Scribd Logo
Upload

Welcome to Scribd!

  • Assessing Risks to Hypothetical Computer System

    Uploaded by

    Quốc Việt Nguyễn
    50 views4 pages
    This document outlines a case study on assessing and mitigating risks to a hypothetical computer system. It provides learning objectives for the case study and describes the case. It then presents 5 tables that map discussion questions on different risk topics (payroll fraud, payroll errors, interruption of operations, disclosure/brokerage of information, network threats) to Bloom's Taxonomy cognitive levels. The document concludes by listing two references on risk assessment and management.

    Original Description:

    Original Title

    Suppl_Assessing and Mitigating Risks

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines a case study on assessing and mitigating risks to a hypothetical computer system. It provides learning objectives for the case study and describes the case. It then presents 5 tables that map discussion questions on different risk topics (payroll fraud, payroll errors, interruption of operations, disclosure/brokerage of information, network threats) to Bloom's Taxonomy cognitive levels. The document concludes by listing two references on risk assessment and management.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    50 views4 pages

    Assessing Risks to Hypothetical Computer System

    Uploaded by

    Quốc Việt Nguyễn
    This document outlines a case study on assessing and mitigating risks to a hypothetical computer system. It provides learning objectives for the case study and describes the case. It then presents 5 tables that map discussion questions on different risk topics (payroll fraud, payroll errors, interruption of operations, disclosure/brokerage of information, network threats) to Bloom's Taxonomy cognitive levels. The document concludes by listing two references on risk assessment and management.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Assessing and Mitigating Risks to a

    Hypothetical Computer System Case Study

    1. Case Learning Objectives:


     Identify the threats facing the assets of an organization.
     Determine the asset value for each asset.
     Identify current control measures.
     Identify vulnerabilities of computer systems.
     Assess risk considering the likelihood of the occurrence of vulnerability, the
    information asset value, current controls and the uncertainty of current knowledge.
     Recommend risk mitigation strategies for controlling risks.
     Formulate a cost benefit analysis on risk controls.
     Evaluate the management decision on risk mitigation strategies.

    2. Case Description
    Read reference [1], and discuss the following questions as a group. You are to submit
    your answers to the following questions, and make a group presentation on the due date.
    Your group may be assigned to only one part of the following discussion questions.

    3. Case Discussion Questions and Their Mappings to Bloom’s Taxonomy

    Table 1: Mapping of Payroll Fraud case discussion questions to Bloom’s Taxonomy.

    Payroll Fraud Case Discussion Questions Cognitive Level


    1. What are the different types of payroll fraud threats? Level 1 -- Knowledge

    2. What is the probability of payroll fraud threats (in Level 4-- Analysis
    terms of high, medium, low)? What is the potential
    impact of payroll fraud threats (in terms of high, medium,
    low)? Explain. Refer to [2].

    3. According to the Risk-Level Matrix in [2], determine Level 4 -- Analysis


    the risk scale of payroll fraud threats.

    4. What are the control measures currently in use to Level 1 -- Knowledge


    protect against payroll fraud?

    5. What are the vulnerabilities related to payroll fraud Level 1 -- Knowledge


    found by the risk assessment team?

    6. What’s the recommendation by the risk assessment Level 1 -- Knowledge


    team?

    7. What are the final decisions made by HGA Level 1 – Knowledge


    management? Justify their decisions based on cost Level 6 - Evaluation
    benefit analysis.

    Table 2: Mapping of Payroll Errors case discussion questions to Bloom’s Taxonomy.

    Payroll Errors Case Discussion Questions Cognitive Level


    1. What are the different types of payroll errors? Level 1 -- Knowledge

    2. What is the probability of payroll errors (in terms of Level 4-- Analysis
    high, medium, low)? What is the potential impact of
    payroll errors (in terms of high, medium, low)? Explain.
    Refer to [2].

    3. According to the Risk-Level Matrix in [2], determine Level 4 -- Analysis


    the risk scale of payroll errors.

    4. What are the control measures currently in use to Level 1 -- Knowledge


    protect against payroll errors?

    5. What are the vulnerabilities related to payroll error Level 1 -- Knowledge


    found by the risk assessment team?

    6. What’s the recommendation by the risk assessment Level 1 -- Knowledge


    team?

    7. What are the final decisions made by HGA Level 1 – Knowledge


    management? Justify their decisions based on cost Level 6 - Evaluation
    benefit analysis.

    Table 3: Mapping of Interruption of Operations case discussion questions to Bloom’s


    Taxonomy.

    Interruption of Operations Cognitive Level


    Case Discussion Questions
    1. What are the different types of interruption of Level 1 -- Knowledge
    operations?

    2. What is the probability of interruption of operations (in Level 4-- Analysis


    terms of high, medium, low)? What is the potential
    impact of interruption of operations (in terms of high,
    medium, low)? Explain. Refer to [2].
    3. According to the Risk-Level Matrix in [2], determine Level 4 -- Analysis
    the risk scale of interruption of operations.

    4. What are the control measures currently in use to Level 1 -- Knowledge


    protect against interruption of operations?

    5. What are the vulnerabilities related to continuity of Level 1 -- Knowledge


    operations found by the risk assessment team?

    6. What’s the recommendation by the risk assessment Level 1 -- Knowledge


    team?

    7. What are the final decisions made by HGA Level 1 – Knowledge


    management? Justify their decisions based on cost Level 6 - Evaluation
    benefit analysis.

    Table 4: Mapping of Disclosure or Brokerage of Information case discussion questions to


    Bloom’s Taxonomy.

    Disclosure or Brokerage of Information Cognitive Level


    Case Discussion Questions
    1. What are the different types of disclosure or brokerage Level 1 -- Knowledge
    of information?

    2. What is the probability of disclosure/brokerage of Level 4-- Analysis


    information (in terms of high, medium, low)? What is the
    potential impact of disclosure/brokerage (in terms of
    high, medium, low)? Explain. Refer to [2].

    3. According to the Risk-Level Matrix in [2], determine Level 4 -- Analysis


    the risk scale of disclosure/brokerage of information.

    4. What are the control measures currently in use to Level 1 -- Knowledge


    protect against disclosure/brokerage of information?

    5. What are the vulnerabilities related to information Level 1 -- Knowledge


    disclosure/brokerage found by the risk assessment team?

    6. What’s the recommendation by the risk assessment Level 1 -- Knowledge


    team?

    7. What are the final decisions made by HGA Level 1 – Knowledge


    management? Justify their decisions based on cost Level 6 - Evaluation
    benefit analysis.
    Table 5: Mapping of Network Threats case discussion questions to Bloom’s Taxonomy.

    Network Threats Discussion Questions Cognitive Level


    1. What are the different types of network threats? Give a Level 1 -- Knowledge
    scenario where HGA had experienced a network related
    attack
    2. What is the probability of network threats (in terms of Level 4-- Analysis
    high, medium, low)? What is the potential impact of
    network threats (in terms of high, medium, low)?
    Explain. Refer to [2].

    3. According to the Risk-Level Matrix in [2], determine Level 4 -- Analysis


    the risk scale of network threats.

    4. What are the control measures currently in use to Level 1 -- Knowledge


    protect against network threats?

    5. What are the network-related vulnerabilities found by Level 1 -- Knowledge


    the risk assessment team?

    6. What’s the recommendation by the risk assessment Level 1 -- Knowledge


    team?

    7. What are the final decisions made by HGA Level 1 – Knowledge


    management? Justify their decisions based on cost Level 6 - Evaluation
    benefit analysis.

    4. References

    [1] National Institute of Standards Technology Standard, “Chapter 20 Assessing and


    Mitigating the risks to a hypothetical computer system”, An Introduction to Computer
    Security: The NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-
    12/handbook.pdf, pp. 243-267.

    [2] National Institute of Standards Technology Standard, Risk Management Guide for
    Information Technology Systems, NIST special publication 800-30. Available at:
    http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

    You might also like