Unit 7 Technical Assessment Questions
1. Why is risk mitigation and filling in critical security gaps an important next step after the security assessment is performed?
During your security assessment you probably found some gaps, some of them may be critical gaps, so naturally the next step should be to fix those gaps. Once you know you are exposed you want to fix those gaps ASAP before they get exploited.
2. How do you align the results of the qualitative risk assessment to risk mitigation?
You align the results by how likely each risk is to be exploited. The critical security gaps should be taken care of before the low level risks.
3. What were the major elements of your risk mitigation project plan?
Risks, Priority, Impact (short/long term), Mitigation Costs, and the Timeline
4. What tasks and deliverables are needed to implement your risk mitigation recommendations? Pick one of the seven domains of a typical IT infrastructure and answer uniquely.
For the Sys/App domain: System Planning and Acceptance
Function Test to exercise the processing logic of the system to expose errors in data base updates, calculations and edits and to ensure that the system delivers all functionality described in the Preliminary Design
Schedule a non-production test to verify system is work correctly before going live and monitor system log and errors for problems
Security Test to ensure that the system meets the specifications
Schedule a non-production test to verify system meet the minim specifications
Human Interface Test to ensure that human interface is function. Like keyboards, mouse’s and CAC Card readers are working.
Schedule a test to verify the peripheral are tested to ensure the correct peripheral devices is being plug in and ensure usb drive/cd rom are disable.
System Acceptance
Function Test to exercise the processing logic of the system to expose errors in data base updates, calculations and edits and to ensure that the system delivers all functionality described in the Preliminary
During your security assessment you probably found some gaps, some of them may be critical gaps, so naturally the next step should be to fix those gaps. Once you know you are exposed you want to fix those gaps ASAP before they get exploited.
2. How do you align the results of the qualitative risk assessment to risk mitigation?
You align the results by how likely each risk is to be exploited. The critical security gaps should be taken care of before the low level risks.
3. What were the major elements of your risk mitigation project plan?
Risks, Priority, Impact (short/long term), Mitigation Costs, and the Timeline
4. What tasks and deliverables are needed to implement your risk mitigation recommendations? Pick one of the seven domains of a typical IT infrastructure and answer uniquely.
For the Sys/App domain: System Planning and Acceptance
Function Test to exercise the processing logic of the system to expose errors in data base updates, calculations and edits and to ensure that the system delivers all functionality described in the Preliminary Design
Schedule a non-production test to verify system is work correctly before going live and monitor system log and errors for problems
Security Test to ensure that the system meets the specifications
Schedule a non-production test to verify system meet the minim specifications
Human Interface Test to ensure that human interface is function. Like keyboards, mouse’s and CAC Card readers are working.
Schedule a test to verify the peripheral are tested to ensure the correct peripheral devices is being plug in and ensure usb drive/cd rom are disable.
System Acceptance
Function Test to exercise the processing logic of the system to expose errors in data base updates, calculations and edits and to ensure that the system delivers all functionality described in the Preliminary