Module 2 Riskmodel Bennettjw

Uploaded by

api-540028293

100% found this document useful (1 vote)

29 views3 pages

Original Title

module 2 riskmodel bennettjw

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

100% found this document useful (1 vote)

29 views3 pages

Module 2 Riskmodel Bennettjw

Uploaded by

api-540028293

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

SABSA Risk Model for Acme Retail Corporation

Acme Retail Corporation is a retail corporation that has both “brick and mortar” stores across the United States as well as a
large e-Commerce presence. In recent years, Acme Retail Corp. has increased its online sales and revenue that has quickly outpaced
its revenue from their physical presence sales. In order to provide a “qualitative measurement method that classifies risks into a
series of bands”, the below SABSA Risk Assessment is provided (Sherwood et al., 2005). The table provides the first steps within the
Contextual Security model within SABSA and set the foundation for the next layer, the Conceptual Security model.

1 2 3 4 5 6 7 8 9 10
Business Driver Business Business High-Level Business Impact Pot. High- Green Green
Attributes Requirements Threat Impact Value Level Vuln Field Field Risk
Vuln Cat
Value
BD-1 Point of Sale
(POS) system
BD-1.1 Security Usability Security Rushed POS Increased H POS system H A (red)
Confidential features must implementation risk of networks
not create exposure of publicly facing
excess latency customer
at check-out financial
data
BD-2 Customer
Privacy
BD-2.1 Privacy Privacy Proper storage Customer Fines by H Customer H A (red)
protections and protections information consumer databases
of customer disclosed to agencies. publicly
data unauthorized Loss of facing.
parties customer Inadequate
confidence protection of
private
information.
Business Driver Business Business High-Level Business Impact Pot. High- Green Green
Attributes Requirements Threat Impact Value Level Vuln Field Field Risk
Vuln Cat
Value
BD-3 Regulatory
Compliance
BD-3.1 Data protection Compliance Requirement to Failure to Prosecution H Failure to H B
regulations/laws Privacy comply with comply with by understand (yellow)
Confidentiality data protection regulatory laws legislators. regulations
regulations/laws Fines by and
consumer implement
agencies. risk controls.
BD-4 Online
Presence/e-
commerce
BD-4.1 Security Confidential Security Customer is Loss of H Multiple H B
Usability features must unable to business to authentication (yellow)
not inhibit complete competitors. requests.
availability online Loss of Unsecure
transactions customer browsing
privacy sessions.

BD-5 Third-Party
Vendor
Relationships
BD-5.1 Vendor security Integrity Vendor service Vendor Vendor H Vendor H A (red)
trust Availability networks must networks services network
be able to become become vulnerabilities
function to untrusted non- become
enable functional vulnerabilities
production on business
environment. network
environment
References

Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise security architecture: A business-driven approach. CRC Press.

Articulating The Business Value of Information Security: July 24, 2009
Document11 pages
Articulating The Business Value of Information Security: July 24, 2009
Anupam Koul
No ratings yet
WebTrust For CA 22 PDF
Document97 pages
WebTrust For CA 22 PDF
alan0806
No ratings yet
Forcepoint Second Edition
From Everand
Forcepoint Second Edition
Gerardus Blokdyk
No ratings yet
Core DDI Adavanced Troubleshooting CDAT Course
Document1 page
Core DDI Adavanced Troubleshooting CDAT Course
acehussain
No ratings yet
DDoS Mitigation A Complete Guide - 2019 Edition
From Everand
DDoS Mitigation A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
EC Council Certified Incident Handler A Complete Guide - 2021 Edition
From Everand
EC Council Certified Incident Handler A Complete Guide - 2021 Edition
Gerardus Blokdyk
No ratings yet
SD WAN Security A Complete Guide - 2020 Edition
From Everand
SD WAN Security A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Kaspersky security center
From Everand
Kaspersky security center
Mohammed Haytham Khabbaz samkary
No ratings yet
ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition
From Everand
ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
PKI Management A Complete Guide - 2019 Edition
From Everand
PKI Management A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
PAM Solutions A Complete Guide - 2019 Edition
From Everand
PAM Solutions A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Enterprise Architecture A Complete Guide - 2021 Edition
From Everand
Enterprise Architecture A Complete Guide - 2021 Edition
Gerardus Blokdyk
No ratings yet
F5 Privileged User Access With F5 Access Policy Manager F5GS APM
Document5 pages
F5 Privileged User Access With F5 Access Policy Manager F5GS APM
mandijnns1
No ratings yet
DLP and Data Classification A Clear and Concise Reference
From Everand
DLP and Data Classification A Clear and Concise Reference
Gerardus Blokdyk
No ratings yet
CASB A Complete Guide - 2021 Edition
From Everand
CASB A Complete Guide - 2021 Edition
Gerardus Blokdyk
No ratings yet
Bastion Quickstart en
Document29 pages
Bastion Quickstart en
Halil Demir
No ratings yet
Secure SD-WAN Assessment Report: Prepared For
Document12 pages
Secure SD-WAN Assessment Report: Prepared For
SonicTrader FX
No ratings yet
The ROI of Data Loss Prevention: A Websense White Paper
Document16 pages
The ROI of Data Loss Prevention: A Websense White Paper
Adoliu Alexandru
No ratings yet
Gartner - Magic Quadrant For WAF
Document41 pages
Gartner - Magic Quadrant For WAF
Dan Barliba
No ratings yet
SD-WAN and Security The Ultimate Step-By-Step Guide
From Everand
SD-WAN and Security The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
Vmware Alwayson Digital Workspace Design Guide
Document18 pages
Vmware Alwayson Digital Workspace Design Guide
catelor419
No ratings yet
Secrets Management A Complete Guide - 2019 Edition
From Everand
Secrets Management A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Barracuda Web Application Firewall DS US
Document2 pages
Barracuda Web Application Firewall DS US
mjsmith11
No ratings yet
ESM AdminGuide 6.9.1
Document186 pages
ESM AdminGuide 6.9.1
aziz.rhazlani
No ratings yet
CVD ApplicationOptimizationUsingCiscoWAASDesignGuide AUG13
Document48 pages
CVD ApplicationOptimizationUsingCiscoWAASDesignGuide AUG13
hulikul22
No ratings yet
Understanding Network Taps: The First Step To Visibility
Document16 pages
Understanding Network Taps: The First Step To Visibility
CCIE Detect
100% (1)
IBM Security QRadar SIEM Second Edition
From Everand
IBM Security QRadar SIEM Second Edition
Gerardus Blokdyk
No ratings yet
IBM QRadar A Complete Guide - 2020 Edition
From Everand
IBM QRadar A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Netskope For Web: Quick Glance
Document4 pages
Netskope For Web: Quick Glance
AdeyinkaAjagbe
No ratings yet
Active Directory Migration Strategy A Complete Guide - 2020 Edition
From Everand
Active Directory Migration Strategy A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Network Documentation A Complete Guide - 2020 Edition
From Everand
Network Documentation A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Securing Your Active Directory. Chapter 1 - Perform A Self-Audit
Document51 pages
Securing Your Active Directory. Chapter 1 - Perform A Self-Audit
charbel
100% (1)
PKI Deployments A Complete Guide - 2020 Edition
From Everand
PKI Deployments A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
12mcei12 - Network Scanning and Vulnerability Assessment With Report Generation
Document91 pages
12mcei12 - Network Scanning and Vulnerability Assessment With Report Generation
proftechitspecialist
No ratings yet
Risk MGMT For CComputing
Document24 pages
Risk MGMT For CComputing
George Reyes
No ratings yet
NetPro Template Sent
Document186 pages
NetPro Template Sent
Văn Thuật
No ratings yet
SC 103 Endpoint and Intercept X Sales Overview v2.0.0
Document19 pages
SC 103 Endpoint and Intercept X Sales Overview v2.0.0
Anderson Traslaviña Alvarez
No ratings yet
3.0 Q12020 Channel Kaspersky Battle Card PDF
Document2 pages
3.0 Q12020 Channel Kaspersky Battle Card PDF
dame koffi
No ratings yet
OWASP Vulnerability Management Guide
Document20 pages
OWASP Vulnerability Management Guide
tarzi01
No ratings yet
Etsi en 303 645
Document30 pages
Etsi en 303 645
jeromenl
No ratings yet
Disaster Recovery As A Service (Draas) 2.0 Design Guide: Building Architectures To Solve Business Problems
Document68 pages
Disaster Recovery As A Service (Draas) 2.0 Design Guide: Building Architectures To Solve Business Problems
smaikol2
No ratings yet
01 - SA - 2022 - VRMMM - User Procedure - Guide - 20210928
Document11 pages
01 - SA - 2022 - VRMMM - User Procedure - Guide - 20210928
Melody Shekhar
No ratings yet
Kareem PKI
Document6 pages
Kareem PKI
Rohit Lalwani
No ratings yet
Insider Threat Management A Complete Guide - 2020 Edition
From Everand
Insider Threat Management A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Cloud Integration A Complete Guide - 2019 Edition
From Everand
Cloud Integration A Complete Guide - 2019 Edition
Gerardus Blokdyk
Rating: 5 out of 5 stars
5/5 (1)
FAIR Open Course - Module 05 - Running The Simulation
Document33 pages
FAIR Open Course - Module 05 - Running The Simulation
Dimitris Maketas
No ratings yet
Azure Security Benchmark v2.0
Document191 pages
Azure Security Benchmark v2.0
sdfsg
No ratings yet
DLP Architecture Second Edition
From Everand
DLP Architecture Second Edition
Gerardus Blokdyk
No ratings yet
Computer Audit
Document36 pages
Computer Audit
Swapnil Jain
No ratings yet
ECSS v3 Brochure
Document39 pages
ECSS v3 Brochure
kojo2kg
No ratings yet
The Insider Threat Benchmark Report: Strategies For Data Protection
Document27 pages
The Insider Threat Benchmark Report: Strategies For Data Protection
Jaisri Chety
No ratings yet
ECIH A Complete Guide - 2019 Edition
From Everand
ECIH A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Protegrity Application Protector Data Sheet
Document2 pages
Protegrity Application Protector Data Sheet
Manish Bajpai
No ratings yet
Pentest Report
Document63 pages
Pentest Report
Simo Chami
No ratings yet
Microsegmentation Architectures A Complete Guide - 2019 Edition
From Everand
Microsegmentation Architectures A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Cloud Security and Its Infrastructure
Document22 pages
Cloud Security and Its Infrastructure
Rahul saini
100% (1)
Mcafee Mvision Endpoint Installation Guide
Document14 pages
Mcafee Mvision Endpoint Installation Guide
A. Kuffner
No ratings yet
McAfee Threat Hunting Solution Brief
Document3 pages
McAfee Threat Hunting Solution Brief
ozgurerdogan
No ratings yet
MSSP Customer Offerings V3
Document17 pages
MSSP Customer Offerings V3
eduardo.honorato5586
No ratings yet
Nist SP 1800-2 PDF
Document497 pages
Nist SP 1800-2 PDF
ricardo ruben rocha
No ratings yet
Cyber Threat Intelligence Plan
Document7 pages
Cyber Threat Intelligence Plan
api-540028293
No ratings yet
Module7 Finalproject Bennettjw
Document10 pages
Module7 Finalproject Bennettjw
api-540028293
No ratings yet
Module7 Final Project Corrected Bennettjw
Document9 pages
Module7 Final Project Corrected Bennettjw
api-540028293
No ratings yet
Module7 Issp Bennettjw
Document13 pages
Module7 Issp Bennettjw
api-540028293
No ratings yet
Csol530 Module7 Final Bennett
Document9 pages
Csol530 Module7 Final Bennett
api-540028293
No ratings yet
Assignment 7 - Final Project v1
Document14 pages
Assignment 7 - Final Project v1
api-540028293
No ratings yet
Asus X553MA Repair Guide Rev2.0
Document7 pages
Asus X553MA Repair Guide Rev2.0
UMA AKANDU UCHE
No ratings yet
Student Management System with Grade Chart
Document2 pages
Student Management System with Grade Chart
Lakpa Tenzin
No ratings yet
Hydraulic Arm Project
Document31 pages
Hydraulic Arm Project
Govind Rajput
77% (22)
Detailed-Lesson-Plan Empowerment Technology
Document3 pages
Detailed-Lesson-Plan Empowerment Technology
karyawarx
No ratings yet
Huawei Data Center Facility Handbook 20230425-1
Document67 pages
Huawei Data Center Facility Handbook 20230425-1
SatriaWahyuEkaSaputra
No ratings yet
Iiba Cpoa Certification Handbook
Document7 pages
Iiba Cpoa Certification Handbook
DerrickKeith
No ratings yet
Dometic VARC48 Specsheet
Document2 pages
Dometic VARC48 Specsheet
Jahir Gomez
No ratings yet
Ukpsc Ae 2023 Admit Card
Document2 pages
Ukpsc Ae 2023 Admit Card
Chetan Chauhan
No ratings yet
CP1290 12V 9ah (20hr)
Document2 pages
CP1290 12V 9ah (20hr)
NeriCervín
No ratings yet
Ebony Milf Flashing in Public: Search 9,666,089 Videos
Document2 pages
Ebony Milf Flashing in Public: Search 9,666,089 Videos
Sbonelo Magwaza
No ratings yet
Tyco Radar Detection For Enhanced Perimeter Security: Data Sheet
Document4 pages
Tyco Radar Detection For Enhanced Perimeter Security: Data Sheet
froyjose
No ratings yet
It Era Midterms
Document4 pages
It Era Midterms
Carlo Aprado
100% (2)
Presario 3060 Qs
Document1 page
Presario 3060 Qs
Ever Arca
No ratings yet
Laop 2018 CFP
Document2 pages
Laop 2018 CFP
api-394315691
No ratings yet
Sample Exam Question Paper
Document7 pages
Sample Exam Question Paper
John Cena
No ratings yet
TGH Aviation Instrument Capalist
Document249 pages
TGH Aviation Instrument Capalist
thilo eckardt
No ratings yet
Thermal Imaging Camera t5 t6
Document3 pages
Thermal Imaging Camera t5 t6
Arius Gife
No ratings yet
Analysis of Roof Loading
Document6 pages
Analysis of Roof Loading
hamiera
No ratings yet
AEPS Reconciliation
Document5 pages
AEPS Reconciliation
Amey More
100% (1)
ChatGPT For Excel
Document76 pages
ChatGPT For Excel
blaque1
67% (3)
MercuryAPI v1.31.3 Release Notes - v1c
Document119 pages
MercuryAPI v1.31.3 Release Notes - v1c
Wallace Muniz
No ratings yet
Storyresposeindia
Document34 pages
Storyresposeindia
Walter poncini
No ratings yet
LDS - Materi Online Training Communication, Negotiation ODP (Batch 236) 2021 - 02!10!11 - PESERTA
Document117 pages
LDS - Materi Online Training Communication, Negotiation ODP (Batch 236) 2021 - 02!10!11 - PESERTA
Arie Hapsoro
No ratings yet
PIWorld 2019 Beginning Administration and Management of The PI System - Final
Document80 pages
PIWorld 2019 Beginning Administration and Management of The PI System - Final
Rommel Rios
No ratings yet
Adwea Approved Contractors List
Document322 pages
Adwea Approved Contractors List
Abdullah Ahamed
No ratings yet
Public-Key Cryptography: Data and Network Security 1
Document15 pages
Public-Key Cryptography: Data and Network Security 1
asad
No ratings yet
Emergent Carbon Issues
Document2 pages
Emergent Carbon Issues
Papa Aishu
No ratings yet
Instructions for assembling paper craft coffee valve
Document8 pages
Instructions for assembling paper craft coffee valve
Jofre Giovanny Apaza Moya
No ratings yet
I Report On Mobile CRM PDF
Document17 pages
I Report On Mobile CRM PDF
Pradumna Kasaudhan
No ratings yet
Om MFL67851603-15
Document92 pages
Om MFL67851603-15
josehugoqr
No ratings yet