Scribd
Upload
40 views1 page

Assignment 02

The assignment from COMSATS University focuses on investigating countermeasures and security controls to minimize risks in information security. It presents two questions: one regarding the identification of vulnerabilities in a financial services company's database and the implementation of a risk control strategy, and another about evaluating three information assets to prioritize vulnerability controls. The assignment emphasizes the importance of protecting sensitive financial data and ensuring compliance with regulatory requirements.

Uploaded by

Maryam Farooq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
40 views1 page

Assignment 02

The assignment from COMSATS University focuses on investigating countermeasures and security controls to minimize risks in information security. It presents two questions: one regarding the identification of vulnerabilities in a financial services company's database and the implementation of a risk control strategy, and another about evaluating three information assets to prioritize vulnerability controls. The assignment emphasizes the importance of protecting sensitive financial data and ensuring compliance with regulatory requirements.

Uploaded by

Maryam Farooq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

COMSATS University, Islamabad (CUI)

Department of Computer Science


Assignment – 04

Course: CSC432- Information Security Time Allowed (-) / Total Marks: 15


Date: 26-03-2025 Class / Semester: BSSE-5A /BSAI-7A/ Spring- 2025
Reg. no: _________________________________ NAME ___________________

[CLO4]: (Investigate various counter measures and security controls to minimize risk and exposure.)
Question-01: A financial services company’s database stores sensitive financial information
about its customers. This data is accessed by employees and used in a variety of systems for
processing loans, transactions, and customer support. The organization has noticed that an
increasing number of cyber attacks, such as phishing attempts and malware infections, are
targeting its employees. Additionally, a recent audit revealed that certain systems storing
sensitive information are outdated and vulnerable to known exploits. The company also operates
in a highly regulated environment, making it essential to protect customer data from any
potential breaches.
Identify vulnerabilities to Information Assets and how company implement an effective risk
control strategy to protect sensitive financial data from cyber threats while ensuring compliance
with regulatory requirements?

Question-02: If an organization has three information assets to evaluate for risk management, as
Shown in the accompanying data, which vulnerability should be evaluated for additional
controls first? Which one should be evaluated last? Detail of these three information assets is:
Switch L47 connects a network to the Internet. It has two vulnerabilities: it is susceptible to
hardware failure at a likelihood of 0.2, and it is subject to an SNMP buffer overflow attack at a
likelihood of 0.1. This switch has an impact rating of 90 and has no current controls in place.
You are 75 percent certain of the assumptions and data.
Server WebSrv6 hosts a company Web site and performs e-commerce transactions. It has a
Web server version that can be attacked by sending it invalid Unicode values. The likelihood of
that attack is estimated at 0.1. The server has been assigned an impact value of 100, and a control
has been implanted that reduces the impact of the vulnerability by 75 percent. You are 80 percent
certain of the assumptions and data.

End

You might also like