Identify the asset vulnerability and threat in the

Info icon This preview shows pages 2–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Identify the Asset, Vulnerability and Threat in the inci ent (6 Marks) 11. Suggest a suitable countermeasure 'Ceycorp Ltd.' can implement to prevent further attacks similar to this. (1 Marks) , c) NIST IT risk management framework is described in the sp cial publication SP 800-39. Explain how the three tiers of implementation in the framework helps an organization to clearly define strategic and tactical decisions. (6 marks) d) aCTA VE is a well-known security evaluation framework developed by Carnegie Mellon University. It is a methodology for identifying and evaluating information security risks to an asset. 1. Describe the concept of OCTAVE 'threat profile' and its components using a suitable example. (5 marks) 11. What additional information is necessary to convert a threat profile to a risk profile? (2 marks) 2 17/05/2017
Image of page 2

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
00018 Question 2 (25 marks) a) "ISO 27005 is a global standard framework which provides guidelines for information security risk management in an organization. Compare and contrast the four different 'Risk Treatment' options according to ISO 27005. (8 Marks) b) 'Quantitative Risk Analysis' attempts to assign independent monetary values to system components, therefore offers direct risk cost projection. The following information is extracted from a risk evaluation done by a small enterprise . .! EasyCode Pvt Ltd. is a small software developing company. An initial evaluation was done to identify critical assets of the organization along with their values.
Image of page 3
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern