Such reports are either quantitative or qualitative ("What is Risk analysis").
Risk management - includes policies, procedures, and practices needed to identify, analyze, assess, control, and avoid, minimize, or eliminate of intolerable risks. An organization may use risk retention, risk assumption, risk avoidance, risk transfer, or any other strategy to efficiently manage events that might occur in the future ("Risk Management").
Summary
The correlation between software development, risk analysis, risk management and human behavior is a complex association. This multidimensional approach to addressing the issue of IT security requires the explanation of several complicated concepts. This chapter has established what the following research endeavors to uncover. Now that the premise of the research has been established let us review some of the literature devoted to the aforementioned topics.
Chapter II Literature Review
Introduction
Software Engineering, Risk analysis and management, and security threats are all issues that effect organizations. The purpose of this literature review is to explore these issues in greater detail. The literature review will provide some insight into the factors that effect IT security. Let us begin by discussion Practical Software engineering.
Practical Software Engineering
Petkovic, Thompson & Todtenhoefer (2006) explain that changes associated with the globalization of software development necessitate newer ways of teaching software engineering. SE is defined as "The application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software (Petkovic, Thompson & Todtenhoefer, 2006, 294) ." In addition according to a report entitled "Software Engineering 2004: Curriculum Guidelines for Undergraduate Degree Programs in Software Engineering," Software Engineering education should merge computer science elements with engineering, coordination, teamwork, communication and project management matters (Petkovic, Thompson & Todtenhoefer, 2006, 294; "Software Engineering…," 2004).
Additionally standards associated with the delivery of curriculum claim that there is a need for practical project and team-oriented exercises to be incorporated into a significant capstone project. The author insists further that many studies have found that the majority of failures associated with delivering Software "to specs, on time and budget, and to a user "satisfaction" were in misunderstanding user needs, poor design, planning and organization (Petkovic, Thompson & Todtenhoefer, 2006, 294)."
In addition to having the proper capabilities for businesses, software must also be engineered in a manner that ensure the security of the computer system/network on which it operates. In this way software engineering must be viewed in quite broad terms. Moreover the training of software engineers must reflect the needs and security concerns that organizations face within the context of globalization and the widespread use of information technology. Now that practical software engineering has been discussed let us focus the issue of people and security.
People and Security
Attacks on Computer Systems
The increase in the use of computer systems and networks in recent years, has resulted in an increase in attacks. These attacks are both internal and external. According to the National Institute of Standards and technology organizations of all sizes are vulnerable to security threats ("Small business Corner"). The institute even notes that the threat to small and medium sized businesses can be particularly problematic as they are the foundation of the nation's economy. The NIST reports that
"In the special arena of information security, vulnerable SMBs also run the risk of being compromised for use in crimes against governmental or large industrial systems upon which everyone relies. SMBs frequently cannot justify an extensive
security program or a full-time expert. Nonetheless, they confront serious security challenges and must address security requirements based on identified needs
("Small business Corner")."
Indeed no organizations are immune to attack, in fact even the organizations that are responsible for investigating computer crimes have experienced computer attacks. Currently, the FBI and the U.S. Marshalls are dealing with a computer virus that has attacked the organizations' system. According to Barrett (2009) "Law enforcement computers were struck by a mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution (Barrett, 2009)." The article explains that only the external networks of these organizations have been effected by this virus. These external networks do not contain sensitive data and the internal networks are still running smoothly. Although this security issue is still a serious problem, it is not as harmful as...
Even thenm once in a while the heads of the more powerful families would meet to work out differences (Meltzer, 1990, pp. 40-41). Still, striking at the mob could not be effected easily by the use of normal investigative methods alone. Indeed, the failure of the FBI to use even those methods in a concerted manner is noted by Kessler (2002), who reports that Hoover usually claimed that the FBI
For the patient, there are equally negative consequences, such as medical identity theft, financial loss and potential damage to their health. Medical identity theft can result in erroneous entries to the patient's health care records, which can affect the patient's medical and financial records for a long time (Federal Trade Commission, 2003 & 2007). In each medical facility, there is a need for trained professionals who can properly process
Zalmai Azmi, the FBI's chief information officer for the last year realized the need for change, even if it would garner political heat, and decided to implement changes to the organization known as the FBI. The change was related to the growing innovation behind technology and the September 11th attacks. The FBI's technological upgrade has been seen by some as lacking efficacy and reliability. Software dilemmas appear to be piling
DRNC Scenario Overview of Subject Matter: Biological warfare has got to do with the utilization of a wide range of microorganisms such as fungi, viruses, or bacteria to harm a human target (or in rare cases, to harm plants and animals). Essentially, "biothreat agents have the potential to produce a life-threatening illness" (The U.S. Department of Homeland Security, 2012). Situation: a Democratic-Republican National Convention (DNRC) event has been convened in Miami, Florida. Threat:
The FBI, Counterproliferation, and Weapons of Mass Destruction The United States government significantly increased activities in programs involved in the protection of the nation and the world against weapons of mass destruction (WMD) in 2009 and 2010. The Obama Administration, in December 2009, gave a presidential policy directive aimed at countering biological threats with a focus on infectious illnesses whether such threats were manmade or natural. It was the second such
Domestic Intelligence Agency The Necessity of Establishing a New Domestic Intelligence Agency In response to a call for a new Domestic Intelligence Agency, the FBI National Press Office released a statement in 2006 that indicated the strides the Bureau had made in "becoming" an "intelligence-driven organization" since 9/11. The letter's intent was to show the illogicality of those wishing to "tear apart the Bureau" in order to "start a new agency." As Assistant
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now