Lab #2 Assessment Worksheet Align Risks, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls 1. a. Unauthorized access from public internet - HIGH b. User destroys data in application and deletes all files - LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages - MEDIUM e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM 2. a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood Threat or Vulnerability #3: * Information - zero-hour or day zero/ Zero-day protection, Secure Socket Layer (SSL) * Application – Keeping the computer’s software up-to-date * Infrastructure – malicious software/analyze, test, report and mitigate. * People – Careless employees/Educating users d. Threat or Vulnerability #4: * Information - * Application – * Infrastructure – * People – Careless employees/Educating users e. Threat or Vulnerability #5: * Information - * Application – * Infrastructure – * People – Careless employees/Educating users 6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk. 7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective? 8. When assessing the risk impact a threat or vulnerability has on your “information” assets, why must you align this assessment with your Data Classification Standard? How can a Data Classification Standard help you assess the risk impact on your “information” assets? 9. When assessing the risk impact a threat or vulnerability has on your “application” and