Answered step by step
Verified Expert Solution
Question
1 Approved Answer
XYZ organization has three information assets to evaluate for risk management purposes as provided below ) . 1 . I. Switch L 4 7 connects
XYZ organization has three information assets to evaluate for risk management purposes as provided below I. Switch L connects a network to the Internet. It has an impact rating of and has no current controls in place. There is a percent certainty of the assumptions and data. This switch has two vulnerabilities: A Susceptibility to hardware failure, with a likelihood of B Susceptibility to an SNMP buffer overflow attack, with a likelihood of II Server WebSrv hosts a company Web site and performs ecommerce transactions. It has Web server software that is vulnerable to attack via invalid Unicode values. The likelihood of such an attack is estimated at The server has been assigned an impact value of and a control has been implemented that reduces the impact of the vulnerability by percent. There is an percent certainty of the assumptions and data. III. Operators use MGMT control console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show the likelihood of misuse is There are no controls in place on this asset, which has an impact rating of There is a percent certainty of the assumptions and data. Question A: Which vulnerability should be evaluated for additional controls first? points Question B: Which vulnerability should be evaluated last? points Question points: ABC software company has asset value of $ in projected revenues. The major threat categories faced by it for new applications development in are provided in Table Calculate the ALE for each threat category listed. Table Question # Threat categories Cost per Incident Frequency of Occurrence ALE a Programmer Mistakes $ per week Table Question # Threat categories Cost per Incident Frequency of Occurrence Cost of controls Type of control CBA Are controls worth the cost? a Programmer Mistakes $ per month $ Training Yes or No b Loss of Intellectual Property $ per years $ FirewallIDS Yes or No c Theft of Information Employee $ per year $ Physical Security Yes or No d Web Defacement $ per quarter $ Firewall Yes or No e DenialofService Attack $ per months $ Firewall Yes or No point each for abcd and e
XYZ organization has three information assets to evaluate for risk management purposes as provided below
I. Switch L connects a network to the Internet. It has an impact rating of and has no current controls in place. There is a percent certainty of the assumptions and data. This switch has two vulnerabilities:
A Susceptibility to hardware failure, with a likelihood of
B Susceptibility to an SNMP buffer overflow attack, with a likelihood of
II Server WebSrv hosts a company Web site and performs ecommerce transactions. It has Web server software that is vulnerable to attack via invalid Unicode values. The likelihood of such an attack is estimated at The server has been assigned an impact value of and a control has been implemented that reduces the impact of the vulnerability by percent. There is an percent certainty of the assumptions and data.
III. Operators use MGMT control console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show the likelihood of misuse is There are no controls in place on this asset, which has an impact rating of There is a percent certainty of the assumptions and data.
Question A: Which vulnerability should be evaluated for additional controls first? points
Question B: Which vulnerability should be evaluated last? points
Question points:
ABC software company has asset value of $ in projected revenues. The major threat categories faced by it for new applications development in are provided in Table Calculate the ALE for each threat category listed.
Table
Question # Threat categories Cost per Incident Frequency of Occurrence ALE
a Programmer Mistakes $ per week
Table
Question #
Threat categories
Cost per Incident
Frequency of Occurrence
Cost of controls
Type of control
CBA
Are controls worth the cost?
a
Programmer Mistakes
$
per month
$
Training
Yes or No
b
Loss of Intellectual Property
$
per years
$
FirewallIDS
Yes or No
c
Theft of Information Employee
$
per year
$
Physical Security
Yes or No
d
Web Defacement
$
per quarter
$
Firewall
Yes or No
e
DenialofService Attack
$
per months
$
Firewall
Yes or No
point each for abcd and e
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started