Align Risk, Threats, & Vulnerabilities Essay

a. wildcat access from public internet HIGHb. drug user destroys selective information in application and deletes all files LOW c. Workstation OS has a known parcel photograph HIGH d. Communication circuit outages MEDIUMe. User inserts CDs and USB hard stabs with personal photos, music and videos on organization owned computers MEDIUM 2.a. PO9.3 Event Identification Identify holy terrors with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 danger Assessment Assess the likelihood and impact of dangers, apply qualitative and quantitative methods. c. PO9.5 Risk Response Develop a response designed to mitigate exposure to each risk Identify risk strategies such as avoidance, reduction, acceptance determine associated responsibilities and consider risk leeway levels.a. Unauthorized access from public internet AVAILABILITYb. User destroys data in applicatio n and deletes all files INTEGRITY c. Workstation OS has a known software photograph CONFIDENTIALITY d. Communication circuit outages AVAILABILITYe. User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers INTEGRITY 4.a. Unauthorized access from public internet Operating system, software patches, updates, change passwords often, and hardware or software firewall. b. User destroys data in application and deletes all files intimidate access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only. c. Workstation OS has a known software vulnerability Define a workstation application software vulnerability window policy. Update application software and credential patches according to defined policies, standards, procedures, and guidelines. d. Communication circuit outages the voice of countermeasures against catastrophic failures is not to e liminate them which is impossible, but to reduce their frequency and severity. e. User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers Disable internal CDdrives and USB ports. Enable automatic antivirus scans for inserted media drives, files and e-mail attachments. An antivirus scanning system examines all new files on your computers hard drive for viruses. Set up antivirus scanning for e-mails with attachments. The Risk Management Processa. note 1 Identify the hazardsb. Step 2 Decide who might be harmed and howc. Step 3 Evaluate the risks and decide on precautionsd. Step 4 Record your findings and implement theme. Step 5 Review your judging and update if necessary5.a. affright or Vulnerability 1* Information Social engineering/ install web filtering software. * applications programme Malicious and non-malicious threats consist of inside attacks by disgruntled or malicious employees and outside attacks by non-employees jus t looking to harm and disrupt an organization/ computer tribute, software quality, and data quality programs. * Infrastructure Terrorist organizations, both abroad and domestic/Natural forces such as time, weather and neglect. * People Careless employees/Educating usersb. Threat or Vulnerability 2* Information Intentional/Unintentional Action, battery backup/generator, journaling file system and RAID storage * Application Software bugs/ malicious act, antivirus protection and network firewalls * Infrastructure Power failure, Hardware failure/security fixes and system patches * People malicious act/ Educating usersc. Threat or Vulnerability 3* Information zero-hour or day zero/ Zero-day protection, Secure Socket Layer (SSL) * Application Keeping the computers software up-to-date * Infrastructure malicious software/analyze, test, report and mitigate. * People Careless employees/Educating users6. True or False COBIT P09 Risk Management controls objectives focus on assessm ent and management of IT risk. 7. Why is it important to addresseach identified threat or vulnerability from a C-I-A side?8. When assessing the risk impact a threat or vulnerability has on your information assets, why must you align this assessment with your Data Classification meter? How can a Data Classification Standard help you assess the risk impact on your information assets?9. When assessing the risk impact a threat or vulnerability has on your application and infrastructure, why must you align this assessment with both a server and application software vulnerability assessment and remediation plan?10. When assessing the risk impact a threat or vulnerability has on your people, we are concerned with users and employees within the User Domain as well as the IT security practitioners who must implement the risk mitigation steps identified.How can you communicate to your end-user community that a security threat or vulnerability has been identified for a production system or a pplication? How can you prioritize risk remediation tasks?11. What is the purpose of using the COBIT risk management framework and approach? Assess the likelihood and impact of risks, using qualitative and quantitative methods.12. What is the difference between effectiveness versus efficiency when assessing risk and risk management? Effectiveness is following the instruction of a specific job while efficiency is doing the instruction in lesser time and cost. They set up Effectiveness is doing whats right and efficiency is doing things rightly done.13. Which three of the seven focus areas pertaining to IT risk management are primary focus areas of risk assessment and risk management and directly relate to information system security?14. Why is it important to assess risk impact from four different perspectives as part of the COBIT P09 Framework? It assigns responsibility.15. What is the name of the organization who defined the COBIT P09 Risk Management Framework Definition? Informat ion Systems Audit and Control Association (ISACA).