Questions on Risk Management Controls Essay - 1162 Words

IS3110 Lab Student Name: Submission Requirements Format: Microsoft Word Your last name must be in the filename of your submitted document according the assignment naming standard. IS3110_Lab2_Lastname_First Email to: SMichnick@itt-tech.edu Due By: 6:00 PM CDT, Wednesday July 2, 2014 Note: Emails received after Due Date will be marked LATE and subject to a grade penalty of 10% each week it is late. Pages 11-17 of the IS3220 Student Lab Manual Lab #2 – Align Risk, Threats, Vulnerabilities to COBIT P09 Risk Management Controls Learning Objectives and Outcomes Upon completing this lab, you will be able to: Define what COBIT (Control Objectives for Information and related Technology) P09 Risk Management is for an IT infrastructure†¦show more content†¦Information – High impact (if you get most business from internet sales) Applications –Low impact Infrastructure –High impact People – Low impact b. Threat or Vulnerability #2: User destroys data in application and deletes all files. Ensure that data is backed up as often as possible to different types of storage. Information –High Impact Applications –Medium Impact Infrastructure –Low Impact People – Low Impact c. Threat or Vulnerability #3: User downloads and unknown email attachment. Employee training and malware detection could help protect system if email is malicious. Information –Medium Impact Applications – Low Impact Infrastructure –High Impact People – Low Impact d. Threat or Vulnerability #4: Fire destroys primary data center. This could be avoided by having primary data center in a low fire risk area or use off site data backup. Information –High Impact Applications –Low Impact Infrastructure –High Impact People –Low Impact 6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk. TRUE 7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective The CIA triad is a fundamental security concept. It is said that others measures of security showed be built on around the CIA concept as well. 8. When assessing the risk impact a threat or vulnerability has on your â€Å"information† assets, why must you align this assessment with your Data ClassificationShow MoreRelatedQuestions On Information Security System1271 Words   |  6 PagesQuestion 1: What is information security? Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability. Question 2: How is the CNSS model of information security organized? Answer: The Committee on National Security System (CNSS) is organize by considering the secure system attributes known as CIA triangle which extend the relationship amongRead MoreInternal Control : The Basic Functions Of Management956 Words   |  4 PagesQUESTION (2) (a) – What do you understand by internal control? (5 marks) Control is one of the basic functions of management. I understand internal control therefore to be the continuous process of ensuring an organisation’s objectives are achieved efficiently and effectively. I believe that internal control is a set of procedures and processes which the management of a company – the Board of Directors and management as a whole – are responsible for in order to prevent or deter and detect fraud;Read MoreThe Effects of Self-esteem and Risk-Taking Behaviors on Financial Management 1314 Words   |  6 PagesAbstract Past research suggests personality variables may affect a person’s style of financial management. Specifically, the purpose of this study was to investigate possible correlations between self-esteem and risk-taking behaviors with financial management. We created a survey measuring these variables, in addition to asking some demographic questions, and had anonymous participants from a Research Methods class take it online. After conducting the survey with the 27 participants, we wereRead MoreApplication Process For Managing Risk, Compliance Risk At The Workplace1706 Words   |  7 Pages4. Identify and provide the resources to introduce and sustain participation. WHS Policy Guide How to respond will be auctioned. †¢ Communicating with the workplace, the importance of providing an efficient mechanism for managing risk, compliance risk in the workplace. - Discussing Web issues. - To listen to the concerns and skills. - To my mind, your role. - Find information and share views. - Triggered à ¹Æ'a appropriate. - Consider what is to be decided. - Attend scheduled. †¢ The application processRead MoreDickinson Technologies Essays1577 Words   |  7 PagesQuestion 1. Assessing the Fraud Risk Factors: High Risk factors and Low Risk Factors. High Risk Factors: 1. Management’s attitude towards overriding controls: Section 5, under topic Integrity and ethical values, of the questionnaire suggests that override could occur without management’s approval, manager’s override is not explicitly prohibited and no interventions by the management were observed. 2. The Degree of oversight related to the company’s control structure exercised by the management:Read MoreRisk Management And Regulation Challenges Faced By Businesses1204 Words   |  5 Pagesderived theories to explain and measure the risk management and regulation challenges faced by businesses in their operations. According to Cox (2007), businesses are affected by diverse risks both in their internal and external environment. Among them include financial and marketing risks, violence crises, and natural disasters. Due to uncertainty of the consequences, several authors have described risk management as the counter measure to reduce impact. Risk is defined as events whose unfavorable consequencesRead MoreInternational Association Of Corporate Directors868 Words   |  4 PagesOrganizations need to know which controls matter the most – and know where to implement controls in their expanding borderless enterprise. However, every control everywhere is not financial ly sustainable. A risk-based perspective enables an efficient and effective GRC program by leveraging threat-based assessments based on attack scenarios. This approach builds a risk register that is populated with most likely attack scenarios. Following the enactment of Sarbanes-Oxley in 2002, many U.S. companiesRead MoreAcc 4911271 Words   |  6 PagesCh. 8: Comprehensive Questions: Analytical procedures ( 8-15 and 8-16) ï‚ ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ch. 10: Comprehensive Questions:  Components of internal control (10-31 and 10-32) ï‚ ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ch. 11: Comprehensive Questions: Assessing control risk (11-21) 8-15 | (Analytical procedures)  In audit planning the audit of Construction Industry Resources, Inc., a building supply company. You have completed analytic procedures relevant to purchases and inventory. The results of these procedures are included in Figure  8Read MoreCase Study616 Words   |  3 PagesCase Study | Quantum Telecom Questions 1. How do we eliminate politics from gate review meetings? Gate review meetings are a form of project close. Gate review meeting could result in the closure of a life-cycle or the closure of the entire project. At each gate, the continuation of the process is decided by the project manager or a steering committee. The decision is based on the information available at the time, including the  business case,  risk analysis, and availability of necessary resourcesRead MoreDenial Of Service ( Dos )1333 Words   |  6 PagesQUESTION ONE: Denial of Service (DoS) is a type of a computer security threat that is designed to attack a network and cripple it by flooding the network with useless traffic. A Dos attack exploits vulnerabilities in a TCP/IP implementation or targets specific operating systems or even specific computer applications. A DoS attack aims at ensuring authorized users do not have access to system resources. Common DoS attacks include buffer overflow, ping of death, smurf attack, TCP SYN attack and Teardrop