Product 2 Lab #2
1 . From the Determined threats & vulnerabilities via Lab#1 - (List at least a few and No Much more than 5, High/Medium/Low Nessus Risk Factor Explanations for Vulnerabilities:
a. Hacker penetrates your IT facilities and gains access to your internal network (High risk)
b. Workstation OS has known application vulnerabilities
c. Unauthorized usage of organization owned workstations
d. Denial of service attack on business e-mail Server
e. Not authorized access via public Internet
2 . For the above determined threat and vulnerabilities, which usually of the following COBIT P09 Risk Management control objectives happen to be affected? If Yes or No, explain why PO9. 1 IT Risk Management Framework - Certainly, because if the Hacker were to access the network and expose a vulnerabilities to a software or perhaps the company's network it would possibly lead to PPI and/or company secrets leaked. PO9. two Established of Risk Circumstance -Yes, The Company need to have this kind of so if something were to happen then they will have a guideline as to what alternative to take to minimize this risk. PO9. 3 Event Identification - Certainly, There must be a list of every incidents that happen inside the company and maintain on file for future reference point and to retain compliance with the policies which might be required to stick to PO9. four Risk Analysis -Yes, This will help to the company discover what problems they may also have together with the company. The corporation may want to provide an assessment group from an outside firm to assess them to find what weakness they discovered and the particular company seen in their own evaluation. PO9. 5 Risk Response - Certainly, The Company have to have a response team so that it can fix and deal with the issues that occur in the program. This team should recognize what is the risk tolerance degree of the issue and deal with it relating. PO9. six Maintenance and Monitoring of the Risk Action Plan - Yes, the Maintenance in the Risk Management Program. Any of the issues that come up with this will likely be addresses and then delivered up to mature management to share with them from the issues and what must be done to correct the issues.
three or more. from the identified threats and vulnerabilities from Lab #1 - (List 3 and no more than 5) specify whether or not the threat or vulnerability affects confidentiality -- integrity - availability
a. Hacker penetrates you IT system and benefits access to your internal network If a hacker has entry to your internal network your files shall no longer be a top secret. Unless you're logging record changes the hacker can change anything unbeknownst to the Admin team. A hacker who have access to your network may cause network issues that limit availability. But usually they may want to be viewed. b. Service agency has a main network outage
Anyone functioning remotely will not able to gain access to files on the LAN. As well customers won't be able to gain access to the data files via the webserver. c. LAN server OS has regarded software weakness
If the weeknesses causes bouts to be blocked from point A to point M over the WAN then it will make Confidentiality problems. If the weakness causes files to become dodgy then all of us lose integrity. If the vulnerability allows cyber criminals into my network plus they attack my servers then simply my details won't be available. d. Refusal of service attack about organization email-based Server
Employee email is power down. Which can damage the output of the business? Shutting straight down email affects communication in the company. This could cost the organization business. if perhaps customers cannot email the company their purchases then which is a lost pounds to the business В В В В В at the. User ruins data in application and deletes most files
The dissatisfied employee could leak details breaking confidentiality. The integrity of the data will be dropped once deleted. So essentially the files will be changed and no longer the same. The integrity in the files will be lost when...