Question;Chapter 8Exercise 1Exercise;If an organization has three information assets to evaluate for risk management;as shown in the accompanying data, which vulnerability should be evaluated for;additional controls first? Which one should be evaluated last? An evaluation of;the provided asset vulnerabilities results in: Asset A;This is a switch that has two vulnerabilities. The first involves a hardware;failure likelihood of 0.2 and the second involves a buffer attack likelihood of;0.1. The switch has an impact rating of 90. Assumptions made on this asset have;a 75% certainty. Asset B;This is a web server that deals with e-commerce transactions. It has one;vulnerability with a likelihood of 0.1. However it has an impact rating of 100.;Assumptions made on this asset have an 80% certainty. Asset C;This is a control console with no password protection with a likelihood of;attack of 0.1. It has no controls and an impact rating of 5. Assumptions made;on this asset have a 90% certainty.Exercise 2Using the Web, search for at least,three tools to automate risk assessment. Collect information on automated risk assessment tools. What do they cost? what features do they provide? What are the advantage and disadvantages of each.Exercise 5Using the asset valuation method presented in this chapter, conduct a preliminary risk assessment on the information contained in your home.Answer each of the question. What would it cost if you lost all your data?Chapter 9exercise 11.;Using the following table;calculate the SLE, ARO, and ALE for each threat category listed;XYZ Software Company;major threat categories for new applications development;(Asset value 1,200,000 in;projected revenues);Cost per incident;Frequency of occurrence;Programmer Mistakes;5,000;1per week;Loss of Intellectual Property;75,000;1per year;Software Piracy;500;1per week;Theft of Information (Hacker);2,500;1per quarter;Theft of Information(Employee);5,000;1per 6 months;Web Defacement;500;1per month;Theft of Equipment;5,000;1per year;Viruses, worms, Trojan horse 1,500 1per week;Denial-of ?Service Attack 2,500 1per quarter;Earthquake 250,000 1per;20 years;Flood;250,000 1per;10 years;Fire 500,000 1per;10 years;Exercise 3How can we determine SLE if there?s no;percentage given? Which method is easier for determining the SLE: a percentage;of value lost or cost per incident?Why?
Paper#36493 | Written in 18-Jul-2015Price : $27