VIBRANTBOOTCAMP.COM
 

MCITP MCSE Boot Camp

MCSE Bootcamp
MCSE Boot camp Home
Welcome to MCSE Boot Camp Home page
MCSE Boot Camp Details
MCSE boot camp for MCSE Certification
MCSE 6 Certificaiton boot camp details
MCSE Security Boot camp
CCNA Boot Camp Details
MCSE Boot camp San Mateo, San Francisco, CA
CCNP Boot Camp details
MCSE all inclusive boot camp
MCSE CCNA CCNP Boot camp Schedule
MCSE CCNA CCNP
MCSE Boot camp Register
MCSE Certification Bootcamp
MCSE Boot Camp FAQ
MCSE Bootcamp UK
MCSE Boot Camp Fees
MCSE Certification boot camp in usa uk india
MCSE Boot Camp Contact US
MCSE Training Boot Camp
MCSE Boot Camp Location
Vibrant ccnp boot camp
MCSE Boot camp Compare
Vibrant ccna boot camp
MCSE Boot camp Testimonials
Vibrant ccna boot camp
MCSE Boot camp Testimonials
Vibrant MCSE Boot camp

MCSE Bootcamp Microsoft Partner

JOIN THE BEST MCITP Boot Camp, MCSE Boot Camp also CCNA , CCNP Certification Boot Camp Training program. 100% Guaranteed - Lowest Fees, Highest Passing Rate.

MCSE 2016 Boot Camp : Azure Boot camp : CCNA / CCNAX Boot Camp:

MCSE Boot Camp Training & CCNA Boot Camp Training Back to Back 

  • 14 Days Hands-On Instruction w/ Onsite Testing
  • Custom Official Microsoft Courseware
  • Proprietary Exam Preparation Study Guide
  • Microsoft Certified Instructors
  • 175+ Hours of Interactive Self-Study Materials
  • 1500+ Realistic Practice Exam Questions
     
  • 5 Microsoft Exam Vouchers
  • Exams Delivered - Days 3,6,9,11,14
  • 100% Certification Guarantee
  • Extensive Gear / Lab Access
  • Free Windows 7/8 eLearning
  • Hotel/Travel Options Available

  •  

     

     


     

    MCSE MCITP Certification Notes :
    Back


    The Proactive Approach

    Proactive security risk management has many advantages over a reactive approach. Instead of waiting for bad things to happen and then responding to them afterwards, you minimize the possibility of the bad things ever occurring in the first place. You make plans to protect your organization's important assets by implementing controls that reduce the risk of vulnerabilities being exploited by malicious software, attackers, or accidental misuse. An analogy may help to illustrate this idea. Influenza is a deadly respiratory disease that infects millions of people in the United States alone each year. Of those, over 100,000 must be treated in hospitals, and about 36,000 die. You could choose to deal with the threat of the disease by waiting to see if you get infected and then taking medicine to treat the symptoms if you do become ill. Alternatively, you could choose to get vaccinated before the influenza season begins.

    Organizations should not, of course, completely forsake incident response. An effective proactive approach can help organizations to significantly reduce the number of security incidents that arise in the future, but it is not likely that such problems will completely disappear. Therefore, organizations should continue to improve their incident response processes while simultaneously developing long-term proactive approaches.

    Later sections in this chapter, and the remaining chapters of this guide, will examine proactive security risk management in detail. Each of the security risk management methodologies shares some common high-level procedures:

    1. Identify business assets.
    2. Determine what damage an attack against an asset could cause to the organization.
    3. Identify the security vulnerabilities that the attack could exploit.
    4. Determine how to minimize the risk of attack by implementing appropriate controls.

    Approaches to Risk Prioritization

    The terms risk management and risk assessment are used frequently throughout this guide, and, although related, they are not interchangeable. The Microsoft security risk management process defines risk management as the overall effort to manage risk to an acceptable level across the business. Risk assessment is defined as the process to identify and prioritize risks to the business.

    There are many different methodologies for prioritizing or assessing risks, but most are based on one of two approaches or a combination of the two: quantitative risk management or qualitative risk management. Refer to the list of resources in the "More Information" section at the end of Chapter 1, "Introduction to the Security Risk Management Guide," for links to some other risk assessment methodologies. The next few sections of this chapter are a summary and comparison of quantitative risk assessment and qualitative risk assessment, followed by a brief description of the Microsoft security risk management process so that you can see how it combines aspects of both approaches.

    Quantitative Risk Assessment

    In quantitative risk assessments, the goal is to try to calculate objective numeric values for each of the components gathered during the risk assessment and cost - benefit analysis. For example, you estimate the true value of each business asset in terms of what it would cost to replace it, what it would cost in terms of lost productivity, what it would cost in terms of brand reputation, and other direct and indirect business values. You endeavor to use the same objectivity when computing asset exposure, cost of controls, and all of the other values that you identify during the risk management process.

    Note   This section is intended to show at a high level some of the steps involved in quantitative risk assessments; it is not a prescriptive guide for using that approach in security risk management projects.

    There are some significant weaknesses inherent in this approach that are not easily overcome. First, there is no formal and rigorous way to effectively calculate values for assets and controls. In other words, while it may appear to give you more detail, the financial values actually obscure the fact that the numbers are based on estimates. How can you precisely and accurately calculate the impact that a highly public security incident might have on your brand? If it is available you can examine historical data, but quite often it is not.

    Second, organizations that have tried to meticulously apply all aspects of quantitative risk management have found the process to be extremely costly. Such projects usually take a very long time to complete their first full cycle, and they usually involve a lot of staff members arguing over the details of how specific fiscal values were calculated. Third, for organizations with high value assets, the cost of exposure may be so high that you would spend an exceedingly large amount of money to mitigate any risks to which you were exposed. This is not realistic, though; an organization would not spend its entire budget to protect a single asset, or even its top five assets.

    Details of the Quantitative Approach

    At this point, it may be helpful to gain a general understanding of both the advantages and drawbacks of quantitative risk assessments. The rest of this section looks at some of the factors and values that are typically evaluated during a quantitative risk assessment such as asset valuation; costing controls; determining Return On Security Investment (ROSI); and calculating values for Single Loss Expectancy (SLE), Annual Rate of Occurrence (ARO), and Annual Loss Expectancy (ALE). This is by no means a comprehensive examination of all aspects of quantitative risk assessment, merely a brief examination of some of the details of that approach so that you can see that the numbers that form the foundation of all the calculations are themselves subjective.

    Valuing Assets

    Determining the monetary value of an asset is an important part of security risk management. Business managers often rely on the value of an asset to guide them in determining how much money and time they should spend securing it. Many organizations maintain a list of asset values (AVs) as part of their business continuity plans. Note how the numbers calculated are actually subjective estimates, though: No objective tools or methods for determining the value of an asset exist. To assign a value to an asset, calculate the following three primary factors:

    • The overall value of the asset to your organization. Calculate or estimate the asset's value in direct financial terms. Consider a simplified example of the impact of temporary disruption of an e-commerce Web site that normally runs seven days a week, 24 hours a day, generating an average of $2,000 per hour in revenue from customer orders. You can state with confidence that the annual value of the Web site in terms of sales revenue is $17,520,000.
    • The immediate financial impact of losing the asset. If you deliberately simplify the example and assume that the Web site generates a constant rate per hour, and the same Web site becomes unavailable for six hours, the calculated exposure is .000685 percent per year. By multiplying this exposure percentage by the annual value of the asset, you can predict that the directly attributable losses in this case would be $12,000. In reality, most e-commerce Web sites generate revenue at a wide range of rates depending upon the time of day, the day of the week, the season, marketing campaigns, and other factors. Additionally, some customers may find an alternative Web site that they prefer to the original, so the Web site may have some permanent loss of users. Calculating the revenue loss is actually quite complex if you want to be precise and consider all potential types of loss.
    • The indirect business impact of losing the asset. In this example, the company estimates that it would spend $10,000 on advertising to counteract the negative publicity from such an incident. Additionally, the company also estimates a loss of .01 of 1 percent of annual sales, or $17,520. By combining the extra advertising expenses and the loss in annual sales revenue, you can predict a total of $27,520 in indirect losses in this case.

    Determining the SLE

    The SLE is the total amount of revenue that is lost from a single occurrence of the risk. It is a monetary amount that is assigned to a single event that represents the company's potential loss amount if a specific threat exploits a vulnerability. (The SLE is similar to the impact of a qualitative risk analysis.) Calculate the SLE by multiplying the asset value by the exposure factor (EF).The exposure factor represents the percentage of loss that a realized threat could have on a certain asset. If a Web farm has an asset value of $150,000, and a fire results in damages worth an estimated 25 percent of its value, then the SLE in this case would be $37,500. This is an oversimplified example, though; other expenses may need to be considered.

    Determining the ARO

    The ARO is the number of times that you reasonably expect the risk to occur during one year. Making these estimates is very difficult; there is very little actuarial data available. What has been gathered so far appears to be private information held by a few property insurance firms. To estimate the ARO, draw on your past experience and consult security risk management experts and security and business consultants. The ARO is similar to the probability of a qualitative risk analysis, and its range extends from 0 percent (never) to 100 percent (always).

    Determining the ALE

    The ALE is the total amount of money that your organization will lose in one year if nothing is done to mitigate the risk. Calculate this value by multiplying the SLE by the ARO. The ALE is similar to the relative rank of a qualitative risk analysis.

    For example, if a fire at the same company's Web farm results in $37,500 in damages, and the probability, or ARO, of a fire taking place has an ARO value of 0.1 (indicating once in ten years), then the ALE value in this case would be $3,750 ($37,500 x 0.1 = $3,750).

    The ALE provides a value that your organization can work with to budget what it will cost to establish controls or safeguards to prevent this type of damage — in this case, $3,750 or less per year — and provide an adequate level of protection. It is important to quantify the real possibility of a risk and how much damage, in monetary terms, the threat may cause in order to be able to know how much can be spent to protect against the potential consequence of the threat.

    Determining Cost of Controls

    Determining the cost of controls requires accurate estimates on how much acquiring, testing, deploying, operating, and maintaining each control would cost. Such costs would include buying or developing the control solution; deploying and configuring the control solution; maintaining the control solution; communicating new policies or procedures related to the new control to users; training users and IT staff on how to use and support the control; monitoring the control; and contending with the loss of convenience or productivity that the control might impose. For example, to reduce the risk of fire damaging the Web farm, the fictional organization might consider deploying an automated fire suppression system. It would need to hire a contractor to design and install the system and would then need to monitor the system on an ongoing basis. It would also need to check the system periodically and, occasionally, recharge it with whatever chemical retardants the system uses.

    ROSI

    Estimate the cost of controls by using the following equation:

    ALE before control) – (ALE after control) – (annual cost of control) = ROSI

    For example, the ALE of the threat of an attacker bringing down a Web server is $12,000, and after the suggested safeguard is implemented, the ALE is valued at $3,000. The annual cost of maintenance and operation of the safeguard is $650, so the ROSI is $8,350 each year as expressed in the following equation: $12,000 - $3,000 - $650 = $8,350.

    Results of the Quantitative Risk Analyses

    The input items from the quantitative risk analyses provide clearly defined goals and results. The following items generally are derived from the results of the previous steps:

    • Assigned monetary values for assets
    • A comprehensive list of significant threats
    • The probability of each threat occurring
    • The loss potential for the company on a per-threat basis over 12 months
    • Recommended safeguards, controls, and actions

    You have seen for yourself how all of these calculations are based on subjective estimates. Key numbers that provide the basis for the results are not drawn from objective equations or well-defined actuarial datasets but rather from the opinions of those performing the assessment. The AV, SLE, ARO, and cost of controls are all numbers that the participants themselves insert (after much discussion and compromise, typically).

    Qualitative Risk Assessment

    What differentiates qualitative risk assessment from quantitative risk assessment is that in the former you do not try to assign hard financial values to assets, expected losses, and cost of controls. Instead, you calculate relative values. Risk analysis is usually conducted through a combination of questionnaires and collaborative workshops involving people from a variety of groups within the organization such as information security experts; information technology managers and staff; business asset owners and users; and senior managers. If used, questionnaires are typically distributed a few days to a few weeks ahead of the first workshop. The questionnaires are designed to discover what assets and controls are already deployed, and the information gathered can be very helpful during the workshops that follow. In the workshops participants identify assets and estimate their relative values. Next they try to figure out what threats each asset may be facing, and then they try to imagine what types of vulnerabilities those threats might exploit in the future. The information security experts and the system administrators typically come up with controls to mitigate the risks for the group to consider and the approximate cost of each control. Finally, the results are presented to management for consideration during a cost-benefit analysis.

    As you can see, the basic process for qualitative assessments is very similar to what happens in the quantitative approach. The difference is in the details. Comparisons between the value of one asset and another are relative, and participants do not invest a lot of time trying to calculate precise financial numbers for asset valuation. The same is true for calculating the possible impact from a risk being realized and the cost of implementing controls.

    The benefits of a qualitative approach are that it overcomes the challenge of calculating accurate figures for asset value, cost of control, and so on, and the process is much less demanding on staff. Qualitative risk management projects can typically start to show significant results within a few weeks, whereas most organizations that choose a quantitative approach see little benefit for months, and sometimes even years, of effort. The drawback of a qualitative approach is that the resulting figures are vague; some Business Decision Makers (BDMs), especially those with finance or accounting backgrounds, may not be comfortable with the relative values determined during a qualitative risk assessment project.

    Call Now : 800-519- 2267

    Why Vibrant Boot camp

    MCSE No Prestudy
    MCSE Boot Camp Longest Duration Bootcamp
    MCSE Certification boot camp Chalk Talk Training
    MCSE Training Boot camp Highest Passing Rate
    MCSE bootcamp Bootcamp since 1997
    MCSE certification boot camp training Guaranteed Lowest Rate
    MCSE Guaranteed Certification Guaranteed Certification ...

    MCITP Boot Camp : 14 days Win2008 MCITP certification Boot camp.
     

    MCSE CCNA Certification boot camp
    MCSE Boot Camp Certification.
     
    Testimonials
    If you're serious about getting certified, this is the place to go. Definitely worth their competitive price. Excellent instructors, making it possible for anyone to learn no matter what your level of experience or knowledge.

    Michael Doty

     
    Microsoft MCSE Boot Camp
     Join MCSE Boot Camp & CCNA Boot Camp Back to Back Certification Today.
    links 
    270  290  291 293  294  298  299   Security   640-801 routing 811 821      
    831  Resources MCSE + CCNA  Training  Card pay  Papal  MCSE Notes  CCNA Notes 
    Win2003 Server Notes index main  root  link resources home Ref1 Ref2

     mcse1  mcse2  mcse3  mcse4  mcse5  mcse6  mcse7  mcse8  mcse9 mcse10  mcse11 mcse12   mcse13 mcse14 mcse15 mcse16 mcse17  mcse18  mcse19  mcse20  mcse21  mcse22  mcse23  mcse24  mcse25 mcse26  mcse27 mcse28 mcse29  mcse30  mcse31  mcse32  mcse33 mcse34  mcse35   mcse36  mcse37  mcse38  mcse39 mcse40 mcse41 mcse42  mcse43 mcse44  mcse45   mcse46  mcse47  mcse48  mcse49 
    mcse50  mcse51 mcse52  mcse53 mcse54  mcse55
    MCSE Boot Camp
    MCSE certification camp  MCSE Boot Camp
    Vibrant MCSE boot camp MCSE Boot Camp CCNP Boot Camp MCSE Boot Camp Vibrant Medicare
    MCSE Boot Camp
    Redhat Linux Training


      MCITP Boot Camp , MCSE Boot camp,  CCNA Boot Camp, Upgrade to MCITP Boot camp, MCITP Enterprise admin Certification Boot camp Training.
      All rights reserved. ©1998 - 2015, Vibrant Worldwide Inc.          
     MCSE MCITP Certification Boot Camp  Training in UK MCITP Boot camp UK  MCITP MCSE Certification boot camp training in Thailand Bangkok MCITP Camp Thailand MCITP MCSE Certification Boot Camp training at  India MCITP RHCE Boot Camp India 

    MCSE Boot Camp - Proven Boot camp for MCSE at Baltimore, Maryland

    MCITP, MCSE, CCNA, Certification n training guide, how mcse mcitp ccna boot camp works

    MCSE Boot Camp Proven MCSE Boot camp Training for MCSE Certification Fast

    MCSE Boot Camp Card Payment by Paypal

    CCNA 801 Boot Camp by Vibrant boot camps, join MCSE camps

    CCNA Boot Camp by Vibrant boot camps, join MCSE camps

    CCNP Boot Camp by Vibrant boot camps, join CCNP camps

    MCSE MCITP CCNA Boot Camp Card Payment by Paypal

    MCSE MCITP Boot Camp location comaprision between USA, UK, India and Thailand

    MCSE Boot Camp compare Vibrant boot camps with other boot camp provider

    Comptia Security+ Boot Camp by Vibrant boot camps, join MCSE camps

    MCSE Boot Camp contact Vibrant boot camps

    MCSE Boot Camp course fees Vibrant boot camps, join MCSE camps

    MCSE Boot Camp FAQ by Vibrant boot camps, join MCSE camps

    MCSE Boot Camp provide your Feedback here

    MCSE CCNA CCNP Boot Camp inquire we call back

    MCSE Boot Camp location San Francisco and Baltimore

    MCITP Boot Camp MCITP 14days all_incl MCITP Certifiation boot camp

    MCITP Boot Camp MCITP Benefits MCITP Certifiation boot camp

    MCITP Boot Camp MCITP curriculum MCITP Certifiation boot camp

    MCITP Boot Camp MCITP bootcamp details MCITP Certifiation camp

    MCITP Boot Camp MCITP exam detail MCITP Certifiation boot camp

    MCSE Boot Camp MCSE Certification Camp also MCSE Training Boot Camp

    MCSE Benefits join MCSE Boot Camp by Vibrant boot camps

    MCSE Curriculum join MCSE Boot Camp

    MCSE Exam Detials join MCSE Boot Camp

    MCSE boot camp details, join MCSE camps

    MCSE MCITP Boot Camp MCSE MCITP 18days 8 Certifiation boot camp

    MCSE MCITP combo Boot Camp MCITP MCSE Benefits MCITP Certifiation boot camp

    MCITP MCSE Boot Camp MCITP curriculum MCITP Certifiation boot camp

    MCSE MCITP Boot Camp MCITP MCSE bootcamp details MCITP Certifiation camp

    MCSE MCITP Boot Camp MCITP MCSE exam detail MCITP Certifiation boot camp

    MCSE MCITP CCNA Boot Camp MCSE MCITP CCNA 23days 9 Certifiation boot camp

    MCSE Security Boot Camp MCSE 14days all_incl MCSE Certifiation boot camp

    MCSE Security certification benefits join boot camp now

    MCSE Security Boot Camp Curriculum join MCSE camps

    MCSE Security Exam Detail join MCSE boot camps

    MCSE Security Boot Camp Details for MCSE Certification

    MCSE Boot Camp Payment Gateway to get MCSE Certification Fast!

    MCITP Boot Camp, CCNA Boot Camp reason to join Vibrant boot camp

    MCSE Boot Camp Refunds

    MCSE CCNA CCNP Boot Camp Register. Join MCSE CCNA Boot Camp today

    MCSE CCNA CCNP thailand bangkok Boot Camp Register. Join Thailand MCSE CCNA Boot Camp today

    MCSE Schedule CCNA Scedule CCNP Boot Camp Schedule

    MCITP Boot Camp, MCSE Boot camp, CCNA Boot Camp, Special offer Vibrant boot camp

    MCSE Boot Camp Testimonials by Vibrant boot camps

    MCSE Boot Camp location San Francisco and Baltimore

    Virbant Boot Camp thank You Trasaction successfull

    MCSE Boot Camp upgrade win2008 mcse camps

    Microsoft Vista Certification Boot Camp for Vista training boot camps

    MCSE Boot Camp location San Francisco and Baltimore

     

    bootcamp_schedule.php

    cardpay.php

    CCNA-boot-camp.php

    certification-courses.php

    certified-ethical-hacker-ceh-certified-EC-council.php

    cisco-certification-courses.php

    comptia_a+_bootcamp_course.php

    comptia_a+_network+_boot_camp.php

    comptia-certification-courses.php

    compTia-network+.php

    compTia-security+.php

    contact_us.php

    course_fees.php

    course_template.php

    faq_camp.php

    guarantee.php

    how-boot-camp-works.php

    index.php

    join-vibrant-as-trainer.php

    locations.php

    mcsa_server_2012_r2_boot_camp.php

    mcsa-windows-server-2016-training-certification-boot-camp.php

    mcse-cloud-platform-infrastructure-azure-track.php

    mcse-cloud-platform-infrastructure-security-with-mcsa-windows-server-2016-training-certification-boot-camp.php

    mcse-cloud-platform-infrastructure-with-mcsa-windows-server-2012-R2-training-certification-boot-camp.php

    mcse-productivity-exchange-server-2016.php

    microsoft-certification-courses.php

    microsoft-mcse-messaging-certification-training-course.php

    msca-windows-2016-upgrade.php

    msce-windows-2008-to-2016-upgrade.php

    msce-windows-2016-upgrade.php

    mta-it-infrastructure-windows-server-training-certification.php

    onsite-training.php

    our-clients.php

    photogallery.php

    reason_to_join_vibrant_boot_camp.php

    recaptchalib.php

    refund.php

    register.php