Lab #2
1.
a. Denial of Service attack of organized e-mail server(DDOS)
High
b. Loss of Production Data
Medium
c. Unauthorized access to organization owned Workstation
High
d. Workstation browser has software vulnerability
Low
e. User downloads an unknown e-mail attachment
Low
2.
P09.1 Risk Management Framework- A
P09.2 Establishment of Risk Context – B
P09.3 Event Identification – A and B
P09.4 Risk Assessment –C, D, And E
P09.5 Risk Response – None
P09.6 Maintenance and Monitoring of a Risk Action Plan – None
3.
f. Denial of Service attack of organized e-mail server * Integrity, Availability g. Loss of Production Data * Confidentiality, availability h. Unauthorized access to organization owned Workstation * Integrity i. Workstation browser has software vulnerability * Confidentiality, availability j. User downloads an unknown e-mail attachment * Integrity |
4.
Denial of Service attack of organized e-mail server
Change passwords, close ports, and set mirror server and proxy server.
Loss of Production Data
Backup data, restore from previous point if necessary
Unauthorized access to organization owned Workstation
Set password to change after 90 days, set screen lockout for 10 minutes.
Workstation browser has software vulnerability
Update browser, check and auto update everyday
User downloads an unknown e-mail attachment
Set strength filtering, send memos
5.
a. Threat or Vulnerability #1: Denial of Service attack of organized e-mail server
Information –Threat
Applications –Threat
Infrastructure –Threat
People – None
b. Threat and Vulnerability #2: Loss of Production Data
Information – Threat
Applications – Threat
Infrastructure – Threat
People – Threat to someone’s job
c. Threat or Vulnerability #3: Unauthorized access to organization owned Workstation
Information – Threat
Application – Vulnerability
Infrastructure – Vulnerability
People – Threat
d. Threat or Vulnerability #4: Workstation browser has...