Stuff

Stuff

Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk management Controls
  1. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5, High/Medium/Low Nessus Risk Factors Definitions for Vulnerabilities)
  a. Denial of Service attack of organized e-mail server
  * Nessus: High
  b. Loss of Production Data
  * Nessus: Medium
  c. Unauthorized access to organization owned Workstation
  * Nessus: High
  d. Workstation browser has software vulnerability
  * Nessus: Low
  e. User downloads an unknown e-mail attachment
  * Nessus: Low

  2. For the identified threats and Vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected?
  * P09.1 Risk Management Framework- A
  * P09.2 Establishment of Risk Context – B
  * P09.3 Event Identification – A and B
  * P09.4 Risk Assessment –C, D, And E
  * P09.5 Risk Response – None
  * P09.6 Maintenance and Monitoring of a Risk Action Plan – None
  3. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No more than 5), Specify whether the threats or vulnerability impacts confidentiality – integrity – availability:
    f. Denial of Service attack of organized e-mail server   * Integrity, Availability   g. Loss of Production Data   * Confidentiality, availability     h. Unauthorized access to organization owned Workstation   *   Integrity     i.   Workstation browser has software vulnerability   * Confidentiality, availability     j. User downloads an unknown e-mail attachment   * Integrity |
  4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk Management approach for your IT infrastructure?
Denial of Service attack of organized e-mail server
  * Change passwords, close ports, and set mirror server and proxy server.
Loss of Production Data...

View Full Essay