- Section 5: Controlling Risk
- This final section combines all of the previous sections and gives the opportunity to look at mechanisms to control risk.
Be sure to include an abstract and a References page in your final draft.
The project deliverables for Week 5 are as follows:
- Section 5: Controlling Risk
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
- Administrative
- Human resources: Hiring and termination practices
- Organizational structure: A formal security program
- Security policies: Accurate, updated, and known or used
- Technical
- Access control: Least privileged
- System architecture: Separated network segments
- System configurations: Default configurations
- Physical
- Heating and air conditioning: Proper cooling and humidity
- Fire: Fire suppression
- Flood: Data center location
- Administrative
- Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
- Next, describe at least 3 safeguards for each that could be put in place to address the risk.
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
