Study the scenario and complete the questions that follow:

Risk Management

As part of their ongoing efforts to strengthen their security posture, SecureTech Solutions has initiated a comprehensive risk assessment to identify and prioritize vulnerabilities within their IT infrastructure.

The following assets have been identified as essential to the company's operations and require thorough evaluation to determine their risk ratings and prioritize mitigation efforts.

Assets:

$1.$ Customer Database $($Asset Value: High$)$

$$ Vulnerability $1$: Lack of Encryption $-$ Customer data is stored in plain text format which has likelihood of $0\mathrm{.}2$ when compromised.

$$ Vulnerability $2$: Weak Access Controls $-$ Insufficient restrictions on who can access the database, the manager believes there is a $0\mathrm{.}1$ chance of success of a data breach success.

$$ The database has an impact rating of $90$ and has no current controls in place. The manager is $75$ percent certain of the assumptions and data.

$2.$ Development Servers $($Asset Value: Medium$)$

$$ Vulnerability $1$: Inadequate Patch Management $-$ Patch updates are not regularly applied, leaving servers vulnerable to known exploits.

$$ The likelihood of that attack on the development server is estimated at $0\mathrm{.}1.$ The server has been assigned an impact value of $100,$ and assuming an update can be installed that reduces the impact of the vulnerability by $75$ percent. You are $80$ percent certain of the assumptions and data.

$3.$ Source Code Repository $($Asset Value: High$)$

$$ Vulnerability $1$: Insecure Authentication $-$ Weak password policies and lack of multi$-$factor authentication.

$$ Estimates show the likelihood of information theft is $0\mathrm{.}1.$ There are no controls in place on this asset; it has an impact rating of $5.$ You are $90$ percent certain of the assumptions and data.

Source: William, J $(2024)$: $]$

$2\mathrm{.}1$ Perform a comprehensive risk assessment by identifying $2$ potential risks associated with each vulnerability and provide $2$ actionable insights and recommendations to mitigate these risks effectively.

$(30$ marks$)$

$2\mathrm{.}2$

a$.$ Using Risk rating calculation to prioritize the vulnerabilities. Calculate the risk rating for each vulnerability. $($Show all your calculation$)$

$(15$ marks$)$

b$.$ Which vulnerability should be evaluated first for additional controls? $($Show all your calculation$)$

$(3$ marks$)$

c$.$ Which should be evaluated last?

$(2$ marks$)$