Explore BrainMass

Information Security Risk Analysis

1. What is the meaning of the CIA triad in Information Security?

2. What is the difference between Symmetric and Asymmetric Key Cryptography

3. What is SSL? What is SET? Which one is technically superior? Which one is the de-facto standard on commercial selling on the Internet?

4. Mention four advantages of Qualitative risk analysis

5. Mention four disadvantages of quantitative risk analysis

6. Define a safeguard....also known as ...................... or .........................

Define a threat

Define vulnerability

7. How do you calculate the total threat impact?

8. Give two examples of each of the following

Risk Avoidance

Risk Assurance

Risk Detection

Risk Recovery

9. What should be included in a risk analysis report? Be brief

10. Sketch the different tables for the following with one example row in each

Financial Loss table

Extent of legal implications table

Enterprise Embarrassment table

11. Sketch a Risk Analysis Matrix filled with a few suggested solutions

12. Which method(s) would you use for risk Analysis in the Military Base Network?
Select your top two favorites. Explain why?

1- Vulnerability Analysis
2- Hazard Impact Analysis
3- Threat Analysis
4- Questionnaires
5- Single-time loss algorithm

13. What is the formula used for ALE? (Annualized loss expectancy or Exposure)

14. A company's premises have one chance in a million of being affected by flooding. A flood would cost the company $10 million.

What would be your budget for mitigating the effects of the flood?

Would you start stocking up sand bags in preparation of the flood?

15. A company has a chance 1 in 3,000 of being within ten miles of an earthquake epicenter measuring 5.0 on the Richter scale. The Earthquake will cause $60 million of loss.

What would be the budget for reducing or preventing that damage?

16. A company has one large router that ties all their network segments. If the router dies it will take one day to repair. There is 70% chance that failure will occur once every 24 months. The outage will cause 1000 people to be out of work for a day. The company estimates the loss of productivity to be $68,000

How much should you spend for router redundancy?

17. What is BS7799? What is ISO 17799?

18. What is the difference between the Red Book and the Orange book in US government and defense security

19. What is ITSEC?

20. What is The Common Criteria?

21. T or F In risk analysis, the value of an asset can be estimated by asking for the book value from the accountant

22. T or F Security policies usually have to be written in a policy document

23. T or F Cost Benefit analysis is probably the most important step in any risk analysis process

24. Give an example of risk avoidance

25. Give an example of risk acceptance

Solution Summary

Information Security Risk Analysis is considered.