a. Unauthorized access from public internet – HIGH
b. User destroys data in application and deletes all files – LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages – MEDIUM
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – MEDIUM 2.
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels.
a. Unauthorized access from public internet – AVAILABILITY
b. User destroys data in application and deletes all files – INTEGRITY c. Workstation OS has a known software vulnerability – CONFIDENTIALITY d. Communication circuit outages – AVAILABILITY
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – INTEGRITY 4.
a. Unauthorized access from public internet – Operating system, software patches, updates, change passwords often, and hardware or software firewall. b. User destroys data in application and deletes all files – Restrict access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only. c. Workstation OS has a known software vulnerability – Define a workstation application software vulnerability window policy. Update application software and security patches according to defined policies, standards, procedures, and guidelines. d. Communication circuit outages – the role of countermeasures against catastrophic failures is not to eliminate them which is impossible, but to reduce their frequency and severity. e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – Disable internal CD
The Essay on Building Vs Buying Software Buy Applications
Building Verses Buying Software applications are powerful tools in the battle to make businesses more efficient and effective. Many have tried to make do with commercial off-the-shelf software (COTS), only to find that their specific needs demanded professionally developed software. Others insist on reinventing the wheel by developing software in areas where vendors are offering an already mature, ...
drives and USB ports. Enable automatic antivirus scans for inserted media drives, files and e-mail attachments. An antivirus scanning system examines all new files on your computer’s hard drive for viruses. Set up antivirus scanning for e-mails with attachments. The Risk Management Process
a. Step 1 Identify the hazards
b. Step 2 Decide who might be harmed and how
c. Step 3 Evaluate the risks and decide on precautions
d. Step 4 Record your findings and implement them
e. Step 5 Review your assessment and update if necessary
5.
a. Threat or Vulnerability #1:
* Information – Social engineering/ install web filtering software. * Application – Malicious and non-malicious threats consist of inside attacks by disgruntled or malicious employees and outside attacks by non-employees just looking to harm and disrupt an organization/ computer security, software quality, and data quality programs. * Infrastructure – Terrorist organizations, both foreign and domestic/Natural forces such as time, weather and neglect. * People – Careless employees/Educating users
b. Threat or Vulnerability #2:
* Information – Intentional/Unintentional Action, battery backup/generator, journaling file system and RAID storage * Application – Software bugs/ malicious act, antivirus protection and network firewalls * Infrastructure – Power failure, Hardware failure/security fixes and system patches * People – malicious act/ Educating users
The Term Paper on Management of Information System 2
1.0 Introduction This report is written to propose the Chief Executive Officer (CEO) and Board of Director of Dimensi Expressway Berhad (DEX) on how MIS can be used to improve our highway management and maintenance. Every system practicing now has their strength and weakness together with the improvement in technology. Therefore, the Road Management and Maintenance System was not excluded and need ...
c. Threat or Vulnerability #3:
* Information – zero-hour or day zero/ Zero-day protection, Secure Socket Layer (SSL) * Application – Keeping the computer’s software up-to-date * Infrastructure – malicious software/analyze, test, report and mitigate. * People – Careless employees/Educating users
6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk. 7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective?
8. When assessing the risk impact a threat or vulnerability has on your “information” assets, why must you align this assessment with your Data Classification Standard? How can a Data Classification Standard help you assess the risk impact on your “information” assets?
9. When assessing the risk impact a threat or vulnerability has on your “application” and “infrastructure”, why must you align this assessment with both a server and application software vulnerability assessment and remediation plan?
10. When assessing the risk impact a threat or vulnerability has on your “people”, we are concerned with users and employees within the User Domain as well as the IT security practitioners who must implement the risk mitigation steps identified.
How can you communicate to your end-user community that a security threat or vulnerability has been identified for a production system or application? How can you prioritize risk remediation tasks?
11. What is the purpose of using the COBIT risk management framework and approach? Assess the likelihood and impact of risks, using qualitative and quantitative methods.
12. What is the difference between effectiveness versus efficiency when assessing risk and risk management? Effectiveness is following the instruction of a specific job while efficiency is doing the instruction in lesser time and cost. They say Effectiveness is doing what’s right and efficiency is doing things rightly done.
The Essay on Assessing the Impact of Specific Environmental Factors
These five forces reflect the underlying structure of the market and will be discussed separately. They are distinct from the short run fluctuations that can affect market behaviour such as supply shortages, tax changes, strikes, etc. The five competitive forces are: 1. Threats posed by new entrants 2. Threats posed by substitutes 3. Bargaining power of Buyers 4. Bargaining power of Suppliers. ...
13. Which three of the seven focus areas pertaining to IT risk management are primary focus areas of risk assessment and risk management and directly relate to information system security?
14. Why is it important to assess risk impact from four different perspectives as part of the COBIT P09 Framework? It assigns responsibility.
15. What is the name of the organization who defined the COBIT P09 Risk Management Framework Definition? Information Systems Audit and Control Association (ISACA).
