Shaquile Garces-Phillips
Old Dominion University School of Cybersecurity
CYSE432: Cyber Risk CSF/CMMC
Professor: Leach Josephine
(January 26, 2026)
DESCRIPTION: Risk Management and Threat Actors Lab: This lab helped me understand the basics of risk management and the different types of cyber threat actors. I learned how to identify, assess, and reduce security risks, as well as how different attacker motivations influence cyberattacks. Through this assignment, I gained a better understanding of how organizations develop security strategies to protect their systems and data from potential threats.
Exercise 1 – Risk Management
Address the following topics based on what you learned in the eMate activity:
- Terminologies and Concepts
What are the key risk management terms and concepts?
They key risk management terms and concepts include the following listed below
- Asset- Anything of value that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion.
- Threat- Is A malicious act or unexpected event that damages information systems or other related organizational assets.
- Threat Agent- An individual or group that acts, or has the power to, exploit a vulnerability or conduct other damaging activities.
- Vulnerability- Any flaw or weakness that would allow a threat to cause harm and damage an asset.
- Risk- The probability of loss due to a threat to an organization’s assets.
Risk Management Terminology - Counter Measure- An action, device, procedure, or technique that reduces a threat or a vulnerability by eliminating or preventing it.
- Security Control- A specific technical administrative or physical protection put in place, such as multifunction authentication
- Impact- Risk impact is the damage incurred by an event which causes loss of an asset or disruption of service
- Exposure- Risk impact is the damage incurred by an event which causes loss of an asset or disruption of service
- Risk assessment- Risk impact is the damage incurred by an event which causes loss of an asset or disruption of service
How do they relate to one another?
- These concepts are related to one another because assets are able to have weaknesses, in which threats will tray and take advantages of those weakness, in which security controls are user to lower the risk. Reason being risk assessments will tie everything together to find the threats and weaknesses and decided how serious they can be so that organization will know how to protect their systems.
- Risk Identification
How can risks be identified in different scenarios?
- Risk can be recognized by revieing system, processes, and daily operations in order to locate anything that could potentially increase a risk. This can include looking for possible attacks, system failures, data loss, service disruption or dame to the organizations reputation.
What key elements should you look for?
- Key elements to look for includes the following such as assets, threats vulnerabilities and threat agent. In which organizations should review where sensitive data is stored, how systems are accessed and where weakness could possibly exists.
- Risk Assessment
How do you assess likelihood and impact?
- In order to assess likelihood and impact it would have to be determined how often risk might happen and how much it could potentially cause. In which risk can be measure by using qualitive analysis or quantitative analysis.
What tools or methods can be used?
- The tools and methods that should be uses is risk scales, risk ranking, quantitative analysis and qualitative analysis to prioritize which risk should be addressed first.
- Risk Mitigation
What mitigation strategies are available?
- Mitigations strategies that are available are mitigating, transferring or accepting risk. In which organizations uses security controls such as multifactor authentication or encryptions
How should mitigation efforts be prioritized?
- Mitigation efforts should be prioritized base on how high the risk is and the potential impact. In which an high impact risks, such as data breaches or ransomware attacks should be addressed before lower impact risks.
- Risk Monitoring
Why is continuous monitoring important?
- The reason continuous risk monitoring is important is because threats and systems change over time. This is because there are always new updates, batches and threat that come out over time. By monitoring these events this helps ensure that security controls remain effective and that new risk is noticed quickly.
How can organizations manage risks over time?
- Organization can manage risk over time by constantly reviewing risk. Updating controls, reassessing vulnerabilities and monitoring accepted risk closely in order to keep risk at an acceptable level.
Exercise 2 Risk analysis
Respond to the following based on the second eMate activity:
- Quantitative vs. Qualitative Methods
How are both methods used in risk analysis?
- Both quantitative and qualitative methods are used in risk analysis to show the results of the risk assessment and help organizations have a better understanding of potential vulnerabilities, threats and their consequences.
What are the advantages and disadvantages of each?
- An advantage of the quantitative method is that it provides clear numbers and the estimated cost. However, a disadvantage is that it can be more. Complicated and requires that data to be accurate.
- An Advantage of the qualitative methods is that it is easier to understand, and it can help prioritize risks. However, a disadvantage is that it is subjective and does not provide the exact cost.
- Identifying Vulnerabilities and Threats
What steps are used to identify vulnerabilities and threats?
- Organizations identify vulnerabilities and threats by looking their assets, identifying weaknesses and possible threat that would be able to exploit those weaknesses.
How can organizations ensure identification is thorough?
- They can also make sure identification is through by running regular scans, examining past incidents and working with IT staff and security.
- Assessing Likelihood and Consequences
What factors influence likelihood and impact?
- The factors that influence likelihood and impact are threats that occur and how much damage it can cause.
How are consequences evaluated?
- Consequences are evaluated by estimating how much money could be lost, how long they systems could be down and if the organization reputation could possible be damaged.
- Determining Risk Tolerances
How are acceptable risk levels determined?
- Acceptable risk level is determined by comparing the likelihood and impact risk with what the organization is willing to accept.
Why are tolerances important?
- The reason tolerances is important is because they help organization with deciding which risk should be addressed first and which risk can be accepted
- Formulating Risk Management Strategies
What strategies can be used to manage risk?
- Organizations can manage risk by stopping activities that are too risky and using security controls to lower the chance of a threat.
How can those strategies be implemented effectively?
- These strategies can be implemented by using security controls, having clear policies, training staff and regular system checkups.
Lab 1 – Part II: Threat Actors
Questions to Focus On
- Importance of Understanding Motivations
Why is it important to understand threat actor motivations?
- It is important to understand threat actors motivations because it will help organizations predict what attackers are trying to achieve and what assets they will most likely be targeting.
How does this knowledge improve an organization’s cybersecurity posture?
- This knowledge can improve an organization cybersecurity posture by allowing cybersecurity teams to have their focus on protecting the most likely threats, targets and attack methods
- Types of Motivations
What are common cyber threat motivations (financial, political, ideological, etc.)?
- The most common motivations for cyber threats are financial gain, politics, fame, revenge and competitive advantage.
How do different motivations lead to different types of attacks?
- Different motivations can lead to different attacks because for instance financially motivated actors target banks, and private information while politically motivated actors will target information, computer systems and infrastructure.
- Developing Defenses
How can organizations develop targeted defenses based on threat actor motivations?
- Organizations can develop targeted defenses by matching there security controls to attackers motivations, such as protecting financial systems against organized crime, securing networks and websites from script kiddies and monitoring insider activity in order to prevent data theft. In addition, using layered security monitoring and access controls can help reduce risk from multiple threat actors.
