Risk Analysis Exercise

Risk Analysis Exercise

Perform a formal risk assessment for the three following assets and threats. Use the Risk Register table provided below for your answers. Justify your decisions.
1) As part of a formal risk assessment of desktop systems in a small accounting firm with limited IT support, you have identified the asset “integrity of customer and financial data file on the desktop systems” and the threat “corruption of the files due to import of a worm/virus onton to system.” Suggest reasonable values for the items risk register (below) for this asset and threat, and provide justifications for your choices.

2) As part of formal risk assessment of the main file server for a small local police department, you have identified the asset “integrity of case investigation records on the server” and the threat of “accidental/intentional delete or altering of the records by an employee” as the threat. Suggest reasonable values for the items risk register (below) for this asset and threat, and provide justifications for your choices.

3) As part of a formal risk assessment on the use of laptops of a large government department, you have identified the asset “confidentiality of personnel information in a copy of a database stored unencrypted on the laptop” and the threat “theft of personal information, and its subsequent use in identity theft caused by the theft of the laptop.” Suggest reasonable values for the items risk register (below) for this asset and threat, and provide justifications for your choices.
Asset Threat/
Vulnerability Existing Controls Likelihood Consequence Level of Risk Risk
Priority
integrity of customer and financial data file on the desktop systems corruption of the files due to import of a worm/virus onton to system
integrity of case investigation records on the server accidental/intentional delete or altering of the records by an employee
confidentiality of personnel information in a copy of a database stored unencrypted on the laptop theft of personal information, and its subsequent use in identity theft caused by the theft of the laptop
Note: Use the Risk Management powerpoint to help you determine the appropriate values for each column