallings, W., & Brown, L. (2018).  Computer security: Principles and Practice.  Upper Saddle

            River, NJ: Pearson Education, Inc.