A Case Study on Controlling Risk
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
- Administrative
- Human resources: Hiring and termination practices
- Organizational structure: A formal security program
- Security policies: Accurate, updated, and known or used
- Technical
- Access control: Least privileged
- System architecture: Separated network segments
- System configurations: Default configurations
- Physical
- Heating and air conditioning: Proper cooling and humidity
- Fire: Fire suppression
- Flood: Data center location
- Administrative