1. What is an IT risk assessments goal or objective? 2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning a 1 risk impact/risk factor value of Critical to an identified risk, threat, or vulnerability? 4. After you had assigned the 1, 2, and 3 risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the 1, 2, and 3 risk elements? What would you say to executive management about your final recommended prioritization? 5. Identify a risk-mitigation solution for each of the following risk factors: a. User downloads and clicks on an unknown e-mail attachment b. Workstation OS has a known software vulnerability c. Need to prevent eavesdropping on WLAN due to customer privacy data access d. Weak ingress/egress traffic-filtering degrades performance e. DoS/DDoS attack from the WAN/Internet f. Remote access from home office g. Production server corrupts database Purchase the answer to view it Purchase the answer to view it
