Saturday, March 2, 2019
Align Risk, Threats, & Vulnerabilities Essay
a. unaccredited entranceway from public internet HIGHb. substance abuser destroys data in occupations programme and deletes all told files LOW c. Workstation OS has a cognise software exposure HIGH d. Communication circuit outages mediocree. User inserts CDs and USB surd drives with face-to-face photos, music and videos on validation owned calculators MEDIUM 2.a. PO9.3 Event Identification tell threats with electric potential negative intrusion on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 stake Assessment Assess the likelihood and shock of lay on the lines, apply qualitative and quantitative methods. c. PO9.5 Risk Response Develop a response designed to ebb exposure to each adventure Identify happen strategies such as avoidance, reduction, acceptance determine associated responsibilities and consider risk tolerance levels.a. Unauthorized access from public interne t AVAILABILITYb. User destroys data in application and deletes all files INTEGRITY c. Workstation OS has a known software vulnerability CONFIDENTIALITY d. Communication circuit outages AVAILABILITYe. User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers INTEGRITY 4.a. Unauthorized access from public internet Operating system, software patches, updates, change passwords often, and hardware or software firewall. b. User destroys data in application and deletes all files Restrict access for users to only those systems, applications, and data needed to perform their jobs. diminish write/delete permissions to the data owner only. c. Workstation OS has a known software vulnerability Define a workstation application software vulnerability window policy. Update application software and security patches according to specify policies, standards, procedures, and guidelines. d. Communication circuit outages the role of counterme asures against catastrophic failures is not to eliminate them which is impossible, hardly to reduce their frequency and severity. e. User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers Disable internal CDdrives and USB ports. Enable automatic antivirus scans for inserted media drives, files and e-mail attachments. An antivirus scanning system examines all fresh files on your computers hard drive for viruses. Set up antivirus scanning for e-mails with attachments. The Risk instruction Processa. Step 1 Identify the hazardsb. Step 2 Decide who might be combat injuryed and howc. Step 3 Evaluate the risks and decide on precautionsd. Step 4 Record your findings and utensil theme. Step 5 Review your assessment and update if necessary5.a. affright or Vulnerability 1* culture Social engineering/ ready web filtering software. * Application Malicious and non- leering threats consist of inside attacks by dissatisfy or malicious employees and outside attacks by non-employees just looking to harm and disrupt an organization/ computer security, software quality, and data quality programs. * substructure Terrorist organizations, both foreign and domestic/Natural forces such as time, brave and neglect. * People Careless employees/Educating usersb. Threat or Vulnerability 2* Information Intentional/Unintentional Action, battery backup/generator, journaling file system and wear out storage * Application Software bugs/ malicious act, antivirus protection and network firewalls * nucleotide Power failure, Hardware failure/security fixes and system patches * People malicious act/ Educating usersc. Threat or Vulnerability 3* Information zero-hour or day zero/ Zero-day protection, Secure Socket Layer (SSL) * Application Keeping the computers software up-to-date * Infrastructure malicious software/analyze, test, spread over and mitigate. * People Careless employees/Educating users6. True or False COBIT P09 Risk Management controls objectives revolve around on assessment and management of IT risk. 7. Why is it important to anticipateeach identified threat or vulnerability from a C-I-A scene?8. When assessing the risk impact a threat or vulnerability has on your teaching assets, why must you align this assessment with your Data smorgasbord Standard? How can a Data Classification Standard helper you assess the risk impact on your information assets?9. When assessing the risk impact a threat or vulnerability has on your application and substructure, why must you align this assessment with both a waiter and application software vulnerability assessment and remediation plan?10. When assessing the risk impact a threat or vulnerability has on your raft, we are concerned with users and employees within the User Domain as tumesce as the IT security practitioners who must implement the risk mitigation step identified.How can you communicate to your end-user community that a securit y threat or vulnerability has been identified for a production system or application? How can you prioritize risk remediation tasks?11. What is the purpose of using the COBIT risk management framework and approach? Assess the likelihood and impact of risks, using qualitative and quantitative methods.12. What is the difference between effectiveness versus efficiency when assessing risk and risk management? Effectiveness is following the instruction of a unique(predicate) job while efficiency is doing the instruction in lesser time and cost. They say Effectiveness is doing whats right and efficiency is doing things rightly done.13. Which tether of the seven focus areas pertaining to IT risk management are primary focus areas of risk assessment and risk management and directly relate to information system security?14. Why is it important to assess risk impact from four different perspectives as part of the COBIT P09 Framework? It assigns responsibility.15. What is the name of the org anization who defined the COBIT P09 Risk Management Framework Definition? Information Systems canvas and Control Association (ISACA).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment