As part of a formal risk assessment on the use of laptops by employees of a large
Question:
As part of a formal risk assessment on the use of laptops by employees of a large government department, you have identified the asset “confidentiality of personnel information in a copy of a database stored unencrypted on the laptop” and the threat “theft of personal information, and its subsequent use in identity theft caused by the theft of the laptop.” Suggest reasonable values for the items in the risk register for this asset and threat, and provide justifications for your choices.
Table 14.5 Risk Register
Asset | Threat/ Vulnerability | Existing Controls | Likelihood | Consequence | Level of Risk | Risk Priority |
Internet router | Outside hacker attack | Admin password only | Possible | Moderate | High | 1 |
Destruction of data center | Accidental fire or flood | None (no disaster recovery plan) | Unlikely | Major | High | 2 |
Financial Accounting Information For Decisions
ISBN: 978-0324672701
6th Edition
Authors: Robert w Ingram, Thomas L Albright