Questions on Risk Management Controls Essay

1162 Words Dec 22nd, 2014 5 Pages
IS3110 Lab Student Name:
Submission Requirements
Format: Microsoft Word
Your last name must be in the filename of your submitted document according the assignment naming standard. IS3110_Lab2_Lastname_First
Email to: SMichnick@itt-tech.edu
Due By: 6:00 PM CDT, Wednesday July 2, 2014
Note: Emails received after Due Date will be marked LATE and subject to a grade penalty of 10% each week it is late.

Pages 11-17 of the IS3220 Student Lab Manual
Lab #2 – Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls

Learning Objectives and Outcomes
Upon completing this lab, you will be able to:
Define what COBIT (Control Objectives for Information and related Technology) P09 Risk Management is for an IT infrastructure
…show more content…
Information – High impact (if you get most business from internet sales)
Applications –Low impact
Infrastructure –High impact
People – Low impact

b. Threat or Vulnerability #2: User destroys data in application and deletes all files. Ensure that data is backed up as often as possible to different types of storage.
Information –High Impact
Applications –Medium Impact
Infrastructure –Low Impact
People – Low Impact

c. Threat or Vulnerability #3: User downloads and unknown email attachment. Employee training and malware detection could help protect system if email is malicious.
Information –Medium Impact
Applications – Low Impact
Infrastructure –High Impact
People – Low Impact

d. Threat or Vulnerability #4: Fire destroys primary data center. This could be avoided by having primary data center in a low fire risk area or use off site data backup.
Information –High Impact
Applications –Low Impact
Infrastructure –High Impact
People –Low Impact

6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk. TRUE

7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective?? The CIA triad is a fundamental security concept. It is said that others measures of security showed be built on around the CIA concept as well.

8. When assessing the risk impact a threat or vulnerability has on your “information” assets, why must you align this assessment with your Data Classification