1A. Discuss the process of identifying potential threats to an information asset. How can potential threats be identified?
1. What is risk management?
2. List and describe the key areas of concern for risk management.
3. Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process?
4. According to Sun Tzu, what two things must be achieved to secure information assets successfully?
5. Who is responsible for risk management in an organization?
6. Which community of interest usually takes the lead in information asset risk management?
7. Which community of interest usually provides the resources used when undertaking information asset risk management?
8. In risk management strategies, why must periodic review be part of the process?
9. Why do networking components need more examination from an information security perspective then from a systems development perspective?
10. What value would an automated asset inventory system have for the risk identification process?
11. Which information attributes are seldom or never applied to software elements?
12. Which information attribute is often of great value for networking equipment when DHCP is not used?
13. When you document procedures, why is it useful to know where the electronic versions are stored?
14. Which is more important to the information asset classification scheme, that it be comprehensive or that it be mutually exclusive?
15. What is the difference between an asset's ability to generate revenue and its ability to generate profit?
16. How many categories should a data classification scheme include? Why?
17. How many threat categories are listed in this chapter? Which do you think is the most common, and why?
18. What are vulnerabilities?
19. Describe the TVA worksheet. What is it used for?
20. Examine the simplest risk formula and the risk formula presented in this chapter. Do other formulas exist, and if so, when are they used?
1. What is risk management?
2. List and describe the key areas of concern for risk management.
3. Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process?
4. According to Sun Tzu, what two things must be achieved to secure information assets successfully?
5. Who is responsible for risk management in an organization?
6. Which community of interest usually takes the lead in information asset risk management?
7. Which community of interest usually provides the resources used when undertaking information asset risk management?
8. In risk management strategies, why must periodic review be part of the process?
9. Why do networking components need more examination from an information security perspective then from a systems development perspective?
10. What value would an automated asset inventory system have for the risk identification process?
11. Which information attributes are seldom or never applied to software elements?
12. Which information attribute is often of great value for networking equipment when DHCP is not used?
13. When you document procedures, why is it useful to know where the electronic versions are stored?
14. Which is more important to the information asset classification scheme, that it be comprehensive or that it be mutually exclusive?
15. What is the difference between an asset's ability to generate revenue and its ability to generate profit?
16. How many categories should a data classification scheme include? Why?
17. How many threat categories are listed in this chapter? Which do you think is the most common, and why?
18. What are vulnerabilities?
19. Describe the TVA worksheet. What is it used for?
20. Examine the simplest risk formula and the risk formula presented in this chapter. Do other formulas exist, and if so, when are they used?
No comments:
Post a Comment