Exercise 1: If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?A CRM-Server that is connected to the Internet. It has two vulnerabilities:(i) susceptibility to hardware failure, with a likelihood of 8, and(ii) susceptibility to ransomware attack with a likelihood of 4.The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and dataAn E-commerce server hosts the company Web site and supports customer transactions. It runs a server software that is vulnerable to a buffer overflow attack, with the likelihood of such an attack estimated at 6. The server has been assigned an impact value of 8. Assume that there are no current controls in place to protect the server, and there is a 70 percent certainty of the assumptions and data.A Control-Console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show that the likelihood of misuse is 2. There are no controls in place on this asset, which has an impact value of 5. There is a 90 percent certainty of the assumptions and data.

Answered: Image /qna-images/answer/916c1dc1-37a5-4b91-b501-532f39c46d30.jpg

Answered: If an organization has three…

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter6: Risk Management: Assessing Risk

Section: Chapter Questions

Problem 1E

See similar textbooks

Related questions

Question

Exercise 1: If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?

A CRM-Server that is connected to the Internet. It has two vulnerabilities:
- (i) susceptibility to hardware failure, with a likelihood of 8, and
- (ii) susceptibility to ransomware attack with a likelihood of 4.

The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and data

An E-commerce server hosts the company Web site and supports customer transactions. It runs a server software that is vulnerable to a buffer overflow attack, with the likelihood of such an attack estimated at 6. The server has been assigned an impact value of 8. Assume that there are no current controls in place to protect the server, and there is a 70 percent certainty of the assumptions and data.
A Control-Console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show that the likelihood of misuse is 2. There are no controls in place on this asset, which has an impact value of 5. There is a 90 percent certainty of the assumptions and data.

Expert Solution

Step by step

Solved in 3 steps with 3 images

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.