Saint COm510 module 5 exercises

Saint COm510 module 5 exercises

Question # 00033041 Posted By: neil2103 Updated on: 11/23/2014 07:44 PM Due on: 11/30/2014
Subject Computer Science Topic General Computer Science Tutorials:
Question
Dot Image


Chapter 8

Exercise 1

Exercise:
If an organization has three information assets to evaluate for risk management as shown in the accompanying data, which vulnerability should be evaluated for additional controls first? Which one should be evaluated last? An evaluation of the provided asset vulnerabilities results in: Asset A:

This is a switch that has two vulnerabilities. The first involves a hardware failure likelihood of 0.2 and the second involves a buffer attack likelihood of 0.1. The switch has an impact rating of 90. Assumptions made on this asset have a 75% certainty. Asset B:

This is a web server that deals with e-commerce transactions. It has one vulnerability with a likelihood of 0.1. However it has an impact rating of 100. Assumptions made on this asset have an 80% certainty. Asset C:

This is a control console with no password protection with a likelihood of attack of 0.1. It has no controls and an impact rating of 5. Assumptions made on this asset have a 90% certainty.


Exercise 2

Using the Web, search for at least ,three tools to automate risk assessment. Collect information on automated risk assessment tools. What do they cost? what features do they provide? What are the advantage and disadvantages of each.

Exercise 5
Using the asset valuation method presented in this chapter, conduct a preliminary risk assessment on the information contained in your home.Answer each of the question. What would it cost if you lost all your data?


Chapter 9

exercise 1

1. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed

XYZ Software Company, major threat categories for new applications development

(Asset value 1,200,000 in projected revenues)

Cost per incident

Frequency of occurrence

Programmer Mistakes

5,000

1per week

Loss of Intellectual Property

75,000

1per year

Software Piracy

500

1per week

Theft of Information (Hacker)

2,500

1per quarter

Theft of Information(Employee)

5,000

1per 6 months

Web Defacement

500

1per month

Theft of Equipment

5,000

1per year

Viruses, worms, Trojan horse 1,500 1per week

Denial-of –Service Attack 2,500 1per quarter

Earthquake 250,000 1per 20 years

Flood 250,000 1per 10 years

Fire 500,000 1per 10 years

Exercise 3

How can we determine SLE if there’s no percentage given? Which method is easier for determining the SLE: a percentage of value lost or cost per incident?Why?


Dot Image
Report this Question as Inappropriate
Tutorials for this Question
  1. neil2103
    Tutorial # 00032401 Posted By: neil2103 Posted on: 11/23/2014 07:46 PM
    Puchased By: 5
    Tutorial Preview
    The solution of Saint COm510 module 5 exercises...
      Get the Solution
    Attachments
    Saint_Com510_week_5_homework.docx (254.87 KB)
    Recent Feedback
    Rated By Feedback Comments Rated On
    Ph...pt1 Rating Plagiarism-free work 07/05/2016
    sk...l97 Rating Easy tutorial order placing 03/08/2015
    sk...l97 Rating Easy tutorial order placing 03/06/2015
  Get the Solution

Great! We have found the solution of this question!

Related Questions and Answers

Whatsapp Lisa