Preparing for the activities

Question 1

What will help identify the risk severity of the attack (Activity 1)

Answer 1

Risk matrix

Question 2

When explaining the risks, it should be done with what in mind? (Activity 1)

Answer 2

Context of the scenario

Question 3

How many threats should be addressed by one protection measure (Activity 2)

Answer 3

As many as possible

Question 4

What will help justify the mitigation methods (Activity 2)

Answer 4

An explanation on the reasons for taking the actions

Question 5

What constraints should be considered when writing a protection measure (Activity 2)

Answer 5

The technical and financial constraints

Question 6

What responsibilities should be considered when writing the mitigations (Activity 2)

Answer 6

The legal responsibilities

Question 7

How will the mitigation affect the system? (Activity 2)

Answer 7

The mitigations will potentially affect the usability and accessibility of the system

Question 8

What analysis should help justify the protection measure (Activity 2)

Answer 8

Cost- Benefit Analysis

Question 9

What should be analysed when reviewing the evidence detail (Activity 4)

Answer 9

Analysis of what the evidence does and does not present against the scenario

Question 10

What about the source of the evidence should be considered? (Activity 4)

Answer 10

The reliability

Question 11

Should individual evidence items be considered against each other

Answer 11

No - Only write a conclusion for one evidence item at the end

Question 12

What should the final conclusion include? (Activity 4)

Answer 12

The evidence presented in each analysis to form a narrative

Question 13

List the 3 steps for activity 5

Answer 13

Adherence to company policy, how the policy can be improved, general weaknesses and omissions from the policy