2. The primary focus was to inform the executive management about the different level of risks, threats, and vulnerabilities that could affect their business. That executive management need to prioritize these risks based the amount of damage they could do to the business if their vulnerabilities …show more content…
I categorized threats based on the potential damage they could do to a business. A critical risk affects the business as a whole and can impact the compliance of a business, and place the organization in in apposition of liability. Major risks affects the assets of a business can impact the confidentiality, integrity, and availability of an organization’s intellectual property assets and IT infrastructure. Minor risk can affect a single user or employees and can cause a lack of productivity and availability of the IT infrastructure.
4. An anti-virus software can be use to mitigate the risk since the program would be able to scan the CD or USB as soon as it plugged in. Also, the employees should made aware about the companies policy about uploading personal photos, music, and videos on an organization owned computer.
5. Security baseline is basically the starting point of a system. The baseline set the standard in an organization as it represent the minimum require security settings the need to be applied to the technology within the organization.
6. Some question that I have with the executive management includes what is the budget, what are your most important resources, what security measure do we already have, and what risks do they think should take