Assume you are using your home computer for work, connecting to the company network through a Virtual Private Network (VPN).
1) Refer to your self-assessment from Unit-4 to create a Plan of Action and Milestones (POA&M):
a) Identify failed security controls that cannot be mitigated and explain your rationale.
b) Identify failed security controls that can be corrected.
c) Provide a plan, including timelines, for mitigating correctable controls.
2) Mitigation through system development:
a) Calculate your system’s annual loss expectancy (Asset Value x Annual Rate of Occurrence).
b) Identify technologies could mitigate the uncorrectable controls you identified, along with their annual cost.
c) Assess how much the annual loss expectancy is reduced. Are the new technologies financially feasible?
d) Recommend whether the company should implement the new technologies, or accept current risks.