Evaluate the potential risk at issue

Memo
To: INS 210 Students
From: Ken Goldstein
Date: 1/22/20-1/27/20
Re: Ice Breaker –“Risk & Its Treatment”
You are the Risk Manager of a publicly traded company. Your manager, the Chief Financial Officer, has presented you with the following risk scenarios for review and prompt consideration:
Scenario 1
Your publication division has been selling digital textbooks to students. Unfortunately, it has inadvertently exceeded the number of permissible sales based upon a licensing agreement with various authors (copyright owners).
Scenario 2
Your professional services division has not consistently trained its staff with regard to identifying and managing phishing-related exploits. As a result, the operation is more susceptible to ransomware attacks by third parties.
Scenario 3
Your security operation has been selling cameras to commercial and residential customers that contain defects. In fact, the customers are unaware that the security cameras are not consistently capturing footage aroundpremises to mitigatethe potential for unlawful entry.
Scenario 4
The sidewalks around your retail operations have remained icy and snow has not been sufficiently cleared at various customer access points.
For each of the above risk scenarios, you are being asked to (1) evaluate the potential risk at issue, (2) determine the potential loss exposure (including third-party liability versus first-party expenses, if applicable), (3) consider the peril, (4) assess the hazard(s), (5) consider enhanced risk control measures, and (6) contemplate existing/future risk financing methods.
As a part of this project, you have memorialized the following key glossary terms and definitions to make your analysis more seamless:
Terms and Definitions
Risk Uncertainty concerning the occurrence of a loss
Loss Exposure
– Third-party liability versus First-party expenses Any situation in which a loss is possible
Claims brought by others against you (e.g., a lawsuit for compensation) vs. Any expenses incurred by you regardless of whether a third-party claim is brought (e.g., business interruption loss)
Peril Cause of loss
Hazards (1) Physical Hazard – a physical condition that increases the frequency or severity of loss
(2) Moral Hazard – dishonesty that increases the chance of loss
(3) Morale Hazard – carelessness or indifference to a loss that increases the frequency or severity of loss
(4) Legal Hazard – characteristics of the legal system or regulatory environment that increase the frequency or severity of losses
Risk Control Techniques that reduce the frequency or severity of losses, e.g., loss prevention
Risk Financing Techniques that provide for the funding of losses after they occur, e.g., retention, noninsurance transfers, and insurance

Below is a chart to document your thoughts before presenting to the CFO:
Scenario 1
What’s the Risk?
What’s the Loss Exposure?
What’s the Peril?
What are the relevant Hazards?
Risk Control?
Risk Financing?
Scenario 2
What’s the Risk? Susceptible to ransomware attacks by third parties from failure to train staff
What’s the Loss Exposure? First-Party expense
What’s the Peril? Failure to train employees which is easier for third parties to hack the company
What are the relevant Hazards? Legal Hazard: Employees who aren’t trained won’t be aware when their system becomes hacked by third partieswhich can be a huge liability for the company if their clientele’s private information is stolen
Risk Control? Train employees a make them aware
In the Verizon report, they list a few practices their employees can endeavor:
Maintain Integrity, Keeping the system clean, redouble your efforts, be wary of inside jobs, Scrub Packets, Stay socially aware
Risk Financing? Warranty, Insurance, putting more funds into training employees (retention)

Scenario 3
What’s the Risk?
What’s the Loss Exposure?
What’s the Peril?
What are the relevant Hazards?
Risk Control?
Risk Financing?

Scenario 4
What’s the Risk?
What’s the Loss Exposure?
What’s the Peril?
What are the relevant Hazards?
Risk Control?
Risk Financing?

Verizon Report:
Some best practices to prevent breaches
Keep it clean.
Many breaches are a result of poor security hygiene and a lack of attention to detail. Clean up human error where possible, then establish an asset and security baseline around internet-facing assets like web servers and cloud services.
Maintain integrity.
Web application compromises now include code that can capture data entered into web forms. Consider adding file integrity monitoring on payment sites, in addition to patching operating systems and coding payment applications.
Redouble your efforts.
2FA everything. Use strong authentication on customer- facing applications, any remote access and cloud-based email. There are examples of 2FA vulnerabilities, but they don’t excuse lack of implementation.
Be wary of inside jobs.
Track insider behavior by monitoring and logging access to sensitive data. Make it clear to staff just how good you are at recognizing fraudulent transactions.
Scrub packets.
Distributed denial of service (DDoS) protection is an essential control for many industries. Guard against nonmalicious interruptions with continuous monitoring and capacity planning for traffic spikes.
Stay socially aware.
Social attacks are effective ways to capture credentials. Monitor email for links and executables. Give your teams ways to report potential phishing or pretexting.

Click-through rates on phishing simulations for data partners fell from 24% to 3% during the past seven years. But 18% of people who clicked on test phishing links did so on mobile devices.

Ransom statistics:
The U.S. was hit by a barrage of ransomware attacks in 2019 that impacted at least 948 government agencies, educational establishments and health-care providers at a potential cost in excess of $7.5 billion, according to a December Emsisoft report.

Multinational manufacturers and U.S. city and county governments spent at least $176 million on costs related to ransomware attacks ranging from investigating the attack, rebuilding networks and restoring backups to paying the hackers ransom and putting preventative measures in place to avoid future incidents.

 

Image preview preview for evaluate the potential risk at issue

Evaluate the potential risk at issue

APA

313 words

Evaluate the potential risk at issue was last modified: by