1. The goal or objective of an IT risk assignment is to remove a hazard or reduce the level of its risk by adding precautions or control measures, as necessary.
2. The reason why it’s so hard to conduct a qualitative risk assessment is because no one is going to take the time to take the value of everything in the company, the greatest valued items half to be discussed with someone usually in a higher power, and it is hard to tell what has the most valued risk at that time in the company due to changes in the company.
3. In regards to assigning “1” risk impact/risk factor value of “critical” for an identified risk, threat, and vulnerability is the cost of total loss of hardware for both primary and backup systems for data for the entire company.
4. I prioritized the 1, 2, and 3 risk elements by greatest impact to the company for both a cost value and for the means to get the company back to working order. What I would say to an executive is that the cost of value to your company is greatest when your system is compromised on hardware that has the most valued data within the company and when backup is down long enough to the point of no return.
5. Identify risk mitigation solutions
User downloads and clicks on an unknown e-mail attachment: Effective email attachment filtering and restrictions reduce the likelihood of malicious content entering the network. Workstation OS has a known software vulnerability: either update the software or find other software that works Need to prevent eavesdropping on WLAN due to costumer privacy data access: protect against monitoring software, know what devices are present on your network and their software, and use encryption. Weak ingress/egress traffic filtering degrades performance: VPN tunneling between remote computer and ingress/egress router is needed, and WLAN access points for LAN connectivity. DoS/DDoS attack from the WAN/Internet: buy more bandwidth, denial of service, and good load balancing.
Remote access from home office: intercept information as it travels between the remote user and your intranet, make an unauthorized remote access connection by successfully impersonating a legitimate remote access user, and gain direct access to information that is stored on computers within your intranet. Production server corrupts database: take inventory, Standardize the configurations for each database server.