IS3110 Lab 2 Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls
1.
a. Unauthorized access from public internet - HIGH
b. User destroys data in application and deletes all files - LOW
c. Workstation OS has a known software vulnerability – HIGH
d. Communication circuit outages - MEDIUM
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM
2.
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects.
b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods.
c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels.
3.
a. Unauthorized access from public internet - AVAILABILITY
b. User destroys data in application and deletes all files - INTEGRITY
c. Workstation OS has a known software vulnerability – CONFIDENTIALITY
d. Communication circuit outages - AVAILABILITY
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - INTEGRITY
4.
a. Unauthorized access from public internet – Operating system, software patches, updates, change passwords often, and hardware or software firewall.
b. User destroys data in application and deletes all files – Restrict access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only.
c. Workstation OS has a known software vulnerability – Define a workstation application software vulnerability window policy. Update application software and security patches according to defined policies, standards, procedures, and guidelines.
d. Communication circuit outages - the role of countermeasures
a. Unauthorized access from public internet - HIGH
b. User destroys data in application and deletes all files - LOW
c. Workstation OS has a known software vulnerability – HIGH
d. Communication circuit outages - MEDIUM
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM
2.
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects.
b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods.
c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels.
3.
a. Unauthorized access from public internet - AVAILABILITY
b. User destroys data in application and deletes all files - INTEGRITY
c. Workstation OS has a known software vulnerability – CONFIDENTIALITY
d. Communication circuit outages - AVAILABILITY
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - INTEGRITY
4.
a. Unauthorized access from public internet – Operating system, software patches, updates, change passwords often, and hardware or software firewall.
b. User destroys data in application and deletes all files – Restrict access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only.
c. Workstation OS has a known software vulnerability – Define a workstation application software vulnerability window policy. Update application software and security patches according to defined policies, standards, procedures, and guidelines.
d. Communication circuit outages - the role of countermeasures