Explore BrainMass

Explore BrainMass

    Information Security Risk Analysis

    This content was COPIED from BrainMass.com - View the original, and get the already-completed solution here!

    1. What is the meaning of the CIA triad in Information Security?

    2. What is the difference between Symmetric and Asymmetric Key Cryptography

    3. What is SSL? What is SET? Which one is technically superior? Which one is the de-facto standard on commercial selling on the Internet?

    4. Mention four advantages of Qualitative risk analysis

    5. Mention four disadvantages of quantitative risk analysis

    6. Define a safeguard....also known as ...................... or .........................

    Define a threat

    Define vulnerability

    7. How do you calculate the total threat impact?

    8. Give two examples of each of the following

    Risk Avoidance

    Risk Assurance

    Risk Detection

    Risk Recovery

    9. What should be included in a risk analysis report? Be brief

    10. Sketch the different tables for the following with one example row in each

    Financial Loss table

    Extent of legal implications table

    Enterprise Embarrassment table

    11. Sketch a Risk Analysis Matrix filled with a few suggested solutions

    12. Which method(s) would you use for risk Analysis in the Military Base Network?
    Select your top two favorites. Explain why?

    1- Vulnerability Analysis
    2- Hazard Impact Analysis
    3- Threat Analysis
    4- Questionnaires
    5- Single-time loss algorithm

    13. What is the formula used for ALE? (Annualized loss expectancy or Exposure)

    14. A company's premises have one chance in a million of being affected by flooding. A flood would cost the company $10 million.

    What would be your budget for mitigating the effects of the flood?

    Would you start stocking up sand bags in preparation of the flood?

    15. A company has a chance 1 in 3,000 of being within ten miles of an earthquake epicenter measuring 5.0 on the Richter scale. The Earthquake will cause $60 million of loss.

    What would be the budget for reducing or preventing that damage?

    16. A company has one large router that ties all their network segments. If the router dies it will take one day to repair. There is 70% chance that failure will occur once every 24 months. The outage will cause 1000 people to be out of work for a day. The company estimates the loss of productivity to be $68,000

    How much should you spend for router redundancy?

    17. What is BS7799? What is ISO 17799?

    18. What is the difference between the Red Book and the Orange book in US government and defense security

    19. What is ITSEC?

    20. What is The Common Criteria?

    21. T or F In risk analysis, the value of an asset can be estimated by asking for the book value from the accountant

    22. T or F Security policies usually have to be written in a policy document

    23. T or F Cost Benefit analysis is probably the most important step in any risk analysis process

    24. Give an example of risk avoidance

    25. Give an example of risk acceptance

    © BrainMass Inc. brainmass.com June 3, 2020, 1:01 pm ad1c9bdddf

    Solution Summary

    Information Security Risk Analysis is considered.