Multi Task 3
Case Project 3-1: Mapping Risk Analysis to a Security Policy
Six months after a security policy has been formulated and put into place, your company decides to do a risk analysis. The data in Table 3-2 presents some of the findings. Suggest ways in which you would modify the security policy to cover the new threats.
Table 3-2 Modifying a security policy
|
Asset |
Threat |
Probability |
Consequences |
Risk Assessment |
Change |
|
Web server |
High |
Medium |
Serious |
Critical |
Was medium; Web site went online during this period |
|
Office computers |
Low |
Low |
Significant |
Medium |
Unchanged |
|
Customer data |
Medium |
High |
Damaging |
High |
Was medium; two employees in customer service were laid off and expressed anger |
|
Job records |
High |
High |
Serious |
Critical |
Was medium; one laptop was lost or stolen while VP of marketing was in airport |