1. What is the end or aim of an IT hazard appraisal? The purpose of the hazard appraisal procedure is to take a jeopardy or cut down the degree of its hazard by adding safeguards or control steps. as necessary. By making so. you have created a safer and healthier workplace.
2. Why is it hard to carry on a qualitative hazard appraisal for an IT substructure? It is hard to carry on a qualitative hazard appraisal for an IT substructure because it determines the degree of hazard based on the chance and impact of the hazard. You determine these values by garnering the sentiments of experts.
3. What was your principle in delegating “1″ hazard impact/risk factor value of “Critical” for an identified hazard. menace or exposure? The “1″ hazard. menace. or exposure impacts conformity and places the company in place of increased liability but is non every bit critical as “2″ or ‘3. “
4. When you assembled all of the “1″ and “2″ and “3″ hazard impact/risk factor values to the identified hazards. menaces. and exposures. how did you prioritise the “1″ . “2″ . and “3″ hazard elements? What would you state to the executive direction in respects to your concluding recommended prioritization? a ) Critical – a hazard. menace. or exposure that impacts conformity and i. topographic points the organisation in a place of increased liability. B ) Major – a hazard. menace. or exposure that impacts the C-I-A of an organization’s rational belongings assets and IT substructure. degree Celsius ) Minor – a hazard. menace. or exposure that can impact user or employee productiveness or handiness of the IT substructure. This prioritization is what is best because you want to cognize the highest degree of exposure to the lowest.
5. Identify a hazard extenuation solution for each of the undermentioned hazard factors: a ) User downloads and chinks on an unknown e-mail fond regard. – Restrict user entree and set it up so the user has to acquire mandate for downloads B ) Workstation OS has a known package exposure. – Patch or update package. degree Celsius ) Need to forestall listen ining on WLAN due to client privateness informations entree. – Increase WLAN security utilizing WPA2 and AES encoding. vitamin D ) Weak ingress/egress traffic filtrating degrades public presentation. – Strengthen firewall filtering. vitamin E ) Dos/Ddos onslaught from the WAN/Internet. – Strengthen firewall security ; put in IPS and IDS systems to the substructure. degree Fahrenheit ) Remote entree from place office. – Make certain the VPN is in topographic point and secure. g ) Production waiter corrupts database. – Remove waiter. reconstruct database from last non-corrupt backup. and take corruptness from system.