Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Performing a Risk Assessment (3e) - MCY-660_Lab4 Quiz (answered correctly)., Quizzes of Management Information Systems

Northern Kentucky University (NKU)Management Information Systems

Performing a Risk Assessment (3e) - MCY-660_Lab4 Quiz (answered correctly).

Typology: Quizzes

2024/2025

Available from 07/11/2025

homework-fortune
homework-fortune 🇺🇸

5

(1)

40 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Student: Email:
Time on Task:
12 hours, 18 minutes
Progress:
100%
Report Generated:
Performing a Risk Assessment (3e)
Managing Risk in Information Systems, Third Edition - Lab 04
Guided Exercises
Part 1: Prepare for a Risk Assessment
4. Given the scenario provided above, identify the level of the risk assessment you will perform.
Your risk assessment may cover multiple tiers.
Tier 1 risk assessment would handle all the patch management procedures, storage and password
policies. Tier 2 risk assessment would provide input concerning tests, common controls and overall IT
infrastructure management. Tier 3 risk assessment would handle implementation regarding account
management. It would also provide consistent monitoring over processes and password policy
enforcement throught technical implementation.
5. For three of the five vulnerabilities identified in the scenario provided above, identify the Tier
that would best address the vulnerability and provide your justification.
Tier 1 risk assessment would best address those vulnerabilities because it provides an organization-
wide view of procedures, information security programs, policies, procedures, and guidance. Also too,
tier 1 would address ongoing authorizations of information systems and common controls, minimum
organization-wide security controls, and monitoring strategies. All this would cover all the
vulnerabilities discovered in the organization.
7. Describe the purpose of this risk assessment.
The purpose of this risk assessment is to produce the information the assessment is designed for, as
well as the set of decisions that must come from it.
pf3
pf4
pf5

Partial preview of the text

Download Performing a Risk Assessment (3e) - MCY-660_Lab4 Quiz (answered correctly). and more Quizzes Management Information Systems in PDF only on Docsity!

Student: Email: Time on Task: 12 hours, 18 minutes Progress: 100% Report Generated: Managing Risk in Information Systems, Third Edition - Lab 04

Guided Exercises

Part 1: Prepare for a Risk Assessment

  1. Given the scenario provided above, identify the level of the risk assessment you will perform. Your risk assessment may cover multiple tiers. Tier 1 risk assessment would handle all the patch management procedures, storage and password policies. Tier 2 risk assessment would provide input concerning tests, common controls and overall IT infrastructure management. Tier 3 risk assessment would handle implementation regarding account management. It would also provide consistent monitoring over processes and password policy enforcement throught technical implementation.
  2. For three of the five vulnerabilities identified in the scenario provided above, identify the Tier that would best address the vulnerability and provide your justification. Tier 1 risk assessment would best address those vulnerabilities because it provides an organization- wide view of procedures, information security programs, policies, procedures, and guidance. Also too, tier 1 would address ongoing authorizations of information systems and common controls, minimum organization-wide security controls, and monitoring strategies. All this would cover all the vulnerabilities discovered in the organization.
  3. Describe the purpose of this risk assessment. The purpose of this risk assessment is to produce the information the assessment is designed for, as well as the set of decisions that must come from it.

Managing Risk in Information Systems, Third Edition - Lab 04

  1. Describe the scope of this risk assessment. The scope of that risk assessment is to define the ressources the organization may need in order to fulfill the assessment, That include time frame, technical means and how it applies to the organization mission overall.
  2. Identify the assumptions and constraints associated with this risk assessment. Assemptions and constraints associated with this risk assessment include the vulnerability nature of each asset in the organization, and availability of ressources respectively.
  3. Identify the information sources associated with this risk assessment. Descriptive information here includes the type of risk management and information security governance structures in place within organizations and how the organization identifies and prioritizes critical missions/business functions and functional management processes.
  4. Based on the information provided above, define your assessment approach as quantitative, qualitative, or semi-quantitative and provide your justification. My assessment approach is qualitative because it defines the risks associated with the business mission overall. No asset is presented in terms of monetary value, but more in terms of the impact any exploit may have on the organization. That include the company reputation and loss of data.

Part 2: Conduct a NIST SP 800-30 Risk Assessment

  1. Think about the sort of adversarial agent that could exploit the vulnerability summarized above. Identify one threat source according to Table D-2 on Page D-2 of the NIST SP800- 30 document. One threat source could be an established group of black hat hackers.

Managing Risk in Information Systems, Third Edition - Lab 04

  1. Identify the impact value, which you will later use in SimpleRisk, according to Table H-3. Very high.

Part 3: Use SimpleRisk to Track and Calculate Risk

  1. Make a screen capture showing the submitted risk in SimpleRisk.

Managing Risk in Information Systems, Third Edition - Lab 04

Challenge Exercise

Make a screenshot showing the submitted risk for Target in SimpleRisk. Explain your choices and thought process. n