2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure?
Contacting an analysis of information technology availability risk is cumbersome due to unplanned an events that counters how available the marginal aspects of the systems since the general objective risk analysis procedures hardly do they avail credible solutions meant to handle the emerging problems
3. What was your rationale in assigning a 1 risk impact/risk factor value of Critical to anidentified risk, threat, or vulnerability?
Critical risks are those that need urgency in mitigating since any delay may lead to serious collapse of the system hence hampering the generation functionality of the infrastructure.
4. After you had assigned the 1, 2, and 3 risk impact/risk factor values to the identified risks,threats, and vulnerabilities, how did you prioritize the 1, 2, and 3 risk elements? Whatwould you say to executive management about your final recommended prioritization?
Priority in assigning the risk value is based on the impact the risk has to the infrastructure. The risks with the bigger values do not have a serious impact as the one with lesser values like 1 or 2.
5. Identify a risk-mitigation solution for each of the following risk factors:a. User downloads and clicks on an unknown e-mail attachment
activate filtering of content as well as scanning
b. Workstation OS has a known software vulnerability
Update application software as well as security patches
c. Need to prevent eavesdropping on WLAN due to customer privacy data access
Use encryption as well as VPN tunnels for end to end secure IP connection
d. Weak ingress/egress traffic-filtering degrades performance
Apply and enforce strict security monitoring controlse. DoS/DDoS attack from the WAN/Internet
Apply and enforce filters to exterior IP
f. Remote access from home office
Apply and enforce organizations data classification standards
g. Production server corrupts database
Use workstation antivirus and malicious code policies as well as standards to safeguard the server data bases.
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Research Paper on Management: The Balanced Scorecard
- The Interview Questionnaire Example
- Marketing Research Proposal Example: Hungry Jacks and the Fast-Food Industry in Australia
- Management Essay Example: Shaping Cultures and Ethics of the Organization
- Project Proposal
- Understanding ISO 27001 and Auditing the Security Program
- Management Essay Example: Phases in Implementing Change