Align Risks, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls
a. Unauthorized access from public internet - HIGH b. User destroys data in application and deletes all files - LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages - MEDIUM e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood …show more content…
6. True or False – COBIT P09 Risk Management controls objectives focus on assessment and management of IT risk.
7. Why is it important to address each identified threat or vulnerability from a C-I-A perspective?
8. When assessing the risk impact a threat or vulnerability has on your “information” assets, why must you align this assessment with your Data Classification Standard? How can a Data Classification Standard help you assess the risk impact on your “information” assets?
9. When assessing the risk impact a threat or vulnerability has on your “application” and