Scribd Logo
Upload

Welcome to Scribd!

  • 146 views

    IAA202 Lab02 SE150684

    Uploaded by

    Công Đại
    This document appears to be a lab assessment worksheet for a student named Chế Công Đại. The worksheet involves aligning identified risks, threats, and vulnerabilities from Lab 1 to controls from the COBIT P09 Risk Management framework. It asks the student to assess the risks from different perspectives, explain how risks can be mitigated, and why the COBIT framework is important for comprehensive IT risk management.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    IAA202 Lab02 SE150684

    Uploaded by

    Công Đại
    146 views3 pages
    This document appears to be a lab assessment worksheet for a student named Chế Công Đại. The worksheet involves aligning identified risks, threats, and vulnerabilities from Lab 1 to controls from the COBIT P09 Risk Management framework. It asks the student to assess the risks from different perspectives, explain how risks can be mitigated, and why the COBIT framework is important for comprehensive IT risk management.

    Original Title

    IAA202-Lab02-SE150684

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document appears to be a lab assessment worksheet for a student named Chế Công Đại. The worksheet involves aligning identified risks, threats, and vulnerabilities from Lab 1 to controls from the COBIT P09 Risk Management framework. It asks the student to assess the risks from different perspectives, explain how risks can be mitigated, and why the COBIT framework is important for comprehensive IT risk management.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    146 views3 pages

    IAA202 Lab02 SE150684

    Uploaded by

    Công Đại
    This document appears to be a lab assessment worksheet for a student named Chế Công Đại. The worksheet involves aligning identified risks, threats, and vulnerabilities from Lab 1 to controls from the COBIT P09 Risk Management framework. It asks the student to assess the risks from different perspectives, explain how risks can be mitigated, and why the COBIT framework is important for comprehensive IT risk management.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 3

    Course Name: IAA202

    Student Name: Chế Công Đại

    Lab #2: Assessment Worksheet


    Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls

    Instructor Name: Mai Hoang Dinh


    Lab Due Date: 12/1/2022.

    1. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5,
    High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities)
    a. Loss of production data : Medium
    b. User downloads an unknown e –mail attachment : Low
    c. Denial of service attack on organization e-mail Server : High
    d. Workstation browser has software vulnerability : Low

    2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk
    Management control objectives are affected?
    P09.1 Risk Management Framework- C
    P09.2 Establishment of Risk Context – A
    P09.3 Event Identification – C, A
    P09.4 Risk Assessment – B, D
    P09.5 Risk Response – None
    P09.6 Maintenance and Monitoring of a Risk Action Plan – None
    3. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5),
    specify whether the threat or vulnerability impacts confidentiality – integrity – availability
    Confidentiality Integrity Availability
    a. x x
    b. x
    c. x x
    d. x x
    4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you
    have remediated, what must you assess as part of your overall COBIT P09 risk management approach
    for your IT infrastructure?
    1. Loss of Production Data
    Backup data, restore from previous point if necessary
    2. User downloads an unknown e-mail attachment
    Set strength filtering, send memories
    3. Denial of Service attack of organized e-mail server
    Change passwords, close ports, and set mirror server and proxy server.
    4. Workstation browser has software vulnerability
    Course Name: IAA202
    Student Name: Chế Công Đại

    Update browser, check and auto update everyday

    5. For each of the threats and vulnerabilities from Lab #1 – (List at Least 3 and No More than 5) assess
    the risk impact or risk factor that it has on your organization in the following areas and explain how
    this risk can be mitigated and managed:
    a. Threat or Vulnerability #1: Loss of Production Data
    o Information – Threat
    o Applications – Threat
    o Infrastructure – Threat
    o People – Threat to someone
    b. Threat or Vulnerability #2: User downloads an unknown e –mail attachment
    o Information – Vulnerability
    o Applications – Vulnerability
    o Infrastructure – Vulnerability
    o People – Threat
    c. Threat or Vulnerability #3: Denial of service attack on organization e-mail Server
    o Information – Threat
    o Applications – Threat
    o Infrastructure – Threat
    o People – None
    d. Threat or Vulnerability #4: Workstation browser has software vulnerability
    Information – Vulnerability
    Application – Vulnerability
    Infrastructure – Vulnerability
    People – None
    6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and
    management of IT risk.
    True
    7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective?
    Because CIA is a balanced perspective. if it’s too secure, people will not use it, when it’s not secure enough people run the
    risk of losing information.
    8. When assessing the risk impact a threat or vulnerability has on your “information” assets, why must
    you align this assessment with your Data Classification Standard? How can a Data Classification
    Standard help you assess the risk impact on your “information” assets?
    We have to align it because it helps you classify the importance of the information and use. It will determine the level the
    risk factor is if it was compromised.
    9. When assessing the risk impact a threat or vulnerability has on your “application” and
    “infrastructure”, why must you align this assessment with both a server and application software
    vulnerability assessment and remediation plan?
    It is what any high level company works on. Anything less is unacceptable.
    Course Name: IAA202
    Student Name: Chế Công Đại

    10. When assessing the risk impact a threat or vulnerability has on your “people”, we are concerned with
    users and employees within the User Domain as well as the IT security practitioners who must
    implement the risk mitigation steps identified. How can you communicate to your end-user
    community that a security threat or vulnerability has been identified for a production system or
    application? How can you prioritize risk remediation tasks?
    Send e-mail, memos, setup a training class. The risk that can come to users the quickest or highest threat must be prioritized
    first.
    11. What is the purpose of using the COBIT risk management framework and approach?
    Comprehensive framework that assists enterprises in achieving their objectives for the governance and management of
    enterprise information and technology assets (IT). Simply stated, it helps enterprises create optimal value from IT by
    maintaining a balance between realizing benefits and optimizing risk levels and resource use.
    12. What is the difference between effectiveness versus efficiency when assessing risk and risk
    management?
    Effectiveness is following the instructions of a specific job while efficiency is doing the instructions in lesser time and cost.
    They say Effectiveness is doing what’s right and efficiency is doing things rightly done.

    13. Which three of the seven focus areas pertaining to IT risk management are primary focus areas of risk
    assessment and risk management and directly relate to information systems security?
    Assessing the risk, Mitigating Possible Risk and Monitoring the Result.
    14. Why is it important to assess risk impact from four different perspectives as part of the COBIT P.09
    Framework?
    The more perspectives you have, the better view of all the risk that are available.
    15. What is the name of the organization who defined the COBIT P.09 Risk Management Framework
    Definition?
    The IT Governance Institute

    You might also like