Exercise 1: If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and data.
Exercise 2: Using the list of threats to InfoSec presented in Chapter 6 identify and describe three instances of each that were not mentioned in the chapter.