Scribd Logo
Upload

Welcome to Scribd!

  • ISecMg T2A

    Uploaded by

    ahkow
    4 views1 page

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views1 page

    ISecMg T2A

    Uploaded by

    ahkow

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Diploma in Information Technology

    IT3111 InfoSecurity Management


    2018/2019 Semester 1
    Tutorial 2 – Risk Assessment and Risk Mitigation I
    Student Name _________________________

    Instructions

    1. Read Topic 2 lecture notes and answer the following questions.

    Questions

    1. List any two types of risk that information risk management focuses on.
    Answer:

    2. What are the 3 components in the Risk Assessment part of the ISO/IEC 27005:2011
    standard?
    Answer:

    3. Describe the steps you use to determine the risk level of malware attack that may affect
    your study in the school and at home. You need to use the keywords, asset, threat,
    impact, vulnerability and likelihood in your description. You also need to estimate and
    state the risk level of malware attack.
    Answer:

    4. State the advantage of using each of the two assessment methods, qualitative and
    quantitative methods. Discuss the best use of these two methods in the same risk
    assessment project.
    Answer:

    5. Describe 4 vulnerabilities which may be exploited by malware to attack lab PCs in the
    school. Suggest a security control that can reduce each of the 4 vulnerabilities.
    Answer:
    School of Information Technology

    UNCONTROLLED
    COPY

    IT3111 Tutorial 2 Page 1

    You might also like