Hardware is divided into 1 the usual systems devices

This preview shows page 54 - 57 out of 66 pages.

We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Guide to Networking Essentials
The document you are viewing contains questions related to this textbook.
Chapter 10 / Exercise 16
Guide to Networking Essentials
Tomsho
Expert Verified
- Hardware is divided into (1) the usual systems devices and their peripherals and (2) thedevices that are part of InfoSec control systems. The latter must be protectedmorethoroughly than the former.- Networking components include networking devices (such as firewalls, routers, andswitches) and the systems software within them, which is often the focal point of attacks,with successful attacks continuing against systems connected to the networks.PTS:1REF:2842.For the purposes of relative risk assessment how is risk calculated?ANS:Risk equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.PTS:1REF:303
We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Guide to Networking Essentials
The document you are viewing contains questions related to this textbook.
Chapter 10 / Exercise 16
Guide to Networking Essentials
Tomsho
Expert Verified
3.List the stages in the risk identification process in order of occurrence.ANS:Plan and Organize ProcessCreate System Component CategoriesDevelop Inventory of AssetsIdentify ThreatsSpecify Vulnerable AssetsAssign Value or Impact Rating to AssetsAssess Likelihood for VulnerabilitiesCalculate Relative Risk Factor for AssetsPreliminary Review of Possible ControlsDocument FindingsPTS:1REF:2834.What does it mean to ‘know the enemy’ with respect to risk management?ANS:Once an organization becomes aware of its weaknesses, managers can take up Sun Tzu’s second dictum: Know the enemy. This means identifying, examining, and understanding the threats facing the organization’s information assets. Managers must be fully prepared to identify those threats that pose risks to the organization and the security of its information assets.PTS:1REF:2815.What strategic role do the InfoSec and IT communities play in risk management? Explain.ANS:InfoSec - Because members of the InfoSec community best understand the threats and attacks that introduce risk, they often take a leadership role in addressing risk.IT - This group must help to build secure systems and ensure their safe operation. For example, IT builds and operates information systems that are mindful of operational risks and have proper controls implemented to reduce risk.PTS:1REF:281-2826.What are the included tasks in the identification of risks?ANS:Creating an inventory of information assetsClassifying and organizing those assets meaningfullyAssigning a value to each information assetIdentifying threats to the cataloged assets
Pinpointing vulnerable assets by tying specific threats to specific assetsPTS:1REF:2827.Describe the use of an IP address when deciding which attributes to track for each information asset.ANS:This attribute is useful for network devices and servers but rarely applies to software. You can, however, use a relational database and track software instances on specific servers or networking devices. Many larger organizations use the Dynamic Host Configuration Protocol (DHCP) within TCP/IP, which reassigns IP numbers to devices as needed, making the use of IP numbers as part of the asset-identification process very difficult.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture