The book is attached. Read Chapter 8.
Please include page number in every in-text citation.
Please reply to the following:
The vulnerability of an asset depends on how susceptible it is to damage or harm. A vulnerability assessment informs organizations on the weaknesses present in their environment and provides direction on how to reduce the risk those weaknesses cause. “A vulnerability is any condition that could be exploited by a threat actor to carry out an intrusion or escape or to easily destroy property or processes. Different threat actors have different goals and thus look for different kinds of vulnerabilities” (Norman, 2016, p.155). For instance, terrorism might be a harm to only certain assets/ locations. However; vulnerabilities relating to technology are more likely to affect many assets since we live in a technologically advanced world. The whole purpose of security management is to protect an asset or an organization. Without proper risk analysis, there is no guarantee of safety. For a successful organization, skillful analysis and prevention methods are a necessity. In a vulnerability assessment, it is vital that the analyzer identify the weakness in an asset that a threat actor can easily harm. This way, they would be able to create a risk management plan to prevent harm before it is done.
“The concept of vulnerability has been a powerful analytical tool for describing states of susceptibility to harm, powerlessness, and marginality of both physical and social systems, and for guiding the normative analysis of actions to enhance well-being through reduction of risk” (Adger, 2006). According to Norman’s process of vulnerability assessment; the evaluator must evaluate specific consequences and scenarios that could be used against the organization. The evaluator must also evaluate the security measure that needs to be taken if the asset is compromised and whether the security measure can effectively protect the asset.
Please reply to the following:
The importance of assessing vulnerability includes: 1)create situations, and assess the outcomes; 2) determine which scenarios could be most effective against the organization’s important nodes; 3)Examine the efficacy of current security measures;4)Determine the degree of susceptibility by identifying vulnerabilities. in order to lower the likelihood of threat actors being successful in their attacks. According to Norman (2016), indicate reviewing vulnerabilities to criminal attacks but also existing and possible terrorist attacks with imagination added is vital to assure that all possible terrorists methodologies are considered. In other words, evaluating vulnerabilities in the same way that terrorists do, such as target selection, attack planning, scenario testing, and attack operations, will aid consultants in developing effective countermeasures to secure the organization’s operational key nodes. According to Papathoma et al (2017), indicate vulnerability increases risk analysis, decision-making, and allows practitioners to focus scarce resources on the most vulnerable regions. As per chapter 8 specify the effective process of vulnerability assessment includes: 1)Identify the organization’s most valuable and most critical assets; 2) Identify the organization’s operational critical nodes;3) Utilize an Asset/Attack Matrix; 4) Utilize a Threat/Target Nexus Matrix;5)Utilize Weapons/Target Nexus Matrix; 6)Review surveillance opportunities for each major asset under consideration; 7)Assemble vulnerabilities in the light if all the information above (Norman, 2016). Consider the Mumbai attacks scenario indicated in chapter 8 under Asset/Attack Matrix, in which shooters moved in a zigzag pattern up the building to the upper floors, killing people as they went. As per Norman (2016), specify countermeasures, such as deploying barriers within the building that limit the shooter’s movement and contain shooters in an area where they can be easily taken out by the special forces team, could have been used. Threat/Target Nexus Matrix, on the other hand, specify a connection between places and potential targets where threat actors are most likely to use to behave. For instance, Robert Kennedy attack by Sirhan took place in the kitchen of the Los Angeles Ambassador Hotel where it’s been revealed that prior, Sirhan, recognized VIP circulation pathways and used this knowledge to isolate his victim from the crowds of admirers and cornered him into a more vulnerable position to attack (Norman, 2016). That is, vulnerability occurred in an area where the circulation paths were isolared to prevent the victim from escaping or finding an escape.