If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
Management Of Information Security
6th Edition
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:WHITMAN, Michael.
Chapter6: Risk Management: Assessing Risk
Section: Chapter Questions
Problem 1E
Related questions
Question
Exercise 1: If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
- A CRM-Server that is connected to the Internet. It has two vulnerabilities:
- (i) susceptibility to hardware failure, with a likelihood of 8, and
- (ii) susceptibility to ransomware attack with a likelihood of 4.
The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and data
- An E-commerce server hosts the company Web site and supports customer transactions. It runs a server software that is vulnerable to a buffer overflow attack, with the likelihood of such an attack estimated at 6. The server has been assigned an impact value of 8. Assume that there are no current controls in place to protect the server, and there is a 70 percent certainty of the assumptions and data.
- A Control-Console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show that the likelihood of misuse is 2. There are no controls in place on this asset, which has an impact value of 5. There is a 90 percent certainty of the assumptions and data.
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 3 steps with 3 images
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Recommended textbooks for you
Management Of Information Security
Computer Science
ISBN:
9781337405713
Author:
WHITMAN, Michael.
Publisher:
Cengage Learning,
Principles of Information Security (MindTap Cours…
Computer Science
ISBN:
9781337102063
Author:
Michael E. Whitman, Herbert J. Mattord
Publisher:
Cengage Learning
Management Of Information Security
Computer Science
ISBN:
9781337405713
Author:
WHITMAN, Michael.
Publisher:
Cengage Learning,
Principles of Information Security (MindTap Cours…
Computer Science
ISBN:
9781337102063
Author:
Michael E. Whitman, Herbert J. Mattord
Publisher:
Cengage Learning