Section 5: Controlling Risk
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
- Human resources: Hiring and termination practices
- Organizational structure: A formal security program
- Security policies: Accurate, updated, and known or used
- Access control: Least privileged
- System architecture: Separated network segments
- System configurations: Default configurations
- Heating and air conditioning: Proper cooling and humidity
- Fire: Fire suppression
- Flood: Data center location
- Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
- Next, describe at least 3 safeguards for each that could be put in place to address the risk.
- 5 years ago