Part 1: Review Questions
- Why do networking components need more examination from an information security perspective than from a systems development perspective?
- What value would an automated asset inventory system have for the risk identification process?
- What are vulnerabilities?
- What are the four risk control strategies?
- Describe residual risk.
- Describe how outsourcing can be used for risk transference.
Part 2: Module Practice
Identify threats associated with outside vendors. Use as an example the threats to the information security of a small internet commerce company with 10 employees. In this example, the company uses an outside vendor for its order fulfillment. Once the list of threats has been generated, assign a likelihood score to each threat.