Chat with us, powered by LiveChat Prepare a 8-10 page double-spaced (not including title or referen | Wridemy

Prepare a 8-10 page double-spaced (not including title or referen

This assignment will be submitted to Turnitin™.

Instructions

Prepare a 8-10 page double-spaced (not including title or reference pages) research paper based on any topic in the text or something covered in this class. Please note the Presentation is from week 7 should be a comprehensive detailed overview of this paper

Paper organization will include:

Introduction

Clearly define the problem, issue, or desired topic that was researched.

Starts out broad and becomes more and more specific.

Body

Present the relevant literature and ideas.

Identify relations, contradictions, gaps, and inconsistencies in the literature.

Possible solutions to any problem(s) identified.

Conclusion

References (at least ten).

Instructions:

An in-depth submission that is free of spelling and grammar errors in APA format.

Double-spaced format (APA) with a readable style and font and submitted inside the electronic classroom (unless classroom access is not possible and other arrangements have been approved by the professor).

12-point font, Times New Roman styles.

Page margins Top, Bottom, Left Side and Right Side = 1 inch, with reasonable accommodation being made for special situations and online submission variances

Important: Good academic writing requires writers to cite the sources of all facts in text. If you state that the sky is blue then  you must cite who said it. A good rule of thumb is one citation per paragraph; paragraphs 3-5 sentences (This is how to avoid unintentional plagiarism).  Papers are always written in third person past tense as you are writing about events in the past from the point of view of an observer.  The student or writer proposed; One must observe; The leaders at APUS choose the following systems….for the following reasons:

Notes:

This project is setup so that each week the concepts presented can be directly applied and added to the project. 

The weekly assignments will help reinforce and provide ideas/considerations lending guidance to the project.

Risk Theories

1

Information Security and Risk Management Theories

William Butler

University

Risk Theories

2

Information Security and Risk Management Theory

Leaders use risk management framework to describe an organizations risk management

process (Jones, 2007). There are risk management models from which organizational leaders

can choose to base their risk management framework upon. All of the risk management models

are based on one of several risk management theories. Bojanc (2008) presented a risk

management model based on game theory. Fehle (2005) presented a risk management model

based and dynamic risk management theory. Li (2007) presented a risk management model

based on real option theory.

Bojanc (2008) stated that security solutions are complex (hardware, software, service) to

cost and traditional costing methods such as (average rate of return (ARR), payback period

(PBP), net present value (NPV), internal rate of return (IRR)) individually are not adequate. The

risk management models provide organizational leadership with a framework to evaluate

investment options and support decisions. Organizations have limited budgets and resources to

invest in controls and protective measures and leaders must make informed decisions. Each of

the risk management theories presented by (Bojanc, 2008; Fehle, 2005; Li, 2007) pose a unique

set of costs and benefits to the organizational leadership applying them.

Risk Management Theories

Several information risk theories are game theory (Bojanc, 2008) and (Cox, 2009),

dynamic risk management theory (Fehle, 2005) and real option theory (Li, 2007). The risk

theories are the basis of major risk management models presented by (Bojanc, 2008; Fehle,

2005; Li, 2007). Each risk theory offers organizational leadership a different framework to

quantify the investment in controls and to evaluate options or alternatives.

Game Theory

Risk Theories

3

The Bojanc (2008) risk management model concluded with the identification of controls

to mitigate identified risk and a framework to quantity investment in controls for leadership

investment decisions. Bojanc identified an alternative method which analyzed the optimal

information security investment based on game theory. Game theory is based on the interaction

between hackers and organizational defenders. Game theory can be applied by researchers to

explain situations of intrusions where the hacker has a motive to attack and cause damage to a

particular organization.

Cox (2009) stated that risk analysis and game theory are complementary. Researchers

use game theory to model the interaction between attackers responding to the actions of

defenders (Cox, 2009). The results of such interaction s produce recommendations for the

allocation of risk management resources (controls) (Cox, 2009). Cox concluded that the results

of game theory analysis are more sensible than those of other risk management methodologies

based on competing theories.

Cox (2009) stated that the application of game theory is useful to leader-follower and

attacker-defender scenarios. For example, in the attacker-defender scenario the attacker reacts to

a move by the defender and each receives an outcome based on the resource allocation of the

defender. Possible game theory outcomes in the attacker-defender scenario are killed, injured or

combat ineffective (Cox, 2009). The attacker-defender games can be kept simple by allowing

the defender to move first then the attacker reacts to the defenders move (Cox, 2009). The

results of these moves are evaluated by researchers for defender resource allocation (controls)

and effectiveness against the attacker.

Game theory offered the defender the option to evaluate the results derived from different

attacker-defender game scenarios and defense strategies (Cox, 2009). The attackers and

Risk Theories

4

defenders can make their moves in sequence or simultaneously prior to evaluating the results.

Cox (2009) identified the possible move results in a loss matrix (rows and columns representing

outcomes). The loss matrix, based on the moves of the attacker and defender, will yield a

financial loss incurred by the defender (Cox, 2009). Game theory can be used to improve upon

the standard use of the threat (T), vulnerability (V) and consequence (C) probability of

occurrence threat model calculation commonly used in the UnitedStates (Cox, 2009).

Cox (2009) identified two objectives of game theory as developing predictive models and

optimizing defender decisions. The development of predictive models is useful discover the

causal relationship between attacker-defender choices (risk analysis). The second objective deals

with optimizing the decision making of defenders by anticipating the best moves of the attacker

(game theory). The objectives identified by the (Bojanc & Cox, 2009) provide defenders the

means to make more effective allocation of controls. The learner believes that more scholarly

research is desired in the application of game theory to risk management to increase the body of

knowledge.

Dynamic risk management theory

Fehle (2005) discussed a risk management model based on a dynamic theory versus

industry standard static based theory. The Fehle risk management model allowed companies to

adjust their strategy to changes in the risk environment or the firm’s cash on hand. Fehle

identified the inability of risk management models based on static modeling to adjust to changes

in the risk environment or contracts.

Dynamic risk management theory allowed organizations to leverage risk management

contracts along a continuous time line (life of the contract) versus in a moment in time (contract

initiation or at predetermined set-points) (Fehle, 2005). Models based on dynamic risk

Risk Theories

5

management theory allow an organization to evaluate its risk management investment at anytime

along the contract timeline. Fehle (2005) stated that the flexibility allowed the organization to

increase, decrease or terminate the investment. The ability to conduct dynamic evaluations will

yield savings for the organization and make more effective use of the organizations budget.

Some applications of dynamic risk management theory are evaluating the effects of

factors such as agency debt and other issues which could affect the leadership decision to

terminate or continue a contract (Fehle, 2005). Organizations can dynamically apply current

competitive information to the model to make the (continue versus terminate) contract decision

(Fehle, 2005). Fehle (2005) stated that the model explored the evaluation of investment options,

contract early termination fees and buyout options. The model allowed for the evaluation of

associated transaction costs of contract initiation and termination (Fehle, 2005). Fehle did not

specifically comment on the existing body of knowledge associated with the dynamic theory, the

learner believes that more research is desired to add to the body of knowledge.

Real option theory

Li (2007) identified a risk management model which assisted decision makers in

quantifying the economic value of controls. Li proposed a risk management framework based on

the real option theory. Real option theory presented a framework for making security investment

decisions (Junkui, 2003; Li, 2007). Li presented a step-wise process to make investment

decisions: study the scenarios, determine alternatives, develop the Binomial Options Pricing

Model (BOPM), determine the best alternative and implement the solution. Li contends that the

real option theory method will result in the selection of more cost-effective solutions by decision

makers.

Risk Theories

6

Li (2008) defined the real option theory approach as a flexible framework for calculating

the value of security controls under uncertain conditions. The real option model allowed

practitioners to respond to environmental uncertainty and adjust their strategy to maximize the

likelihood of desirable outcomes (Li, 2008). The basis of the real option theory is the

practitioner can select or invest in a real option (non-financial asset) at an economic price

(Junkui, 2003) and (Li, 2007). The real option theory is a more flexible capital investment

evaluation framework as compared to methods such as (ARR, PBP, NPV and IRR) (Li, 2008).

Li (2008) stated that the real option solution valuing model valued options over time

versus valuing options in a moment in time such as after a security incident. Li (2008) stated

that the real option theory is not only useful for asset valuation but is useful in determining the

most value adding option. Li (2008) presented the five step process to make investment

decisions: study the scenarios, determine alternatives, develop the Binomial Options Pricing

Model (BOPM), determine the best alternative and implement the solution. The possible options

are postpone, abandon, scope up or down, outsource, switch, stage and growth (Li, 2008).

(Li, 2008) indicated the application of real game theory in areas such eXtreme

programming; commercial off the shelf technology (COTS) based development and project

investment analysis. Junkui (2003) proposed combining real options theory combined with

decision tree analysis for leaders to make sounder project decisions. The real options theory

evaluated cash flows and the dynamic decision tree maps the options presented to decision

makers (Junkui, 2003). Li suggested the existence of pure research but also indicated the need

for more case studies in real game theory. Based on the availability of peer reviewed research

the learner believes that more scholarly research is warranted.

Conclusion

Risk Theories

7

Bojanc (2008) presented a risk management model based on game theory. (Fehle, 2005)

presented a risk management model based and dynamic risk management theory. Li (2008)

presented a risk management model based on real option theory. Junkui (2003) combined real

option theory with decision tree analysis. The role of each risk theory was discussed in terms of

how leaders could evaluate investments and decide between competing options. The real option

theory provided leaders with a five step framework to economically evaluate investments real-

time and determine the alternative with the most value add (Li, 2007).

Fehle (2005) presented dynamic risk management theory which allowed organizational

leadership to leverage risk management contracts along a continuous time line (life of the

contract) versus in a moment in time (contract initiation or at predetermined set-points). Bojanc

(2008) and Cox (2009) identified two objectives of game theory as developing predictive models

and optimizing defender decisions. The three theories assist leadership with making basic

investment decisions based on control valuation (dollars) and the selection of the best option.

Gaming theory pits attacker against defender, dynamic theory allows one to evaluate contracts

and options real time and real option theory allows leaders to evaluate the options real time.

The static versus non-static model is critical when discussing the risk posed to the

organization through time. Risk posed to the organization at contract award may not remains

constant throughout the life of the contract. The application of dynamic theory is complex and

required the constant gathering of real time data (Fehle, 2005). Fehle (2005) did recognize the

strengths of static based theory in supporting the selection of options based on available

information. Organizational leadership must carefully evaluate and select the risk management

theory that is right for their risk environment.

Risk Theories

8

References

Bojanc, R., & Jerman-Blažic, B. (2008). An economic modeling approach to information security risk management. International Journal of Information Management, 28 (5) 413- 422.

Cox Jr., L. (2009). Game Theory and Risk Analysis. Risk Analysis: An International Journal,

29(8), 1062-1068. doi:10.1111/j.1539-6924.2009.01247.x Fehle, F., & Tsyplakov, S. (2005). Dynamic risk management: Theory and evidence. Journal of

Financial Economics, 78 (1) 3-47. Jones, A. (2007). A framework for the management of information security risks. BT Technology

Journal, 25 (1) 30-36. Junkui Yao, F. J., & Jaafari, A. (2003). Combining real options and decision tree: An integrative

approach for project investment decisions and risk management. Journal of Structured & Project Finance, 9(3), 53-70. Retrieved from EBSCOhost.

Li, J., & Su, X. (2007). Making cost effective security decision with real option thinking.

Retrieved from http://www.idi.ntnu.no/grupper/su/publ/li/icsea07-jingyue.pdf

,

Points

Comments

1. Research solutions and detail the appropriate Microsoft Windows access controls including policies, standards and procedures that define who users are, what they can do, which resources they can access, and what operations they can perform on a system.

10

10

2. Research and detail the cryptography methods to protect organizational information using techniques that ensure its integrity, confidentiality, authenticity and non-repudiation, and the recovery of encrypted information in its original form.

10

10

3. Research and devise a plan to thwart malicious code and activity by implementing countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses and other related forms of intentionally created deviant code.

10

10

4. Research and formulate a plan to implement monitoring and analysis by determining system implementation and access as well as an incident response plan for security breaches or events.

10

10

5. Research and detail security guidelines for contains the two proxy servers and Internet access control for the organization

10

10

6. Research and define best practices for the security of NextGard’s organization.

10

10

7. 8 Pages

10

10

8 pages

8. References

5 in text

5 page

10

10

9. Drawing

10

10

Yes

10. APA Styling

10

10

TOTAL POINTS 100

88

Great Job

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Wridemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Related Tags

Academic APA Writing College Course Discussion Management English Finance General Graduate History Information Justify Literature MLA