Lab #2 - Assessment Worksheet

Course Name: IAA202

Student Name: Dương Chí Hùng - SE151235
Instructor Name: Nguyễn Tấn Danh
Lab Due Date: 24/5/2021

Lab Assessment Questions

1.
a. Unauthorized access from public Internet - Medium
b. User destroys data in application and deletes all files - High
c. Hacker penetrates your IT infrastructure and gains access to your
internal network - High
d. Fire destroys primary data center - High
e. Denial of service attack on organization e-mail Server - High

2.
P09.1 IT Risk Management Framework - a, b, c, e
P09.2 Establishment of Risk Context - b, c, d, e
P09.1 Event Identification - a, b, c, d, e
P09.1 Risk Assessment - b, d , e
P09.1 Risk Response - a, b, c, d, e
P09.1 Maintenance and Monitoring of a Risk Action Plan - a, b, c, d, e

3.

Threat or Vulnerability Confidentiality Integrity Availability

Unauthorized access from

X
public Internet
User destroys data in
application and deletes all files X

Hacker penetrates your IT

infrastructure and gains access X
to your internal network
Fire destroys primary data
X
center
Denial of service attack on
X
organization e-mail Server
4.
- Unauthorized access from public Internet - Low
- User destroys data in application and deletes all files - Low
- Hacker penetrates your IT infrastructure and gains access to your
internal network - Medium
- Fire destroys primary data center - High
- Denial of service attack on organization e-mail Server - Low

5.
a. Threat or Vulnerability #1:
Information - High
Application - Medium
Infrastructure - Low
People - Low
b. Threat or Vulnerability #2:
Information - High
Application - High
Infrastructure - Low
People - High
c. Threat or Vulnerability #3:
Information - High
Application - Mediums
Infrastructure - Medium
People - Low
d. Threat or Vulnerability #4:
Information - High
Application - High
Infrastructure - High
People - Medium
e. Threat or Vulnerability #5:
Information - Low
Application - High
Infrastructure - Low
People - Low

6. True

7. Mapping an information asset (such as data) to all of its critical

containers leads to the technology assets, physical records and people
that are important to storing, transporting and processing the asset. The
map of information assets will be used to determine all of the
information assets that reside on a specific container.

8. It takes seriously its commitment to protecting the privacy of its

alumni, faculty, and staff and protecting the confidentiality, integrity,
and availability of information essential to the University's academic and
research mission. For that reason, we classify our information assets into
risk categories to determine who may access the information and what
minimum security precautions must be taken to protect it against
unauthorized access.

9. Because it is always important to align assessment with both a server

and application software vulnerability aseessment and remediation plan
in order to better identify and categorize the problem, which would lead
to better solution for the problems.

10. We take 7 steps to prioritize Threats & Threat Remediation: Involve

Business Stakeholders in the Process, Identify Threats, Determine the
Threshold for Acceptable and Unacceptable Risk, Create a Financial
Impact Assessment Scale, Create a Probability Scale, Threat Severity
Level Assessment, Determine the Proximity of the Threat Event.

11. Comprehensive framework that assists enterprises in achieving

their objectives for the governance and management of enterprise
information and technology assets (IT).

14. The more perspectives you have, the better view of all the risk that

are available.

15. ISIAC