Align Risk, Threats, & Vulnerabilities sample essay
a. Unauthorized access from public internet – HIGH
b. User destroys data in application and deletes all files – LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages – MEDIUM
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – MEDIUM 2.
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels.
a. Unauthorized access from public internet – AVAILABILITY
b. User destroys data in application and deletes all files – INTEGRITY c. Workstation OS has a known software vulnerability – CONFIDENTIALITY d. Communication circuit outages – AVAILABILITY
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – INTEGRITY 4.
a. Unauthorized access from public internet – Operating system, software patches, updates, change passwords often, and hardware or software firewall. b. User destroys data in application and deletes all files – Restrict access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only. c. Workstation OS has a known software vulnerability – Define a workstation application software vulnerability window policy. Update application software and security patches according to defined policies, standards, procedures, and guidelines. d. Communication circuit outages – the role of countermeasures against catastrophic failures is not to eliminate them which is impossible, but to reduce their frequency and severity. e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – Disable internal CD
drives and USB ports. Enable automatic antivirus scans for inserted media drives, files and e-mail attachments. An antivirus scanning system examines all new files on your computer’s hard drive for viruses. Set up antivirus scanning for e-mails with attachments. The Risk Management Process
a. Step 1 Identify the hazards
b. Step 2 Decide who might be harmed and how
c. Step 3 Evaluate the risks and decide on precautions
d. Step 4 Record your findings and implement them
e. Step 5 Review your assessment and update if necessary
a. Threat or Vulnerability #1:
* Information – Social engineering/ install web filtering software. * Application – Malicious and non-malicious threats consist of inside attacks by disgruntled or malicious employees and outside attacks by non-employees just looking to harm and disrupt an organization/ computer security, software quality, and data quality programs. * Infrastructure – Terrorist organizations, both foreign and domestic/Natural forces such as time, weather and neglect. * People – Careless employees/Educating users
b. Threat or Vulnerability #2:
* Information – Intentional/Unintentional Action, battery backup/generator, journaling file system and RAID storage * Application – Software bugs/ malicious act, antivirus protection and network firewalls * Infrastructure – Power failure, Hardware failure/security fixes and system patches * People – malicious act/ Educating users
c. Threat or Vulnerability #3:
* Information – zero-hour or day zero/ Zero-day protection, Secure Socket Layer (SSL) * Application – Keeping the computer’s software up-to-date * Infrastructure – malicious software/analyze, test, report and mitigate. * People – Careless employees/Educating users
6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk. 7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective?
8. When assessing the risk impact a threat or vulnerability has on your “information” assets, why must you align this assessment with your Data Classification Standard? How can a Data Classification Standard help you assess the risk impact on your “information” assets?
9. When assessing the risk impact a threat or vulnerability has on your “application” and “infrastructure”, why must you align this assessment with both a server and application software vulnerability assessment and remediation plan?
10. When assessing the risk impact a threat or vulnerability has on your “people”, we are concerned with users and employees within the User Domain as well as the IT security practitioners who must implement the risk mitigation steps identified.
How can you communicate to your end-user community that a security threat or vulnerability has been identified for a production system or application? How can you prioritize risk remediation tasks?
11. What is the purpose of using the COBIT risk management framework and approach? Assess the likelihood and impact of risks, using qualitative and quantitative methods.
12. What is the difference between effectiveness versus efficiency when assessing risk and risk management? Effectiveness is following the instruction of a specific job while efficiency is doing the instruction in lesser time and cost. They say Effectiveness is doing what’s right and efficiency is doing things rightly done.
13. Which three of the seven focus areas pertaining to IT risk management are primary focus areas of risk assessment and risk management and directly relate to information system security?
14. Why is it important to assess risk impact from four different perspectives as part of the COBIT P09 Framework? It assigns responsibility.
15. What is the name of the organization who defined the COBIT P09 Risk Management Framework Definition? Information Systems Audit and Control Association (ISACA).
Study Acers provides students with tutoring and help them save time, and excel in their courses. Students LOVE us!No matter what kind of essay paper you need, it is simple and secure to hire an essay writer for a price you can afford at StudyAcers. Save more time for yourself. Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more