Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Question
Chapter 6, Problem 1E
Program Plan Intro
Vulnerability:
- Vulnerability refers to the exact methods that the threat agents can exploit for attacking an information asset.
- It is also defined as a certain fault or a weakness found in an information asset, the security process, the design or even the management which can be exploited inadvertently.
Explanation of Solution
Last evaluated vulnerability:
In this case, the third vulnerability will be evaluated last.
Reason:
- It...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Exercise 1: If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
A CRM-Server that is connected to the Internet. It has two vulnerabilities:
(i) susceptibility to hardware failure, with a likelihood of 8, and
(ii) susceptibility to ransomware attack with a likelihood of 4.
The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and data
An E-commerce server hosts the company Web site and supports customer transactions. It runs a server software that is vulnerable to a buffer overflow attack, with the likelihood of such an attack estimated at 6. The server has been assigned an impact value of 8. Assume that there are no current controls in place to protect the server, and there is…
If an organization must evaluate the following three information assets for risk management, which vulnerability should be evaluated first for additional controls? Which should be evaluated last?
Switch L4 7 connects a network to the Internet. It has two vulnerabilities: it is susceptible to a hardware failure at a likelihood of 0.2, and it is subject to an SNMP buffer overflow attack at a likelihood of 0.1. This switch has an impact rating of 90 and has no current controls in place. You are 75 percent certain of the assumptions and data.
Server WebSrv6 hosts a company Web site and performs e-commerce transactions. It has a Web server version that can be attacked by sending it invalid Unicode values. The likelihood of that attack is estimated at 0.1. The server has been assigned an impact value of 100, and control has been implanted that reduces the impact of the vulnerability by 75 percent. You are 80 percent certain of the assumptions and data.
Operators use an MGMT45 control…
Using each term as a computer network vulnerabilities category, explain an example of a vulnerability for each category in the context of Information Security.
1. Hardware
2. Software
3. Operator
4. Maintanance man
5. Access
6. Systems programmer
7. User
8. Files
9. Hardware
Chapter 6 Solutions
Management Of Information Security
Ch. 6 - Prob. 1RQCh. 6 - Prob. 2RQCh. 6 - Prob. 3RQCh. 6 - Prob. 4RQCh. 6 - Prob. 5RQCh. 6 - Prob. 6RQCh. 6 - Prob. 7RQCh. 6 - Prob. 8RQCh. 6 - Prob. 9RQCh. 6 - Prob. 10RQ
Ch. 6 - Prob. 11RQCh. 6 - Prob. 12RQCh. 6 - When you document procedures, why is it useful to...Ch. 6 - Prob. 14RQCh. 6 - Prob. 15RQCh. 6 - Prob. 16RQCh. 6 - Prob. 17RQCh. 6 - Prob. 18RQCh. 6 - Prob. 19RQCh. 6 - Prob. 20RQCh. 6 - Prob. 1ECh. 6 - Prob. 2ECh. 6 - Prob. 3ECh. 6 - Prob. 4ECh. 6 - Prob. 5ECh. 6 - Prob. 1DQCh. 6 - Prob. 2DQCh. 6 - Prob. 1EDM
Knowledge Booster
Similar questions
- To what extent does your company's network undergo preemptive vulnerability assessment?arrow_forwardVulnerability intelligence should come from four sources, which should be considered. According to your estimations, which one is the most advantageous? Why?arrow_forwardIn the following paragraphs, identify and describe four possible sources of vulnerability intelligence. Which one seems to be the most successful? Why?arrow_forward
- There should be four sources of vulnerability intelligence, which should be evaluated. Which one, in your judgment, is the most advantageous? Why?arrow_forwardA company sells products through its webpage. An attacker finds a way to inject commands into their website and retrieve information. The company stores its data unencrypted and uses a weak password for the main server. The company lost major customers’ information due to a hacking incident. From the above scenario, A. Which CIA security model elements were affected in this scenario? a.Define and identify the threat, vulnerability, and impact in this scenario? b.Suggestsome security controls, at least 3, that can be used to secure the system.arrow_forwardThe network of an entertainment company was hacked by a hactivist through a backdoor attack that lasted for two (2) minutes. Do you think there was a lack of cybersecurity risk management in the company? Why do you think so? What are the possible preventive measures that the company should have done prior to the attack? What are some possible impacts of the attack to the entertainment company?arrow_forward
- Give me 5 vulnerabilities and 5 Risk for network security level controlarrow_forwardProvide three instances of WiFi network vulnerabilities. Determine the kind of attack that might be employed against each vulnerability as well as the corresponding countermeasure.arrow_forwardA__________is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm. a. penetration test b. vulnerability scan c. vulnerability assessment d. risk appraisal (RAP)arrow_forward
- . Let us suppose a telecommunication company has hired you as their information security manager, categorize possible threats to your firm in terms of active and passive attacks and give possible solution structure to mitigate those attacks.arrow_forwardAssume a year has passed and XYZ has improved its security. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed. YXZ Software Company (Asset Value: $1,200,000 Threat Category Cost per Incident Frequency of Occurrence Cost of Controls Type of Control Programmer mistakes $5,000 1 per month $20,000 Training Loss of intellectual property $75,000 1 per 2 years $15,000 Firewall/IDS Software piracy $500 1 per month $30,000 Firewall/IDS Theft of information (hacker) $2,500 1 per 6 months $15,000 Firewall/IDS Threat of information (employees) $5,00 1 per year $15,000 Physical security Web defacement $500 1 per quarter $10,000 Firewall Theft of equipment $5,000 1 per 2 years $15,000 Physical security Viruses, worms, Trojan horses $1,500 1 per month $15,000 Antivirus Denial-of-service attack $2,500 1 per 6 months $10,000 Firewall…arrow_forwardGive THREE (3) examples of network vulnerabilities and explain the term "vulnerability" in the context of network security.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning