Question

WEEK 2 DISCUSSION

ANSWER THE FOLLOWING QUESTIONS BELOW:

• Create or find definitions for Business Impact Assessment, Vulnerability Assessment, Penetration Test, and Risk Assessment. Please put these definitions in your own words rather than copying them from a source.
• What are the differences and similarities between them?
• When would you use each?
• Which one(s) have you used?
• How can each be leveraged by an organization to better understand and manage their risks?

Answer 1

Business Impact Assessment:

Business impact assessment gives us a potentiality and criticality of business activities. It helps us to know the problems deeply so that we can use different business strategies to avoid it. helps in knowing raising resource provinces and building recovery time spots.

Some impacts to consider like lost sales and income

• Supervisory fines
• Contractual fines
• Delay of new business plans
• Customer disappointment
• Risen expenses
• Slowed income or sales

Vulnerability Assessment:

Vulnerability assessment means finding and exploring the known vulnerabilities using some vulnerability finding tools and by some other manual methods. This gives the security defects in the system or application. Vulnerabilities in system like open ports or weaknesses and also some security flaws and code bugs etc...

Penetration Test:

Pentesting is a practice of testing system and exploiting the vulnerabilities them and generating report on that.
it's a cyber attack on a company to find vulnerabilities and later to patch those security flaws.
Pentesting like SQL injection, dynamic and static way of vulnerability finding practices, etc.

Risk Assessment:

Risk assessment means completely finding the hazards and risk factors that are going to occur. With this report, we have to take some steps to get out of these risks to make again sustainable. There are some steps like risk assessment than solving those by identifying risks and finding solutions for those risks and planning to solve and then solving those risks with strategies.

Similarities and Differences between them:

The main similarity is all helps in finding the potential risks and threats and helps in making the service or product more better. All are used to know the flaws in the system. All assessments are helps in knowing what our system is capable of.
The main differences are:
In business impact assessments, the main focus on upcoming business steps to take to grow in business and steps to focus on the strategies more in improving the standards of business. Whereas vulnerability and pentesting helps in finding the vulnerabilities and exploiting them to make our system and application more secure and power by solving the security flaws with the help of reports. Risk assessment is to identify the hazards and risks to make things more sustainable and perfect.

When would I use each:

For business-oriented things we use business impact analysis, vulnerability assessment to scan for security flaws and Pentesting in exploiting the vulnerabilities found in the vulnerability analysis and patch those loops. Risk management in finding the best practices to make conditions more healthier.

Which one have I used?

I used pentesting in finding and exploiting security flaws or vulnerabilities.

How can each be leveraged by an organization to better understand and manage their risks?

All these are very helpful in understanding the risks and potentiality of the business and services. Each are of different ways to assess the risk and helps in agree way to exploit the problems and making the business along with application more better.