Student Solution

-->

"Education is the most powerful weapon which you can use to change the world”
– Nelson Mandela

1 University

1 Course

2 Subjects

Security Risk Management_Lab 04

Lab 04

Q 1. What is an IT risk assessment’s goal or objective?2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure?3. What was your rationale in assigning a “1” risk impact/risk factor value of “Critical” to an identified risk, threat, or vulnerability?4. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What would you say to executive management about your final recommended prioritization?5. Identify a risk-mitigation solution for each of the following risk factors: a. User downloads and clicks on an unknown e-mail attachment b. Workstation OS has a known software vulnerability c. Need to prevent eavesdropping on WLAN due to customer privacy data access d. Weak ingress/egress traffic-filtering degrades performance e. DoS/DDoS attack from the WAN/Internet f. Remote access from home office g. Production server corrupts database

View Related Questions

Solution Preview

Answer: The goal or the objective of the risk assessment is to identify, analyze and assess the risks so that it would help to find the means to mitigate the risks. Answer: The quantitative analysis needs the numerical value to represent the factors in interest. In IT infrastructure it is hard to represent the risks with only the numeric values. This is why the quantitative analysis wouldn’t be applied here.