Professional Documents
Culture Documents
Instructions
Questions
1. List any two types of risk that information risk management focuses on.
Answer:
2. What are the 3 components in the Risk Assessment part of the ISO/IEC 27005:2011
standard?
Answer:
3. Describe the steps you use to determine the risk level of malware attack that may affect
your study in the school and at home. You need to use the keywords, asset, threat,
impact, vulnerability and likelihood in your description. You also need to estimate and
state the risk level of malware attack.
Answer:
4. State the advantage of using each of the two assessment methods, qualitative and
quantitative methods. Discuss the best use of these two methods in the same risk
assessment project.
Answer:
5. Describe 4 vulnerabilities which may be exploited by malware to attack lab PCs in the
school. Suggest a security control that can reduce each of the 4 vulnerabilities.
Answer:
School of Information Technology
UNCONTROLLED
COPY