Assignment:
Controlling Risk Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
ADMINISTRATIVE
Human resources: Hiring and termination practices
Organizational structure: A formal security program
Security policies: Accurate, updated, and known or used
TECHNICAL
Access control: Least privileged
System architecture: Separated network segments
System configurations: Default configurations
PHYSICAL
Heating and air conditioning: Proper cooling and humidity
Fire: Fire suppression
Flood: Data center location
Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them. Next, describe at least 3 safeguards for each that could be put in place to address the risk.