Preview

Questions on Risk Management Controls

Satisfactory Essays
Open Document
Open Document
1165 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Questions on Risk Management Controls
IS3110 Lab Student Name:
Submission Requirements
Format: Microsoft Word
Your last name must be in the filename of your submitted document according the assignment naming standard. IS3110_Lab2_Lastname_First
Email to: SMichnick@itt-tech.edu
Due By: 6:00 PM CDT, Wednesday July 2, 2014
Note: Emails received after Due Date will be marked LATE and subject to a grade penalty of 10% each week it is late.

Pages 11-17 of the IS3220 Student Lab Manual
Lab #2 – Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls

Learning Objectives and Outcomes
Upon completing this lab, you will be able to:
Define what COBIT (Control Objectives for Information and related Technology) P09 Risk Management is for an IT infrastructure
Describe the 6 control objectives of COBIT P09 which are used as benchmarks for IT risk assessment and risk management
Relate how threats and vulnerabilities align to the COBIT PO9 Risk Management definition for the assessment and management of IT risk
Use the COBIT PO9 controls as a guide to define the scope of risk management for an IT infrastructure
Apply the COBIT PO9 controls to help plan and organize the identified IT risks, threats, and vulnerabilities and the on-going management and remediation operation requirements

Overview
Think of the COBIT framework as a giant checklist for what an IT or Risk Management auditors would do if they were going to audit how your organization approaches risk management for your IT infrastructure. COBIT P09 defines 6 control objectives for assessing and managing IT risk within four different focus areas.
The first lab task is to align your identified threats and vulnerabilities from Lab #1 – How to Identify Threats and Vulnerabilities in Your IT Infrastructure.

Lab Assessment Questions & Answers
Given the scenario of a healthcare organization, answer the following Lab #1 assessment questions from a risk management perspective:

1. From the identified threats & vulnerabilities from Lab #1 –
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Nt1330 Unit 1 Case Analysis
    • 259 Words
    • 2 Pages

    Nt1330 Unit 1 Case Analysis

    IS3110: Unit 1 Role Scenario 1) Identify threats to the seven domains of IT within the organization: A. User: Destroy data B. Workstation: Loss of data, not updated C. LAN: Unauthorized user, weak password D. LAN –WAN: Hackers, weak traffic filtering E. WAN- FTP anon uploads, DoS/DDoS F. System Application: Fire, DoS/DDoS, SQL injection corrupting data G. Remote: user virus, remote from office unsecure, VPN tunnel hack 2) Identify vulnerabilities in the seven domains of IT within the organization. A. User: Infected media, social engineering B. Workstation: OS vulnerability, browser vulnerability C. LAN: Worms, LAN OS vulnerability D. LAN-WAN: malicious websites, unblocked ports E. WAN: network outages F. System Application: ISP…

    • 259 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    IS3220 Project Network Security Plan Ch
    • 4134 Words
    • 12 Pages

    IS3220 Project Network Security Plan Ch

    The Corporation Tech IT Network Security Plan establishes guidelines for IT practices used on a day to day basis to provide a secure and robust computing environment. These practices are used in order to protect the mission, operation, and reputation of Corporation Tech System and its information systems.…

    • 4134 Words
    • 12 Pages
    Better Essays
    Read More
  • Good Essays

    Nt1310 Unit 3 Assignment 1
    • 1244 Words
    • 5 Pages

    Nt1310 Unit 3 Assignment 1

    Analysis and explanation of the threat and vulnerability pairs and their likelihood of occurrence. The chart explains the aspects of the vulnerabilities and threats. b\Because we have no data on these threats on the amount of occurrences we cannot assign an impact rating or a probability rating in which is high medium an low (reference page 121 of book)…

    • 1244 Words
    • 5 Pages
    Good Essays
    Read More
  • Powerful Essays

    IS3110 U5L1
    • 912 Words
    • 4 Pages

    IS3110 U5L1

    One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…

    • 912 Words
    • 4 Pages
    Powerful Essays
    Read More
  • Good Essays

    RLOT2 Task 2 B rev 1
    • 569 Words
    • 2 Pages

    RLOT2 Task 2 B rev 1

    The only zero cost opportunity, standardizing polices and procedures, is also the most difficult. Processes for incident response, patch management, and preventative maintenance must be developed, refined and communicated to the appropriate staff. Incident response processes must further be exercised so all incident responders know exactly what to do in the event of a (D)DoS. Development and deployment policies must be developed defining the process for development and deployment and use of University owned and managed computing devices. Security must be forefront-outlining security in the software development life cycle (SDLC) for both University developed applications and off the shelf applications.…

    • 569 Words
    • 2 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Lab 4 Assessment Worksheet Millers Class
    • 339 Words
    • 2 Pages

    Lab 4 Assessment Worksheet Millers Class

    2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure?…

    • 339 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    NT2580 Project part 1
    • 606 Words
    • 3 Pages

    NT2580 Project part 1

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
    Read More
  • Powerful Essays

    Is3110 Week4 Lab1
    • 569 Words
    • 2 Pages

    Is3110 Week4 Lab1

    3 How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?…

    • 569 Words
    • 2 Pages
    Powerful Essays
    Read More
  • Powerful Essays

    HHS 350: Categorizing Vulnerabilities In An Organization
    • 2036 Words
    • 9 Pages

    HHS 350: Categorizing Vulnerabilities In An Organization

    There are quite a few vulnerabilities that can affect organizations productivity. These vulnerabilities can be environmental, utilities & service, criminal behavior, equipment failure, and information security issues. To protect the organization against loss of productivity and data loss we have created an assessment of the potential danger each category of threat presents. We created a worksheet (located on the last page of this document) listing each type of vulnerability and ranked the probability and severity of each of the threats. Using a probability and severity legend that had one…

    • 2036 Words
    • 9 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    ISSC363 Assignment 3
    • 586 Words
    • 2 Pages

    ISSC363 Assignment 3

    At its core, the purpose of a risk assessment is identifying and evaluating risks that may potentially have a negative impact on an organization. It can help management understand the impact in terms of costs to the organization or the severity of a loss depending on the methodology used to conduct the risk assessment. The goal is to provide sound recommendations based on the risk assessment to help maintain data confidentiality, integrity and vulnerability while ensuring functionality and usability. Based on the results, management can make more informed decisions about what resources to protect, how to protect them and understand the potential costs and impact. Once the purpose of the risk assessment is understood, defining the scope is next.…

    • 586 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Cmgt 441 Homeland Security Research Paper
    • 1317 Words
    • 6 Pages

    Cmgt 441 Homeland Security Research Paper

    The review results were positive with a suggestion for an improvement. The team found that RedSeal product provides the intelligence necessary to improve defenses, maintain continuous compliance and mitigate real-world risks by identifying the available paths of access and exposed vulnerabilities present across a network (Stephenson, 2012). The RedSeal solution is either a hardware appliance or software product and is architected for a fast and efficient means of implementing the system (Stephenson, 2012). The design will provide the most secure, scalable, and dependable deployment possible (Stephenson, 2012). Continuous monitoring focuses on correlating IT, network, and vulnerability feeds (Stephenson, 2012). The system identifies risk associated with the business’s security effectiveness as opposed to policy and compliance driven tools (Stephenson, 2012). RedSeal provides a large library of supported vendor products, allowing security and vulnerability data to be quickly and easily imported into the system. The system automatically builds network maps and correlates the map data with configuration and vulnerability data, which creates a threat reference library. RedSeal finds and eliminates gaps in businesses security controls and prioritizes the impact of those gaps. RedSeal is not an assessment or audit tool, but it does correlate risk to various controls for compliance regulations, creating reports that show gaps in deployed configurations/controls (Stephenson, 2012). The team would have liked to have seen more integration with governance, risk, and compliance solutions (Stephenson, 2012). The product only provided a piece of the risk picture. The piece is important, and one that a number of assessment and audit driven tools do not deliver and could leverage (Stephenson,…

    • 1317 Words
    • 6 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    NT2580
    • 526 Words
    • 5 Pages

    NT2580

    Common security countermeasures typically found in an IT infrastructure  Risk assessment approach to securing an IT infrastructure  Risk mitigation strategies to shrink the information security gap NT2580 Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS NT2580…

    • 526 Words
    • 5 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    NT2580 Graded Assignments
    • 5288 Words
    • 22 Pages

    NT2580 Graded Assignments

    You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions.…

    • 5288 Words
    • 22 Pages
    Better Essays
    Read More
  • Good Essays

    Evolution of Homeland Security
    • 734 Words
    • 3 Pages

    Evolution of Homeland Security

    Question 3. What approach to risk management will identify threats, vulnerabilities, and the critical assets that we must protect?…

    • 734 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Security Posture Assessment Scope of Work
    • 783 Words
    • 4 Pages

    Security Posture Assessment Scope of Work

    The first step in securing your network is to identify the vulnerability and the risk associate with it. Risk Treatment Plan is based on overall security framework and based on the risk and vulnerability assessment. Risk Treatment is a process of selection and implementation of measures to mitigate risks identified earlier. We shall help your COMPANY in deciding the approach that it would take to manage the vulnerability and determine the degree of risk that it is prepared to accept. We shall assist technical team in formulating an effective vulnerability mitigation and resolution to address the vulnerabilities associated with the assets of the organization. This would be done by recommending industry best practice controls and establishing procedures for your company to mitigate these risks. The vulnerability assessment activity will address the security of different layers of technology according to the following diagram. There are several technology elements which will address more than one layer.…

    • 783 Words
    • 4 Pages
    Good Essays
    Read More

Related Topics