Tutorial and Lab 4 – SD3043
Risk management - security
1. What is risk management?
Answer: Risk management is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be controlled or mitigated.
2. List and describe the key areas of concern for risk management. Answer: Risk identification, risk assessment, and risk control.
3. Which community of interest usually provides the resources used when undertaking information asset risk management? Answer: The resources used when undertaking information asset risk management is usually provided by all three communities: Information Security, Information Technology and General Management.
4. In risk management strategies, why must periodic review be a part of the process? Answer: Periodic reviews must be a part of the risk management strategies because threats are constantly changing for a company. Also once any specific vulnerability is completely managed by an existing control it no longer needs to be considered for additional controls.
5. Why do networking components need more examination from an information security perspective than from a systems development perspective? Answer: Networking components need more examination from an information security perspective than from a systems development perspective because networking subsystems are often the focal point of attacks against the system.
6. What value would an automated asset inventory system have for the risk identification process? Answer: An automated asset inventory system would be valuable to the risk identification process because all hardware components are already identified – models, make and locations – thus management can review for the most critical items and assess the values.
7. How many categories should a data classification scheme include? Why? Answer: An organization would need as many categories as necessary to include all of it’s need to treat different...
Please join StudyMode to read the full document