Multiple choice questions
Akash
2ndProjecttemplate21.xlsxSheet1
| Weakness Violates policy or procedure | Threat What is danger that exploits weakness | Risk What could be lost (qualitative/quantitative) | Countermeasure How can it be safeguarded | Risk Factor & Reason “1” Critical: impacts company viability “2” Major: impacts asset or IT infrastructure “3” Minor: impacts productivity / availability |
| Employee taped password to screen | ||||
| LAN/WAN UPS not operational | ||||
| Regular Firewall maintenance not conducted | ||||
| SysAdmin has little-to-no security awareness training | ||||
| Servers does not contain latest patches | ||||
| Databases/systems not backed-up | ||||
| Computer always left logged-in | ||||
| Computer login shared by everyone | ||||
| Employee uses a very simple password | ||||
| InfoSec audits not conducted | ||||
| Employees using personal laptops to do corporate business | ||||
| Client files left out on the desk overnight | ||||
| Client personal data shared with everyone via email | ||||
| Password hasn't been changed in over a year | ||||
| Office left unlocked during lunch/breaks and overnight | ||||
| Retired employee able to login | ||||
| Inventory control and access control policies not followed | ||||
| Record cabinets cannot be locked or left unlocked after hours | ||||
| Computers do not have latest software patches | ||||
| Unauthorized software discovered on corporate computers | ||||
| Default password still being used | ||||
| Laptops with sensitive data not encrypted | ||||
| Master login created by IT and used by offices | ||||
| Users can download data to USB drives |
Student Name: ISOL 533 &P of &N
