Information Security Risk Management ITC6315 Assignment 2 Assignment For this exercise, read the provided case study about AcmeHealth, and rate the…

For this exercise, read the provided case study about AcmeHealth, and rate the risk exposure for each finding related to the following assets:

  1. Code Repository
  2. QA Server
  3. Production Application Server

You will need to assess the severity of each violation and also the likelihood that it would cause a breach of security. Use the severity and likelihood scales from Appendix B in the book (Tables 6.11 and 6.12) to evaluate each finding. A mapping table is provided (Figure 6.2) to calculate the Risk Exposure value for each severity/likelihood pair without taking sensitivity into account for now. Along with the ratings, describe in words why you rated the severity and likelihood this way. Review the provided example as a guideline.

Next, write down 3-5 questions for each finding that you might ask the resource owner or SME to further qualify the risk.