1. What is an IT risk assessment’s goal or objective?
2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure?
3. What was your rationale in assigning a “1” risk impact/risk factor value of “Critical” to an
identified risk, threat, or vulnerability?
4. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks,
threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What
would you say to executive management about your final recommended prioritization?
5. Identify a risk-mitigation solution for each of the following risk factors:
a. User downloads and clicks on an unknown e-mail attachment
b. Workstation OS has a known software vulnerability
c. Need to prevent eavesdropping on WLAN due to customer privacy data access
d. Weak ingress/egress traffic-filtering degrades performance
e. DoS/DDoS attack from the WAN/Internet
f. Remote access from home office
g. Production server corrupts database