Week 2 Lab
1.) From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5, High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities)
a. Fire destroys primary data center
b. User downloads an unknown e-mail attachment
c. Hacker penetrates your IT infrastructure and gains access to your internal network
d. Workstation OS has known software vulnerability
2.) For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected?
PO9.1 IT Risk Management Framework
PO9.2 Establishment of Risk Context
Workstation OS has known software vulnerability
PO9.3 Event Identification
PO9.4 Risk Assessment
PO9.5 Risk Response
Fire destroys primary data center
User downloads an unknown e-mail attachment
Hacker penetrates your IT infrastructure and gains access to your internal network
PO9.6 Maintenance and Monitoring of a Risk Action Plan
3.) From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability:
Confidentiality
Integrity
Availability
a) Fire destroys primary data center
X
b) User downloads an unknown e-mail attachment
X
X
c) Hacker penetrates your IT infrastructure and gains access to your internal network
X
X
d) Workstation OS has known software vulnerability
X
4.) For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
5. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk.
True
6.) Why is it important to address each identified threat or vulnerability from a C-I-A perspective?
To prevent future occurrences. Using the C-I-A approach allows you to take different angles to preventing and mitigating future
a. Fire destroys primary data center
b. User downloads an unknown e-mail attachment
c. Hacker penetrates your IT infrastructure and gains access to your internal network
d. Workstation OS has known software vulnerability
2.) For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected?
PO9.1 IT Risk Management Framework
PO9.2 Establishment of Risk Context
Workstation OS has known software vulnerability
PO9.3 Event Identification
PO9.4 Risk Assessment
PO9.5 Risk Response
Fire destroys primary data center
User downloads an unknown e-mail attachment
Hacker penetrates your IT infrastructure and gains access to your internal network
PO9.6 Maintenance and Monitoring of a Risk Action Plan
3.) From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability:
Confidentiality
Integrity
Availability
a) Fire destroys primary data center
X
b) User downloads an unknown e-mail attachment
X
X
c) Hacker penetrates your IT infrastructure and gains access to your internal network
X
X
d) Workstation OS has known software vulnerability
X
4.) For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
5. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk.
True
6.) Why is it important to address each identified threat or vulnerability from a C-I-A perspective?
To prevent future occurrences. Using the C-I-A approach allows you to take different angles to preventing and mitigating future