The author proposed one methodology as an example of how risk can be understood and rated fairly easily.
However, there are other methodologies, would you use the proposed methodology at your organization and explain why in comparison to other methodologies .
Faced with the need to deliver risk ratings for your organization, you will have to substitute the organizationâ€™s risk preferences for your own. For, indeed, it is the organizationâ€™s risk tolerance that the assessment is trying to achieve, not each assessorâ€™s personal risk preferences.
What is the risk posture for each particular system as it contributes to the overall risk posture of the organization?
How does each attack surface â€“ its protections if any, in the presence (or absence) of active threat agents and their capabilities, methods, and goals through each situationâ€”add up to a systemâ€™s particular risk posture?
In addition, how do all the systemsâ€™ risks sum up to an organizationâ€™s computer security risk posture?
APA style paper minimum of 1000 words