Lab #2 Assessment Worksheet
Align Risks, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls
1.
a. Unauthorized access from public internet - HIGH b. User destroys data in application and deletes all files - LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages - MEDIUM e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM
2.
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels.
3.
a. Unauthorized access from public internet - AVAILABILITY b. User destroys data in application and deletes all files - INTEGRITY c. Workstation OS has a known software vulnerability – CONFIDENTIALITY d. Communication circuit outages - AVAILABILITY e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - INTEGRITY
4.
a. Unauthorized access from public internet – Operating system, software patches, updates, change passwords often, and hardware or software firewall. b. User destroys data in application and deletes all files – Restrict access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only. c. Workstation OS has a known software vulnerability – Define a