risk management

risk management - additional controls first? Which...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
Risk Management: Identifying and Assessing Risk Review Questions 1. List and describe briefly the three key areas of concern for risk management, risk .......................... …., risk ……. ........ ………. ., and risk ……………. . 2. Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process? What are vulnerabilities? 3. Why do networking components need more examination from an information security perspective than from a systems development perspective? Exercises 1. If an organization has three information assets to evaluate for risk management purposes as shown in the data on page 304 of your text, which vulnerability should be evaluated for
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: additional controls first? Which vulnerability should be evaluated last? n.b. the formula for risk is: (The likelihood of the occurrence of a vulnerability) * (The value of the information asset) - (The percentage of risk mitigated by current controls) + (The uncertainty of current knowledge of the vulnerability). See pages 295-298 of your text. 2. Using the Web, search for at least three tools to automate risk assessment. Collect information on automated risk assessment tools. What do they cost? What features do they provide? What are the advantages and disadvantages of each one? book Third edition : Management of information security Michael E.Whitman,Herbert J. Mattord...
View Full Document

Ask a homework question - tutors are online