S3110 Risk Management in Information Technology Security Quiz Quiz Questions 1. Define an SLA and state why it is required in a risk adverse organization. A SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of business
Words: 462 - Pages: 2
Joseph Rogers IS3110 1-30-15 1. SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of business and formulation of disaster recovery. 2. The user domain has several risk’s involved, as people are involved and
Words: 389 - Pages: 2
Overview One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual
Words: 870 - Pages: 4
Lab 2 Align Risk, Treats, & Vulnerabilities to COBIT P09 Risk Management Controls 1. Risk Factors a. Remote communications from home office (MEDIUM Risk) b. LAN server OS has known software vulnerability (HIGH Risk) c. User downloads an unknown e-mail attachment (HIGH Risk) 2. COBIT Risk Management * No. * Yes, the identified software vulnerabilities relate to risk context for both internal and external access. * Yes, the identified software vulnerabilities themselves
Words: 794 - Pages: 4
qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuio
Words: 1102 - Pages: 5
1. What is the goal or objective of an IT risk assessment? The goal is to define how the risk to the system will be managed, controlled, and monitored. 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? A qualitative assessment is based on opinion than actual fact, and IT risk assessments need to be based on a quantitative analysis. 3. What was your rationale in assigning “1” risk impact/risk factor value of “critical” for an identified risk, threat, or vulnerability
Words: 322 - Pages: 2
Unit 1 Roles Scenario 1. There are many different threats to consider when considering the IT infrastructure at hand.1 of the branches is located in Oklahoma and that is know for its tornados that could be a environmental hazard right there. Also the fact that they employ so many people all over the whole country provides human threats from disgruntled employees. The database server has all of its information stored locally rather. 2. The location in Oklahoma is a vulnerability because of
Words: 365 - Pages: 2
IS3110 Lab 6 DAWOOD ALRUBAYE 1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most. 2. 2. Based on your executive
Words: 319 - Pages: 2
Brett Reigel Lab 2 Assessment Worksheet COBIT 1. A. WAN to LAN Domain B. System Application Domain C.LAN Domain D. Server Domain 2. a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop
Words: 373 - Pages: 2
1. A computer incident is a violation of a security policy or security practice. P 393 2. All events on a system or network are considered computer security incidents. P 394 b. false 3. An administrator has discovered that a Web server is responding very slowly. Investigation shows that the processor, memory, and network resources are being consumed by outside attackers. This is a DoS or DDoS attack. P 402-403 4. A user has installed P2P software on a system. The organization’s
Words: 454 - Pages: 2
