Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
1. Assessment Worksheet
Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk
Management Controls
Course Name and Number:
_____________________________________________________
Student Name:
_____________________________________________________
___________
Instructor Name:
_____________________________________________________
_________
Lab Due Date:
_____________________________________________________
___________
Overview
In this lab, you defined COBIT P09, you described COBIT
P09’s six control objectives, you
explained how the threats and vulnerabilities align to the
definition for the assessment and
management of risks, and you used COBIT P09 to determine the
scope of risk management for
an IT infrastructure.
3. 5. What is the name of the organization that defined the COBIT
P09 Risk Management Framework?
6. Describe three of the COBIT P09 control objectives.
7. Describe three of the COBIT P09.1 IT Risk Management
Framework control objectives.
Course Name and Number: Student Name: Instructor Name: Lab
Due Date: Text16: Text17: Text18: Text19: Text20: Text21:
Text22:
Econ Data Analysis Project 1
My Name
Course
Instructor
Date
Is the percentage of homeless people same across all states?
Data Source: http://www.nareb.com/site-
files/uploads/2018/09/NAREB_Shiba2018_Web.pdf
4. Percentage of homeless population per state
Percentage of total population New york Chicago Philadelphia
Detroit Houston Mephis Baltimore Los Angeles
Washington D.C Dallas 24 31 43 80 23 64
63 9 48 25
City
Percent
Did Residential Segregation Indexes for Blacks or African
Americans change between 1980 and 2000?
Source: https://www2.census.gov/programs-
surveys/demo/tables/housing-patterns/time-series/housing-
patterns-tables/tab5-1.xlsx
Descriptive Statistics for Residential Segregation Indexes for
Blacks or African Americans: 1980, 1990, 2000 for all
metropolitan areas
1980
1990
2000
0.72699999999999998 0.67800000000000005 0.64
Research question: Is there a relationship between age and
poverty?
Source: https://www2.census.gov/programs-
surveys/cps/tables/pov-30/2019/pov30_200_1.xls
5. Distribution of People below 200% Poverty Status
.Under 16 years .16 to 24 years ..16 to 17 years ..18 to
21 years ..22 to 24 years .25 to 54 years .55 years and
over 64398 37970 8886 16155 12929 126935
94543
Age
Total number
How does prevalence of Invasive Melanoma vary across races?
RaceNumberAll Races77,698White73,395White,
Hispanic1,591White, non-Hispanic71,801Black372American
Indian/Alaska Native190Asian/Pacific
Islander239Hispanic1,725Total227,011
Source: https://www.cdc.gov/cancer/uscs/about/data-briefs/no9-
melanoma-incidence-mortality-UnitedStates-2012-2016.htm
Did Two-Adult-Two-Child Poverty Thresholds increase from
2017 to 2018?
Source: https://www2.census.gov/programs-
surveys/demo/tables/p60/268/table3.xls
Two-Adult-Two-Child Poverty Thresholds: 2017 and 2018
2017 ..Owners with mortgages ..Owners without mortgages
..Renters 27085 23261 27005 2018 ..Owners
with mortgages ..Owners without mortgages ..Renters 28342
24173 28166
6. Status
Number
Data Analysis Project 1
For this project each student will learn and demonstrate
competency in researching economics; that is, creatively
designing a research question, locating pertinent and credible
data to support an answer, and presenting results in a
professional and articulate manner. The skill set practiced in
this project is highly valued in business and government
occupations. Follow these steps to complete the project:
1. Using the data covered in the Demography and Housing
slides, generate five research questions to study (e.g. “Have
home prices in the U.S. increased since 2010?”, “What is the
racial composition of U.S. males?”). You are to create two
research questions from Demography, two from Housing, and
one from either category. You are to use at least 3 different data
sources (e.g. census, CDC, NAR, etc.) in the overall project.
2. Excel File: For each research question create an Excel sheet
with your data set and one graph. You are to use each of the
following graphs once in the overall project:
· Bar chart(horizontal or vertical)
· Pie chart
· Histogram
· Frequency table,
· Scatterplot (lined or unlined).
3. PowerPoint Presentation: For each question, create a
PowerPoint slide containing one graph, up to three bullet points
(optional), and hyperlinks to your data source website (make
sure the links work and ). The PowerPoint should also contain
an introduction slide (e.g. name, project #, and class).
8. ___________
Instructor Name:
_____________________________________________________
_________
Lab Due Date:
_____________________________________________________
___________
Overview
In this lab, you identified known risks, threats, and
vulnerabilities, and you organized them.
Finally, you mapped these risks to the domain that was
impacted from a risk management
perspective.
Lab Assessment Questions & Answers
1. Health care organizations must strictly comply with the
Health Insurance Portability and
Accountability Act (HIPAA) Privacy and Security rules that
require organizations to have proper
security controls for handling personal information referred to
as “protected health information,”
or PHI. This includes security controls for the IT infrastructure
handling PHI. Which of the listed
risks, threats, or vulnerabilities can violate HIPAA privacy and
security requirements? List one
and justify your answer in one or two sentences.
2. How many threats and vulnerabilities did you find that
impacted risk in each of the seven
domains of a typical IT infrastructure?
9. 3. Which domain(s) had the greatest number of risks, threats,
and vulnerabilities?
4. What is the risk impact or risk factor (critical, major, and
minor) that you would qualitatively
assign to the risks, threats, and vulnerabilities you identified for
the LAN-to-WAN Domain for
the health care and HIPAA compliance scenario?
5. Of the three System/Application Domain risks, threats, and
vulnerabilities identified, which one
requires a disaster recovery plan and business continuity plan to
maintain continued operations
during a catastrophic outage?
6. Which domain represents the greatest risk and uncertainty to
an organization?
7. Which domain requires stringent access controls and
encryption for connectivity to corporate
resources from home?
10. 8. Which domain requires annual security awareness training
and employee background checks for
sensitive positions to help mitigate risks from employee
sabotage?
9. Which domains need software vulnerability assessments to
mitigate risk from software
vulnerabilities?
10. Which domain requires acceptable use policies (AUPs) to
minimize unnecessary user-initiated
Internet traffic and can be monitored and controlled by Web
content filters?
11. In which domain do you implement Web content filters?
12. If you implement a Wireless LAN (WLAN) to support
connectivity for laptops in the
Workstation Domain, which domain does WLAN fall within?
13. Under the Gramm-Leach-Bliley-Act (GLBA), banks must
protect customer privacy. A given
bank has just implemented its online banking solution that
allows customers to access their
accounts and perform transactions via their computers or
personal digital assistant (PDA) devices.
Online banking servers and their public Internet hosting would
fall within which domains of
security responsibility?