Which vulnerability be evaluated for extra controls first

Assignment Help Basic Computer Science

Reference no: EM1366900

"If an organization has three information assets to evaluate for risk management as shown in the accompanying data, which vulnerability should be evaluated for additional controls first? Which one should be evaluated last?

Explain your reasons.
a. Switch L47 connects a network to the Internet. It has two vulnerabilities: it is susceptible to hardware failure at a likelihood of 0.2, and it is subject to an SNMP buffer overflow attack at a likelihood of 0.1. This switch has an impact rating of 90 and has no current controls in place. You are 75 percent certain of the assumption and data.
b. Server WebSrv6 hosts a company Web site and performs e-commerce transactions. It has a Web server version that can be attacked by sending it invalid Unicode values. The likelihood of that attack is estimated at 0.1. The server has been assigned an impact value of 100 and a control has been implanted that reduces the impact of the vulnerability by 75 percent. You are 80 percent certain of the assumption and data.
c. Operators use a MGMT45 control console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show the likelihood of misuse is 0.1. There are no controls in place on this asset; it has an impact rating of 5. You are 90 percent certain of the assumptions and data.

Reference no: EM1366900

Questions Cloud

Maximize current market value : You may have heard big business criticized for focusing on short-term performance at the expense of long-term results. Describe why a company that strives to maximize stock value should be less subject to an overemphasis on short-term results than on..

Global partnerships-reducing health disparities : Describe some of the merits of how global partnerships can help in solving or reducing health disparities and diseases among global communities.

Arc-approximation formula : Use arc-approximation formula to compute the price-elasticity of demand coefficient of the firm's product demand between the (quantity, price) points of (100, $20) and (300, $10).

Health issues for international effects : Look at a health issues which consists of international effects and has gotten some recent media coverage. Was it preventable?

Which vulnerability be evaluated for extra controls first : If organization has three information assets to evaluate for risk management as shown in accompanying data, which vulnerability must be evaluated for additional controls first? Which one must be evaluated last?

Application of price elasticity of demand : The Haas Corporation's executive vice president circulates the memo to the firm's top management in which he argues for reduction in price of firms product. He says such a price cut will raise the firms sales and profits.

Determining competition and pricing : How does competition affect profits and prices? What causes some firms to enter an industry, and others to leave it?

Conditions of capital rationing and certainty : As the company moves to consider situations of capital rationing, it must consider portfolios of capital projects. Precisely and completely explain why this is the case.

How can quantity demanded be changed : What are some things that would affect changes in supply? How can quantity demanded be changed and what if the government raised the minimum wage. How would this policy effect your firm?

User Account

All Pages