Week 2: Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls
Lab #2 Lab Report File:
Risk Management – IS355
Sherry Best
Nicole Goodyear
January 23, 2018
Describe the primary goal of the COBIT v4.1 framework. Define COBIT.
The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT with understanding and managing the risks associated with IT. COBIT also bridges the gaps between control requirements, business risk, and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems by developing good practices for IT control for organization.
…show more content…
Process Controls (PC) each COBIT process has genetic control requirements that are identified by PCn for process control number. They should be considered together with the process control objectives to have a complete view of control requirements.
6. Application Controls(AC) COBIT assumes the design and implementation of automated application controls to be responsibility of IT, which is covered in the Acquire and Implement domain based on business requirements defined using COBIT’s information criteria. The COBIT IT processes cover general IT controls, but only the development aspects of application controls.
View value and Risk Driver, describe what these objective covers.
The value and risk driver provide an informative basis for the achievement of control objectives and therefore for the realization and support of the risk management. Value drives can be interpreted as examples for upcoming business benefits through an adequate control coverage, where as the risk driver can be seen as examples for avoiding or handling risks.
In your Lab Report file, explain how you use the P09 Control Objectives to organize identified IT risks, threats, and vulnerabilities so you can then manage and remediate the risks, threats, and vulnerabilities in a typical infrastructure.
…show more content…
For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
Denial of service attack- close the ports and change the passwords.
Loss of Production Data- Backup the data and restore the data from the most recent known safe point.
Unauthorized access Workstation- Implement a policy where employees must adjust their passwords every sixty days and that they must set a screen lock out when they step away from their workstation
4. True or false: COBIT P09 risk management control objectives focus on assessment and management of IT risk.
True
5. What is the name of the organization that defined the COBIT P09 Risk Management Framework?
Information Systems Audit and Control Association (ISACA).
6. Describe three of the COBIT P09 control objectives.
• Plan and Organize is the domain that deals with the strategy and tactics and concerns the identification of the way information technology can best provide to the accomplishment of the business