Case Study: Information Security Risk Assessment – Answer Sheet

,

Case Study: Information Security Risk Assessment

In this case study assignment, you will perform a quantitative risk assessment (risk analysis) for the company network shown below. Use the “Case Study Information Security Risk Assessment Answer Sheet” for your answers.

Assets are shown in the diagram. Feel free to suggest vulnerabilities and threats that might be applicable to these assets.

The following risk analysis formula will guide you through the process:

Risk = Probability of the exploitation of a vulnerability by a threat * Impact of the exploitation

There are six steps in the risk analysis process.

Step 1) Specify three assets by using the network topology and the explanations.[footnoteRef:2] [2: An asset is anything that has value for the company. It can be software, hardware, storage media, documents, or even employees. One of the most critical assets is information. Note that one of the essential duties of the other assets (software, hardware, etc.) is to process information. Therefore, the value of software, for example, is directly proportional to the value of the information it processes.]

Step 2) For each of the assets, determine one vulnerability.[footnoteRef:3] [3: A vulnerability is a weakness in an asset's design, development, structure, properties, or configurations. An asset's weakness could allow it to be exploited and harmed by one or more threats.]

Step 3) For each vulnerability, determine one threat that may exploit the vulnerability.[footnoteRef:4] [4: A threat is an active agent with the intent and potential of exploiting vulnerabilities and causing harm. There are many threat agents that fall into broad categories of deliberate or accidental actions of humans (internal or external to the organization) and acts of nature. ]

Fill out the first three columns of Table-1 for the three assets you choose from the diagram.

Step 4) For each asset, choose a numerical value from the table below for the probability of the exploitation of the vulnerability by the threat. While selecting a numerical value, you should consider factors like “is the threat agent external or internal? Is the vulnerability remotely exploitable? and to what extent does the asset value draw the attention of attackers?”

Type the numerical value into the fourth column of Table-1.

Type your justifications here:

Step 5) For each asset, appraise the impact once the asset is compromised. For this estimation, use the following reference table. While choosing a numerical value, you should consider factors like “the extent of damage that the threat agent may cause, the severity of the vulnerability."

Type the numerical value to the fifth column of Table-1.

Type your justifications here:

Step 6) Multiply the probability and impact values and type the resulting risk value into the sixth column of Table-1.

The below table shows all possible risk values.

Fill out Table-2 from the highest priority to the lowest. Also replace the <asset>, <vulnerability>, and <threat> with yours. Type your risk response into the third column. If the risk value is low, you may accept the risk; otherwise, consider mitigating risk and type your mitigation actions. You may use other risk response options shown in the table as well.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.