50%(2)1 out of 2 people found this document helpful
This preview shows page 48 - 51 out of 60 pages.
You should be explaining how to determinerisk levels along with the tables such as impact levels, likelihood levels and the risk matrix that shows how final risk for each vulnerability is determined.Then you list each vulnerability from the SAR and apply the methodology to it to determine the risk level. Once that is done, you can then determine or recommend how to handle each vulnerability (mitigate, transfer, accept, etc),This risk assessment methodology for and approach Amazon Corporation was conducted using the guidelines in NIST SP 800-37, Risk Management Guide for Information Technology Systems and OPM OIG Final Audit Report findings and recommendations (NIST, 2012). The assessmentis very broad in its scope and evaluates Amazon
question. The MBSA security analyzer, the OpenVAS security analyzer converted the raw scan data and particularlysucceeded in outputting the following vulnerabilities into risks based on the following methodology in Cyber 610 lab.The MBSA security analyzer and the OpenVAS security also had routines which communicated with green bone security assessment center especially to provide the automated recommendation as evident in the Labs 2 and 3. The green bone security assessment center particularly succeeded in doing the following as evident in output file. Management has the option of doing the following in the corporation:· Accepting the risks and chosen recommended controls or negotiating an alternative mitigation, while reserving the right to override the green bone security assessment center and incorporate the proposed recommended control into the Amazons Plan of Action and Milestones.