Identify risks that could lead to an information security breach, Identify vulnerabilities in system security, software operation, network design or employee procedures that could lead to a network failure.
2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure?
Because it is subjective, based on opinions, no CBA, and no real standards.
3. What was your rationale in assigning “1” risk impact / risk factor value of “Critical” for an identified risk, threat, or vulnerability?
Because it was the most serious risk.
4. When you assemble all of the “1” and “2” and “3” risk impact/risk factor values to the identified risk, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to the executive management in regards to your final recommended prioritization?
After the risks have been evaluated in terms of likelihood of occurrence and consequences, and when options for risk management have been reviewed, that’s when I will rank the risks and inform the program manager of the assign priorities.
I will then recommend options to the management base on my assessment.
5. Identify a risk mitigation solution for each of the following risk factors:
User downloads and clicks on an unknown e-mail attachment:
Email attachment filtering; convert to another file, attachment filtering, and user education.
Workstation OS has a known software vulnerability:
Fingerprinting tool, disconnect the workstation from the network.
Need to prevent eavesdropping on WLAN due to customer privacy data access:
Stricter controls on network security encryption.
Weak ingress/egress traffic filtering degrades performance:
Check switches, routers to ensure they are up to date. Check routing protocols, and check for unauthorized network access.
DoS/DDoS attack from the WAN/Internet:
Setup IDS and close all unneeded ports and disable ping request.
Remote access from home office:
Ensure encryption using a VPN through hardware and software.
Production server corrupts database:
Scan server for malicious code, and clean the server.
You May Also Find These Documents Helpful
-
2. What are at least three risk factors that Heru should be considering in evaluating the project? What types of risk do they represent? 5 points…
- 644 Words
- 3 Pages
Satisfactory Essays -
Business Continuity and Disaster Recovery Planning Definition Disaster: is a natural or man-caused event that damages property and assets, injures or kills people, and impairs the ability for organizations to continue operating. Business Continuity Planning: is the set of activities required to ensure the continuation of critical business processes when a disaster occurs. Disaster Recovery Planning: is the set of activities concerned with the assessment, salvage, repair, and restoration of damaged facilities and assets that support critical business processes.…
- 1114 Words
- 10 Pages
Better Essays -
The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing patients with life-threatening situations. Given the list, select which of the seven domains of a typical IT infrastructure is primarily impacted by the risk, threat, or vulnerability.…
- 404 Words
- 3 Pages
Satisfactory Essays -
analysis and evaluation of the identified risks. Offers an overall analysis and evaluation of the identified risks.…
- 427 Words
- 2 Pages
Good Essays -
Aim: to perform a firsthand investigation to compare the physical and chemical properties of magnesium and oxygen when they are experimented to form magnesium oxide…
- 631 Words
- 3 Pages
Good Essays -
Identify key risks inherent within the processes and procedures that may hinder the successful attainment of the function objectives;…
- 892 Words
- 4 Pages
Good Essays -
Hypothesis: The cyclohexene would react to the bromine water and turn colourless, whilst the cyclohexane won’t react.…
- 535 Words
- 3 Pages
Good Essays -
This form evaluates the proposed system risk based on a set of standard system risk criteria in four categories: the organization, the information system, the developers, and the users (internal and external). Each criterion is considered in the context of the organization and proposed system. Each criteria is rated (-1, 0, +1) and the ratings are totaled, providing a project risk index. A positive or negative index indicates a…
- 1120 Words
- 5 Pages
Better Essays -
* Quantify the Risks: Using a Risk Assessment Worksheet, assess the current risks in your project. Use your…
- 608 Words
- 3 Pages
Satisfactory Essays -
6.) Why is it important to address each identified threat or vulnerability from a C-I-A perspective?…
- 507 Words
- 3 Pages
Good Essays -
You must not have in your possession any material other than that expressly permitted in the rules…
- 1485 Words
- 6 Pages
Good Essays -
It is highly recommended that you accurately enter all available information about the Risk, including Severity and Priority. It is important to categorize Risks using the Category field, this will help you in building strict risk classifications.…
- 1495 Words
- 7 Pages
Good Essays -
Task 1 - Compile a list of risks for each of the five areas identified by the CFO for the risk assessment. Group thoughts by section, using the details that Don has provided, understanding of the COBIT risk management issues and understanding of IT issues.…
- 2049 Words
- 9 Pages
Good Essays -
Q2. Define risk management. What are the different types of risks that can affect a project?…
- 2089 Words
- 9 Pages
Better Essays -
By substituting one hazard with something less hazardous e.g. replace a corrosive chemical with one that does the same job but is classified as less irritant and less harmful…
- 1834 Words
- 8 Pages
Powerful Essays