cyber security

Q1. Risk Management (4 points)

Consider the risk assessment report posted on the course D2L titled: “DETAILED RISK ASSESSMENT REPORT”. Read the report and answer the following questions.

a. What is the system in scope of the risk assessment included in the report? And what does that system do (functionality)?

b. What techniques were used in performing the risk assessment? Elaborate on how each of the techniques helps in the assessment?

c. What is the risk model the report adopted for evaluating risks, and what scales were used?

d. Considering the flow diagram provided in section 3.5, list two good network security controls that are included in the design?

e. Consider the vulnerability statements (risk scenarios) listed in section 4. Reflect on the password related statement, and possible mitigations?

f. Given the risks assessment results listed in the table in Section 5. Construct a risk register, adding the risk response column and populate with what you think is an appropriate risk response action (e.g. accept, mitigate, etc.)

Q.2 Access Control Matrix (3 points)

Explain the following file permissions in UNIX

a. -rw-r--r—

b. drwxr-xr-x

c. 0400

Q. 3) Read the following article

https://www.varonis.com/blog/endpoint-security/

and construct a one slide summarizing the following:

- End-point security domains and main risks 

- Security approach

- Some common myths about end-point security.