Wednesday, July 17, 2019

Align Risk, Threats, & Vulnerabilities Essay

a. unaccredited advance from public internet lavishlyb. exploiter destroys info in application and deletes completely files LOW c. Workstation OS has a known packet exposure HIGH d. Communication circuit outages MEDIUMe. exploiter inserts CDs and USB hard-fought forces with personal photos, medical specialty and videos on organization own computers MEDIUM 2.a. PO9.3 Event acknowledgement Identify panics with potential negative meet on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 fortune judging valuate the likelihood and impact of es judges, utilize soft and vicenary methods. c. PO9.5 Risk Response Develop a response designed to mitigate exposure to from each one risk Identify risk strategies such as avoidance, reduction, acceptance determine associated responsibilities and consider risk allowance levels.a. Unauthorized access from public internet availabilityb . exploiter destroys data in application and deletes all files INTEGRITY c. Workstation OS has a known package picture CONFIDENTIALITY d. Communication circuit outages AVAILABILITYe. User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers INTEGRITY 4.a. Unauthorized access from public internet Operating system, software package patches, updates, change passwords often, and hardware or software firewall. b. User destroys data in application and deletes all files bring down access for users to only those systems, applications, and data needed to fulfil their jobs. Minimize write/delete permissions to the data owner only. c. Workstation OS has a known software vulnerability Define a workstation application software vulnerability window policy. Update application software and trade protection patches according to define policies, standards, procedures, and guidelines. d. Communication circuit outages the exercise of countermeasures against catastrophic failures is not to eliminate them which is impossible, but to focus their frequency and severity. e. User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers Disable internal CDdrives and USB ports. Enable mechanical antivirus s female genitalss for inserted media drives, files and e-mail attachments. An antivirus scanning system examines all juvenile files on your computers hard drive for viruses. Set up antivirus scanning for e-mails with attachments. The Risk circumspection Processa. spirit 1 Identify the hazardsb. yard 2 Decide who might be harmed and howc. blackguard 3 Evaluate the risks and decide on precautionsd. Step 4 Record your findings and implement theme. Step 5 Review your appreciatement and update if necessary5.a. threat or photo 1* info complaisant engineering/ install web filtering software. * covering spiteful and non-malicious threats consist of inside attacks b y disgruntled or malicious employees and outside attacks by non-employees just smell to harm and disrupt an organization/ computer protective covering measures, software quality, and data quality programs. * Infrastructure Terrorist organizations, some(prenominal) distant and domestic/Natural forces such as time, brave and neglect. * plenty Careless employees/Educating usersb. affright or Vulnerability 2* Information Intentional/Unintentional Action, stamp battery backup/generator, journaling file system and RAID warehousing * Application Software bugs/ malicious act, antivirus protection and mesh topology firewalls * Infrastructure Power failure, Hardware failure/ trade protection fixes and system patches * People malicious act/ Educating usersc. Threat or Vulnerability 3* Information zero-hour or day zero/ Zero-day protection, Secure Socket Layer (SSL) * Application Keeping the computers software up-to-date * Infrastructure malicious software/analyze, test, re port and mitigate. * People Careless employees/Educating users6. True or False COBIT P09 Risk Management controls objectives focus on assessment and wariness of IT risk. 7. Why is it important to addresseach determine threat or vulnerability from a C-I-A sentiment?8. When assessing the risk impact a threat or vulnerability has on your learning assets, why must you align this assessment with your Data Classification modular? How can a Data Classification hackneyed help you assess the risk impact on your information assets?9. When assessing the risk impact a threat or vulnerability has on your application and groundwork, why must you align this assessment with both a server and application software vulnerability assessment and remediation plan?10. When assessing the risk impact a threat or vulnerability has on your people, we are concerned with users and employees within the User Domain as well as the IT security practitioners who must implement the risk mitigation step ide ntified.How can you communicate to your end-user community that a security threat or vulnerability has been identified for a production system or application? How can you prioritize risk remediation tasks?11. What is the purpose of using the COBIT risk circumspection framework and approach? Assess the likelihood and impact of risks, using qualitative and quantitative methods.12. What is the difference between effectiveness versus energy when assessing risk and risk management? Effectiveness is following the knowledge of a specific job while efficiency is doing the instruction in lesser time and cost. They say Effectiveness is doing whats right and efficiency is doing things rightly done.13. Which three of the seven focus areas pertaining to IT risk management are primary focus areas of risk assessment and risk management and directly relate to information system security?14. Why is it important to assess risk impact from four different perspectives as part of the COBIT P09 Frame work? It assigns responsibility.15. What is the name of the organization who defined the COBIT P09 Risk Management Framework Definition? Information Systems Audit and Control Association (ISACA).

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.