Scribd Logo
Upload

Welcome to Scribd!

  • Worksheet: C235 IT Security and Management

    Uploaded by

    hamzah
    12 views4 pages

    Original Title

    C235 P04 WS

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views4 pages

    Worksheet: C235 IT Security and Management

    Uploaded by

    hamzah

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    C235 IT Security and Management

    Problem 4 – Secure Office

    Worksheet

    Assets (Tangible vs Intangible)


    1. In your view, how would you explain the term ‘Assets’?

    2. Explain the differences between a tangible asset and an intangible asset?

    Assets, Vulnerabilities, Risk and Threats


    Imagine you are walking down a dark lonely alley, with your passport, an expensive
    watch, a silver ring given by your late grandmother, your laptop, a wallet with S$900
    and three credit cards in your pocket.

    1. What items do you consider as assets here?

    2. Can you determine the values of the items that you are carrying?

    3. Which of the items do you think has the highest intangible value?

    4. Rank/rate the above list of items from most important to least important?

    5. Why have you given this ranking/rating? Have you taken into consideration the
    tangible and intangible value of each of the items when you are ranking/rating the
    list of items?

    6. What are the potential vulnerabilities in this scenario?


    Vulnerabilities: Weakness/ Lack of a safeguard

    7. What are the threats that you may encounter in this situation?

    8. Identify the risks related to the above threats and vulnerabilities.

    9. How would you prevent such risks from happening?

    10. What is the risk of you being robbed at knife/gun point if


    a. You are not carrying any valuables when you walked through the same alley
    b. You are with a group of friends when you walked through the same alley
    c. You are walking in a crowded place instead of the dark lonely alley

    Copyright © 2013 by Republic Polytechnic, Singapore. All rights reserved. Page 1


    C235 IT Security and Management

    11. How is risk related to assets, vulnerabilities and threats?

    Looking at the problem statement:


    (Note: Use the template on the next page)

    For the company, discuss the following with your team members:
    1. What are the assets for the company? For each asset you have given, determine
    whether they are tangible or intangible.

    2. What do you think are the vulnerabilities? What is the difference between vulnera-
    bilities and threats?

    3. Now rank/rate each of the vulnerabilities based on each of the quotations. Why
    have you given this value for each of the quotations?

    What are the potential threats that the company will face?

    Rank/rate the threats based on each of the given quotations. Likewise, why have
    you given this value for each of the quotations?

    4. Now perform a Qualitative Risk Analysis for each of the quotations.


    i. Read the given resource to find out the formula for Relative Risk
    ii. How are Assets, Threats and Vulnerabilities related in computing Relative
    Risk?
    iii. Do you need to calculate the Relative Risk based on each Asset? (Hint: read
    the resources carefully).

    5. Based on the Qualitative Risk Analysis, which of the quotations is the best?

    6. Do you think Qualitative Risk Analysis is the best way to justify the quotation? Do
    you need to take into considerations of other factors when you choose the quota-
    tion?

    Challenge Question (Quantitative Analysis):

    1. How does a Quantitative Analysis differ from a qualitative risk analysis?

    2. Consider the following scenario: Tom a risk analyst officer estimated that in year
    Company XYZ loses 7 laptops due to either theft or negligence. A loss of $1000
    was also estimated for each laptop misplaced/stolen. Tim the CEO of the company
    questioned Tom if it was worthwhile getting insurance for all company laptops.

    Copyright © 2013 by Republic Polytechnic, Singapore. All rights reserved. Page 2


    C235 IT Security and Management

    Assuming that the insurance cost $10,000 per annum, should Tom recommend
    purchasing it? Explain the decision. (Watch the video in the link provided below)

    3. Referring to Q2, if the loss incurred per missing laptop does not include the loss of
    confidential information, is it still fair to assign a loss of $1000 to each laptop?
    Justify why.

    Hint: http://www.professormesser.com/free-comptia-security-training/risk-calculations/

    Assets Template
    List the assets and rank/rate the value from 1 (least important) to 5 (Most important)
    Assets Value Tangible?(Yes/No)

    Employees ? ?

    Threats template
    Rank/rate the threats from 1(the lowest) to 5(the highest)
    Threats Quotation 1 Quotation 2 Quotation 3

    Fire ? ? ?

    Copyright © 2013 by Republic Polytechnic, Singapore. All rights reserved. Page 3


    C235 IT Security and Management

    Vulnerabilities template
    Rank/rate the vulnerabilities from 1(the least vulnerable) to 5 (the most vulnerable)
    Vulnerabilities Quotation 1 Quotation 2 Quotation 3

    Building Access ? ? ?

    Qualitative Risk Analysis


    Use the formula Risk = Asset * Vulnerability * Threat to compute the Qualitative Risk
    Analysis
    Risk Relative Risk Relative Risk Relative Risk
    Quotation 1 Quotation 2 Quotation 3
    Office ? ? ?
    destroyed by
    fire

    Copyright © 2013 by Republic Polytechnic, Singapore. All rights reserved. Page 4

    You might also like