Section: Controlling Risk
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
- Administrative
- Human resources:Hiring and termination practices
- Organizational structure:A formal security program
- Security policies:Accurate, updated, and known or used
- Technical
- Access control:Least privileged
- System architecture:Separated network segments
- System configurations:Default configurations
- Physical
- Heating and air conditioning:Proper cooling and humidity
- Fire:Fire suppression
- Flood:Data center location
- Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
- Next, describe at least 3 safeguards for each that could be put in place to address the risk.