Week 3 ( security managment )

primary task 500 words  

Within the Discussion Board area, write 400–600 words that respond to the following questions with your thoughts, ideas, and comments. This will be the foundation for future discussions by your classmates. Be substantive and clear, and use examples to reinforce your ideas:

A risk cube is a tool that is used to analyze a security risk issue. For example, consider the challenge to measure security concerns for a direct-recording electronic (DRE) voting machine. The risk cube has the following domains:

  • Probability: Likelihood of error (low, medium, high)
  • Outcome: Severity of error (low, high)
  • Duration: Impact of error (isolated, long-term)

Use the risk cube as the tool to categorize the security risks, and justify the DRE acceptance or rejection in each subcube. Complete the following:

  • For each subcube, justify the acceptance or rejection of DRE voting with a summarized statement.
    • In addition to the acceptance or rejection choice, add a security risk classification of high, medium, or low for each subcube.
  • Conclude with a statement of expected concurrency with the risk cubes of peers.
    • If a single risk cube were to be created from those of all peers, would significant differences be expected?
    • What mitigation processes might be used to resolve differences?



Continue development of the Comprehensive Security Management Plan by adding a section reviewing the security policy. Create a list of each section in the security policy. Some sections in the list are business security requirements that can be decomposed first to more refined requirements and later to detailed security policies in the Security Policy document. This decomposition should be included in the list. These detailed policies do not need to be written, but referenced or indicated as a policy that needs to be written.

The project deliverables are the following:

  • Update the Comprehensive Security Management Plan document title page with new date.
  • Update the previously completed sections based on the instructor’s feedback.
  • Use the subheading “Security Policy.”
    • List each section of the security policy.
      • Include decompositions of business security requirements into policies in this list.
        • For example, a business security requirement for authenticated access might map to policies for log-in access and policies for file access.
  • Be sure to update your table of contents before submission.
  • Name the document “yourname_CS654_IP3.doc.”