Premium Essay

Lab 2

In:

Submitted By chunkz20
Words 469
Pages 2
IS3110 Lab #2: Assessment Worksheet

Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls

Student Name: _____________________________________________________________

1. From the identified threats & vulnerabilities from Lab #1 –
(List At Least 3 and No More than 5),
High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities)
a.
b.
c.
d.
e.

2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk
Management control objectives are affected?
• PO9.1 IT Risk Management Framework
• PO9.2 Establishment of Risk Context
• PO9.3 Event Identification
• PO9.4 Risk Assessment
• PO9.5 Risk Response
• PO9.6 Maintenance and Monitoring of a Risk Action Plan

3. From the identified threats & vulnerabilities from Lab #1 –
(List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability:
Confidentiality Integrity Availability
a.
b.
c.
d.
e.

4. For each of the threats and vulnerabilities from Lab #1
(List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?

5. For each of the threats and vulnerabilities from Lab #1 –
(List at Least 3 – No More than 5), assess the risk impact or risk factor that it has on your organization in the following areas:
a. Threat or Vulnerability #1: o Information – o Applications – o Infrastructure – o People –

b. Threat or Vulnerability #2: o Information – o Applications – o Infrastructure – o People –

c. Threat or Vulnerability #3: o Information – o Applications – o Infrastructure – o People –

d. Threat or Vulnerability #4: o Information – o Applications – o Infrastructure – o People –

e. Threat or Vulnerability #5:
o

Similar Documents

Premium Essay

Lab 2

...Lab #2 – Student Steps: Student steps needed to perform Lab #2 – Align Risk, Threats, & Vulnerabilities to the COBIT Risk Management Controls: 1. Connect your removable hard drive or USB hard drive to a classroom workstation. 2. Boot up your classroom workstation and DHCP for an IP host address. Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -11- Student Lab Manual 3. Login to your classroom workstation and enable Microsoft Word. 4. Conduct a high-level narrative discussion and review of the COBIT v4.1 Framework. 5. Review the COBIT P09 Control Objective definition, scope, and focus areas for assessing and managing IT risk. 6. Relate how the COBIT (P09) Control Objective definition relates to assessing and managing IT risk within each of the seven domains of a typical IT infrastructure: User, Workstation, LAN, LAN-to-WAN, WAN, Remote Access, Systems/Applications Domains 7. Explore the structure and format of how to align risks, threats, and vulnerabilities identified from your IT infrastructure to the COBIT P09 Control Objective definition, scope, and focus areas Information, Applications, Infrastructure, and People. 8. Explore the hierarchy for assessing and managing IT risks: • Step #1: Align the risk, threat or vulnerability assessment to C-I-A primary first and assess • Step #2: Align the risk, threat, or vulnerability remediation to Effectiveness, Efficiency...

Words: 381 - Pages: 2

Free Essay

Lab 2

...| Unit 2: Lab 1: Managing Files | | Week 2 Assignments | | Unit 2: Lab 1: Managing Files | | Week 2 Assignments | NT1430 / Bowser Linux networking September 25, 2013 By: Cuneo, Thomas NT1430 / Bowser Linux networking September 25, 2013 By: Cuneo, Thomas Unit 2: Lab 1: Managing Files CH 6, Lab 1: Managing Files 1. [Denise@localhost ~]$ mkdir Unit2 2. [Denise@localhost ~]$ cd Unit2 [Denise@localhost Unit2]$ mkdir memos reports 3. [Denise@localhost Unit2]$ cd [Denise@localhost ~]$ touch memo.one [Denise@localhost ~]$ touch memo.two [Denise@localhost ~]$ touch memo.three [Denise@localhost ~]$ touch report.jan report.feb report.mar 4. [Denise@localhost ~]$ cp memo.one Unit2/memos 5. [Denise@localhost ~]$ cp memo.two Unit2/memos/memo.2 6. [Denise@localhost ~]$ mv memo.three Unit2/memos ((I removed the forward slash & it worked. Not sure if it is correct or not, but I am going to continue anyway…..)) [Denise@localhost ~]$ mv memo.three/Unit2/memos mv: missing destination file operand after `memo.three/Unit2/memos' Try `mv --help' for more information. [Denise@localhost ~]$ mv memo.three /Unit2/memos mv: cannot move `memo.three' to `/Unit2/memos': No such file or directory [Denise@localhost ~]$ mv memo.three/Unit2/memos mv: missing destination file operand after `memo.three/Unit2/memos' Try `mv --help' for more information. [Denise@localhost ~]$ mv memo.three/Unit2/memos.3 mv: missing destination file operand after `memo.three/Unit2/memos...

Words: 1139 - Pages: 5

Premium Essay

Lab 2

...UMUC NSCI 101/103 Lab 2: Types of Forces INSTRUCTIONS: On your own and without assistance, complete this Lab 2 Answer Form electronically and submit it via the Assignments Folder by the date listed on your Course Schedule (under Syllabus). To conduct your laboratory exercises, use the Laboratory Manual that is available in the classroom. Laboratory exercises on your CD may not be updated. Save your Lab 2 Answer Form in the following format: LastName_Lab2 (e.g., Smith_Lab2). You should submit your document in a Word (.doc or .docx) or Rich Text Format (.rtf) for best compatibility. Experiment 1: Friction Table 1: Applied Force Required to Slide Cup Cup Material Force Applied F1 m1 = 300 g water Force Applied F2 m2 = 150 g water F1 / FN1 F2 / FN2 Plastic Avg: Avg: Avg: Avg: Styrofoam Avg: Avg: Avg: Avg: Paper F1 m1 = 150 g water F2 m1 = 100 g water F1 / FN1 F2 / FN2 Avg: Avg: Avg: Avg: Surface Description Questions: What happened to your applied force Fapp as you decreased the amount of water in the cup? Assume the mass...

Words: 619 - Pages: 3

Free Essay

Lab 2

...1. What is the principle of least privilege? The priniclple of least privilege make it possible for user to have the least amount of privilege so that not everybody has full access to the files. 2. Why would you add permissions to a group instead of the individual? It is easier and more efficient to add a group to permission instead of having to add each user. If the user is already in the group, then the user would automatically get access to the shared files. 3. Why would you allow shared access to groups instead of to everyone? Because there are different groups in a business. HR is a different group than SF. Also you do not want employees having access to the manager group folders and files 4. List at least three different types of access control permissions you can enable for a file. Read, Delete, Modify 5. Which access control permissions allow you to delete files and/or folders? Delete Child (DC) 6. What is the lowest level permission needed to view a folder’s contents? Read Data (RD) 7. If you don’t remember the syntax when using icacls.exe, what command do you type to see the options? Icacls.exe 8. What other tool could you use to modify the privileges of the files or folders of a shared drive? The command prompt \grant command 9. During the lab exercise, were you able to create, modify, or delete a text file on Server B as SFmanager or HRmanager? Explain. Yes. While using the server A as admin, While using the command prompt I gave both SFmanager and HRmanager...

Words: 276 - Pages: 2

Premium Essay

Lab 2

...Role: Voter 1. Voters should use cost-benefit analysis to make their decisions but not everyone uses it. There will be a lot of voters making the same decision but every voter will make the same decision. There are many factors in the decision making but it differs for each voter. 2. Some of the decisions made by representatives are budget, new laws and many more, most of which are aimed for the wellbeing of the people. 3. It is necessary for voters to be informed and educated to make the right decision. Given the chance to vote, a voter should have all the information to make the best decision. Role: Entrepreneur 1. Entrepreneur creates job and bring in income for the city or state through taxes. Without Entrepreneur there would be major impact on the economic system. Big businesses often need the small businesses in order to stay in business. 2. It really doesn’t matter if the resources are scarce or not. Most entrepreneur care more about maximizes the profit and little about what type of resources is used. Role: Taxpayer 1. Higher tax on gasoline mean little these day. Regardless if gas goes over $5 a gallon people still need to buy gas to get to work and to do their daily chores. 2. It could swing both ways. It all comes down to the individual, if they need the money they will put in more hours and if they don’t need the money then why should they work more if they are getting paid less per hour. 3. Of course it’s important for government to understand the importance...

Words: 507 - Pages: 3

Free Essay

Lab 2

...Bullying- I think that bullying is best defined by saying: a unsecure person looking and prying on someone that they see they can take advantage of either physically or mentally. I think the physical part is mostly in young adults and children. I think the mental bullying come into place in the work place and a lot in relationships. I think it is important to define the word bulling accurately because there are several types of bulling. It could be physical.it could be mental. It could also be verbally. The reason I say verbal and mental is because verbal you could call someone names and etc... Mentally you could play with someone’s mind by placing thoughts of threats and losses. I think in the two article the same problem was punishment. Who should get punished and should there be a standard for bulling. I think that this is a problem due to fact that there are different types of bulling it is hard to set a standard when at most times we are talking about children and who is to say if they are aware of the severity of being a bully. I think this affects the victim mostly because they never get justice. I think it’s hard to make right are take back the effects of being on the receiving end of being bullied. I don’t think that my definition of bulling has changed after reading the articles. I think that it was reinforced by both of the articles because they was on two different topics but surrounding the main subject knowns as...

Words: 267 - Pages: 2

Premium Essay

Lab 2

...------------------------------------------------- Top of Form Report Details for | Security assessment: | | Severe Risk (One or more critical checks failed.) | Computer name: | | IP address: | 192.168.2.100 | Security report name: | | Scan date: | 3/16/2016 2:54 PM | Scanned with MBSA version: | 2.3.2211.0 | Catalog synchronization date: | Security updates scan not performed | | | Sort Order: | Bottom of Form Windows Scan Results Administrative Vulnerabilities   Score   | Issue  | Result  | | Automatic Updates | | The Automatic Updates system service is not running. | What was scanned                How to correct this | | | | | Password Expiration | | All user accounts (3) have non-expiring passwords. | What was scanned      Result details      How to correct this | | | | | Incomplete Updates | | No incomplete software update installations were found. | What was scanned                | | | | | Windows Firewall | | Windows Firewall is disabled and has exceptions configured. | What was scanned      Result details      How to correct this | | | | | Local Account Password Test | | Some user accounts (1 of 3) have blank or simple passwords, or could not be analyzed. | What was scanned      Result details | | | | | File System | | All hard drives (1) are using the NTFS file system. | What was scanned      Result details | | | | | Autologon | | Autologon is...

Words: 1675 - Pages: 7

Premium Essay

Lab 2

...Chapter 9 (Writing Today, pp. 171–196) 1. What is the purpose of a commentary? * The purpose of a commentary is to express opinions on current issues and events. 2. What is the basic organizational pattern of the commentary? * Basic Organization of a commentary is Introduction, Explain the current event or issue, Support for your argument *3, Clarification of your argument, and your conclusion. 3. What are strategies for inventing the content of your commentary? * For inventing the content of your commentary you need a good and recent event/ topic. You want to watch the news, and research the event to find out what people are talking about. 4. Which sources do you consult to gain information about what others know? * The sources you consult to gain information about what others know are, Online sources, Print sources, and Empirical sources. 5. What are strategies for organizing and drafting your commentary? * The Introduction – State your purpose and state your main point/ thesis statement * Explain the Current Event or Issue- Give enough background information to help readers understand the event or issue. Also show your readers that you understand the conversation. * Support Your Position- Each reason for your argument should support the main point or thesis, you stated in the introduction. Your support needs to steadily build up your argument for your side of the issue. * Clarify Your Position – Show your...

Words: 1015 - Pages: 5

Premium Essay

Lab 2

...Virtual Machine Name | Network Settings | BackTrack Internal (Host Only)gedit .bash_profileinit 6 | IP 192.168.seat.50Subnet Mask 255.255.255.0Gateway 192.168.seat.1DNS 192.168.seat.100 | 2003 ENT SQL Server (Host Only | IP 192.168.seat.100Subnet Mask 255.255.255.0Gateway 192.168.seat.1DNS 192.168.seat.100 | SnifferInternalExternal | eth0eth1 | ISA Firewall (Internal)Host-only-ISA Firewall (External)NAT | IP 192.168.seat.1Subnet Mask 255.255.255.0------------------------------IP 216.1.seat.1Subnet Mask 255.0.0.0 | BackTrack External (NAT)gedit .bash_profileinit 6 | IP 216.100.seat.50Subnet Mask 255.0.0.0Gateway 216.1.seat.1 | Windows 7 (NAT) | IP 216.200.seat.175Subnet Mask 255.0.0.0Gateway 216.1.seat.1DNS 127.0.0.1 | Take a screenshot for each of the steps below: 1. Disable Routing and Remote Access Install ISA. Create an Access rule that allows all out. Allow pings to and from internal, external, and localhost. Create server publishing rules for FTP, TELNET, SMTP, HTTP, and POP3 for Internal 2003. From the BackTrack external machine, do a nmap scan. 5 ports should be open. * On the Firewall, open the Start Menu and click on “Administrative Tools”. Select “Routing and Remote Access”. * Right-click on “FW (local)” and select “Disable Routing and Remote Access”. * Click “Yes” when prompted. After a moment, a red down arrow will appear next to “FW (local)”. Close Routing and Remote Access. * Click on “VM” and select...

Words: 2739 - Pages: 11

Premium Essay

Lab 2

...Procedure 1. Look at the front and back of a desktop or notebook computer for the following bus connectors: RS232, USB, FireWire, and infrared. How many of each type of connector did you find? 12 2. Label the appropriate names to the ports and adaptors given below. PS/2 keyboard port PS/2 keyboard port Parallel port Parallel port Ethernet Ethernet USB ports USB ports Serial port Serial port USB mini jack USB mini jack Audio ports Audio ports USB ports USB ports Task 2: Identify Memory Slots Procedure 1. Using the Internet, locate a diagram or photo of these types of memory slots on a desktop or notebook computer: Memory Stick (MS), Micro Drive (MD), Compact Flash (CF), and Secure Digital (SD). 2. Explain the diagram or photo(s) with the name of each type of memory slot. USB 1 USB 1 Memory card slot Memory card slot Examples: USB 3.0 ports USB 3.0 ports Audio port microphone and earphone jacks Audio port microphone and earphone jacks IEEE 1394 port IEEE 1394 port E sata port E sata port Sd mini slot Sd mini slot Micro sd slot Micro sd slot USB 2.0 PORT USB 2.0 PORT Compact flash Compact flash Dual slot Dual slot Task 3: Identify the Configuration Procedure 1. Identify the following configuration. 2. Define a SCSI and the need to use a SCSI Controller. ------------------------------------------------- SCSI is a set of parallel interface standard used to attach printers, scanners, disk drives to...

Words: 403 - Pages: 2

Premium Essay

Lab 2

...1. The difference between privacy law and information systems security is very simple you must apply security to ensure privacy. In IT they relate because you must have a security process that in return will have privacy as a successful action. 2. The employee should have never taken home official data because of all the information that the files had. All the files had personal information of each patient. 3. The possible consequences that are associated with data loss are financial and in the scenario mentioned identity theft. 4. Regarding the loss of privacy data, there was data containing personal healthcare information PHI making this HIPPA compliance violation because institutions want to make sure that their patients information is not jeopardize and they to ensure security with any medical records. 5. The action that any company can take against any concerned employee is training and making sure that all employees are aware the policies. 6. The response of the company would have been different if the data theft had occurred at work instead of happening at the employee’s residence because at work the company could have traced the employee and his where abouts within the premises of the company. The consequences of violating company policy would have been much simpler to implement. 7. The VA Data Analyst’s and two supervisors that were reprimanded and demoted by the VA Secretary and the action is justified because the incident had been happening over the last three...

Words: 485 - Pages: 2

Free Essay

Lab 2 Unit 2

...Lab 2.1 1. What are the Regulatory requirements? 2. What are medical rules or laws of private information that we need to know to set up this Database with the customer information (Data privacy)? 3. Please give me any specific requirements that are necessary? Business rules 1. Appointments 2. Social security 3. Medical record 4. Driver license 1. Middle initial 2. Are you a Jr. or Sr. Patient Entity | Patient Visit entity | 1. Medical record number | 1. Group number, appointment | 2. Social security number, Driver license | 2. Allergies | 3. Taking any medications | 4. Taking any medications | Composite key | Composite keys are the most common. | Make sure patient fills out all the whole application. Lab 2.2 Data Requirements 1. Allow Software Management Team and IT Staff to view, add, edit, and delete the types of software to be tracked. This includes type of software, licensing dates, status, and location. 2. Allow Software Management Team to enter, edit, and delete New Software Requests. 3. Allow Software Management Team to view the different licensing agreements and types. This includes viewing the pricing per agreement. 4. Allow Software Management Team to sign out software to users with administrative privileges. 5. Allow Software Management Team and IT Staff to update the status of software licenses. 6. Allow users, assigned IT users, Staff, and Software Management...

Words: 342 - Pages: 2

Premium Essay

Unit 2 Lab

...Name: Patricia Sellers Date: November 22, 2013 Instructor’s Name: Trena Woolridge Assignment: SCIE211 Phase 2 Lab Report Title: Speciation Instructions: You will need to write a 1-page lab report using the scientific method to answer the following question: • What would happen if a species within a population were suddenly split into 2 groups by an earthquake that creates a physical barrier like a canyon? When your lab report is complete, post it in Submitted Assignment files. Part I: Use the animated time progression of speciation to help you write up your lab report. Part II: Write a 1-page lab report using the following scientific method sections: • Purpose • What would happen if a species within a population were to suddenly split in two groups by an earthquake that creates a physical barrier like a canyon? • Introduction • Reproduction is a natural and normal thing in our day to day lives. Animals and humans reproduce offspring, all year round. Separation is usually the furthest thing from our minds. But, mother natural can always turn anyone’s world upside down. For Example, What if a really bad earthquake hit, and caused the ground to split and drift far away from one another? Many species would be isolated from their families and environments. • Hypothesis/Predicted Outcome • A species is defined as a group of organisms that are able to interbreed to produce fertile and viable offspring under natural conditions. (Audesirk, (2008)...

Words: 450 - Pages: 2

Premium Essay

Nt2670 Lab 2

...Unit 1 Lab 2 Preparing an Application Server LAB 1-2-1 1. Which computer is hosting the Administrator account that you specified in this authentication? . This question confuses me. The administrator account I am logging into is on the VM, but my laptop is the actual host LAB 1-2-2 2. Why is the system prompting you to initialize Disk 1 at this time? Because it was not initialized when it was created 3. What happens to the Disk 1 type and status when the initialization process is complete? The type changes to basic and the status changes to online 4. Now that Disk 1 has been initialized, why doesn’t it appear in the volume list pane at the top of the console? Because it hasn’t been formatted LAB 1-2-2 Task 5 Based on the information displayed in the Disk Management snap-in, fill out the information in Table 1-2-1 on your lab worksheet. | Disk 0 | Disk 1 | Disk type (basic or dynamic) | basic | basic | Total disk size | 80GB | 16GB | Number and type of partitions | 1 Primary | 0 | Amount of unallocated space | 40GB | 16GB | 5. What volume sizing options are available in the context menu? It gives me the minimum possible, the maximum possible, and a field to input what I want the size to be 6. Why are you unable to extend the Data2 volume to Disk 1? I was able to extend Data2 to Disk 1. 7. Why is it necessary to convert both of the disks? Because a basic disk does not support a spanned volume 8. Why are you unable...

Words: 721 - Pages: 3

Premium Essay

Week 2 Lab

...Lab 2 – Water Quality and Contamination Experiment 1: Effects of Groundwater Contamination Table 1: Water Observations (Smell, Color, Etc.) | Beaker | Observations | 1 | No smell, clear color | 2 | No smell, layer of oil formed on top of water, bubbles floating around after mixing, no smell | 3 | Strong vinegar smell, clear color | 4 | Sweet smelling detergent smell, green in color, bubbles | 5 | A little soil residue at bottom, light brown in color, no smell | 6 | Soil particles at bottom, no smell, brown color | 7 | Lighter brown color, not as much soil particles, hint of vinegar smell | 8 | Olive color, brown film formed on top of water, more soil particles, same smell, soap bubbles formed in soil, | POST LAB QUESTIONS 1. Develop hypotheses on the ability of oil, vinegar, and laundry detergent to contaminate groundwater. a. Oil hypothesis = If oil is added to groundwater, it will have the ability to contaminate the water. b. Vinegar hypothesis = If vinegar is added to groundwater, it won’t have the ability to contaminate the water. c. Laundry detergent hypothesis = If laundry detergent is added to groundwater, it will have the ability to contaminate the water. 2. Based on the results of your experiment, would you reject or accept each hypothesis that you produced in question 1? Explain how you determined this. d. Oil hypothesis accept/reject = Accept- The oil left residue in the soil contaminating the water...

Words: 1125 - Pages: 5