Computer Science
Section: Controlling Risk
• Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
o Administrative
- Human resources: Hiring and termination practices
- Organizational structure: A formal security program
- Security policies: Accurate, updated, and known or used
o Technical
- Access control: Least privileged
- System architecture: Separated network segments
- System configurations: Default configurations
o Physical
- Heating and air conditioning: Proper cooling and humidity
- Fire: Fire suppression
- Flood: Data center location
• Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
• Next, describe at least 3 safeguards for each that could be put in place to address the risk.