Part 1: Review Questions
Why do networking components need more examination from an information security perspective than from a systems development perspective?
What value would an automated asset inventory system have for the risk identification process?
What are vulnerabilities?
What are the four risk control strategies?
Describe residual risk.
Describe how outsourcing can be used for risk transference.
Part 2: Module Practice
Identify threats associated with outside vendors. Use as an example the threats to the information security of a small internet commerce company with 10 employees. In this example, the company uses an outside vendor for its order fulfilment. Once the list of threats has been generated, assign a likelihood score to each threat.