Hands-On Project 1-1: Assessing and Prioritizing Risks, page 40 of Database Security by Alfred Basta, Melissa Zgola First Edition.
You have been hired as the security professional in your current work or school environment. Your department has experienced a recent breach within its database architecture. Your manager feels it is time to reassess the network as a first step in a phased approach to hardening the network security. You have been delegated to lead this assessment. Research your organization or school to determine its database architecture. Write a paper describing your assessment process. Include the following information in your paper:
- Define who would be included in the assessment of the database environment.
- Identify the assets that you are protecting.
- Define the threats you are protecting yourself against.
- Using the following table, assign a risk value to each threat, based on its likelihood and cost to the company.
- Prioritize your threats based on their risk value (5 being the highest risk and 1 being the lowest).
Solution Preview :
This paper presents a response to the project on assessment and prioritizing risks. Accordingly, in the whole process of evaluating the firm’s database environment, the IT personnel, the management team, the security analyst, and key staff handling the database need to be involved. In this regard, key assets that need to be protected include company secrets, customer records, intellectual property, and financial records, and financial records.