‫لمياء محمد النواش‬

‫ابتهاج الحربي‬
‫روان عواد‬
‫ابتسام الزنان‬

Identifying and Assessing Risk

If an organization has three information assets to evaluate for risk -1
management purposes, as shown in the accompanying data, which
vulnerability should be evaluated for additional controls first? Which
?vulnerability should be evaluated last
The Server WebSrv6 vulnerability has a higher likelihood of attack, a greater impact if
it is exploited, and a higher certainty of the assumptions and data used to calculate
the risk score. This means that the Server WebSrv6 vulnerability is a more serious
.threat to the organization than the Switch 147 vulnerability
.So, from highest to lowest: Server WebSrv6, MGMT45 control, Switch 147

Using the Web, search for at least three tools to automate risk -2
assessment. Collect information on automated risk Closing Case
assessment tools. What do they cost? What features do they provide?
?What are the advantages and disadvantages of each one
LogicGate -1
.Cost: Starts at $30,000 per year
:Features
.Cloud-based GRC platform-
.Automates risk assessment, incident management, and compliance tracking -
.Pre-built risk templates and libraries-
.Workflow automation and collaboration tools-
.Real-time reporting and dashboards-

Advantages
Comprehensive solution for all
.GRC needs
Scalable for organizations of all
.sizes
.User-friendly interface
Strong data security and
.compliance features
Disadvantages
.Costly for small businesses
Requires some training and
.implementation time
Limited customization options for
.specific industries
 ‫لمياء محمد النواش‬
‫ابتهاج الحربي‬
‫روان عواد‬
‫ابتسام الزنان‬
.Fusion Risk Management -2
.Cost: Starts at $15,000 per year
:Features
-.Web-based risk management platform
-.Automates risk identification, assessment, and mitigation
-.Customizable risk frameworks and templates
-.Integrated incident management tools
-.Real-time risk scoring and reporting
Advantages Disadvantages

.Affordable compared to LogicGate .Not as feature-rich as LogicGate

.Easy to set up and use .Limited reporting and analytics capabilities

.Flexible risk management capabilities .Limited reporting and analytics capabilities

.Good customer support May not be suitable for complex risk

.environments

3- Rsam.
.Cost: Varies depending on the modules and features used
:Features
.Comprehensive GRC platform with integrated risk assessment tools -
.Automates data collection, analysis, and reporting-
.Risk prioritization and remediation planning tools-
.Regulatory compliance management features-
.Audit and reporting capabilities-

Advantages
.Highly customizable and scalable
Wide range of features and
.functionalities
.Strong track record in the GRC industry
Excellent customer support and
.training
Disadvantages
.Most expensive option on this list
.Complex to set up and use
May require significant training and
.resources
Not suitable for small businesses with
.simple risk needs
 ‫لمياء محمد النواش‬
‫ابتهاج الحربي‬
‫روان عواد‬
‫ابتسام الزنان‬

Using the list of threats to InfoSec presented in this chapter, identify -3

?and describe three instances of each that were not mentioned
Human Error or Failure Theft Software Attacks

Employee accidentally Phishing attacks Supply chain attacks

deletes critical data
Unintentional data Social engineering Zero-day attacks
exposure
Negligent password Physical theft of devices Ransomware attacks
management

Using the data classification scheme presented in this chapter, -4

identify and classify the information contained in your personal
computer or personal digital assistant. Based on the potential for
misuse or embarrassment, what information is confidential, sensitive
?but unclassified, or suitable for public release
Smart TV
Smart TV user profile: Confidential-1
Examples: User name, password, email address, payment information, viewing
.history, search history

.Smart TV device information: Sensitive but Unclassified -2

Examples: Device model, device serial number, IP address, MAC address, firmware
.version

.Smart TV usage data: Sensitive but Unclassified -3

.Examples: App usage data, channel tuning data, voice recognition data

.Smart TV content preferences: Suitable for Public Release -4

.Examples: Favorite genres, favorite shows, preferred streaming services