Describe how you will test for associated risk
Section 5: Controlling Risk
Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
Administrative
Human resources: Hiring and termination practices
Organizational structure: A formal security program
Security policies: Accurate, updated, and known or used
Technical
Access control: Least privileged
System architecture: Separated network segments
System configurations: Default configurations
Physical
Heating and air conditioning: Proper cooling and humidity
Fire: Fire suppression
Flood: Data center location
Answer preview to describe how you will test for associated risk

314 Words