Hypothetical Computer System Risk Management Case Study
1. Case Learning Objectives
Identify the threats facing the assets of an organization.
Determine the asset value for each asset.
Identify current control measures.
Identify vulnerabilities of computer systems.
Assess risk considering the likelihood of the occurrence of
vulnerability, the information asset value, current controls and the
uncertainty of current knowledge.
Formulate a cost benefit analysis on risk controls.
Evaluate the management decision on risk mitigation strategies.
2. Case Description
Read reference [1], and discuss the following questions as a group. You are
to submit your answers to the following questions, and make a group
presentation on the due date. Your group may be assigned to only one part of
the following discussion questions.
3. Case Discussion Questions and Their Mappings to Blooms Taxonomy
Table 1: Mapping of Payroll Fraud case discussion questions to Blooms Taxonomy.
Payroll Fraud Case Discussion Questions
Cognitive Levels
1. What are the different types of payroll fraud threats?
Level 1 - Knowledge
2. What is the probability of payroll fraud threats (in terms of high,
medium, low)? What is the potential impact of payroll fraud threats
(in terms of high, medium, low)? Explain. Refer to [2].
Level 4 - Analysis
3. According to the Risk-Level Matrix in [2], determine the risk scale
Level 4 - Analysis
of payroll fraud threats.
4. What are the control measures currently in use to protect against
payroll fraud?
Level 1 - Knowledge
�Table 1: Mapping of Payroll Fraud case discussion questions to Blooms Taxonomy.
Payroll Fraud Case Discussion Questions
Cognitive Levels
5. What are the vulnerabilities related to payroll fraud found by the
risk assessment team?
Level 1 - Knowledge
6. Whats the recommendation by the risk assessment team?
Level 1 -- Knowledge
7. What are the final decisions made by HGA management? Justify
their decisions based on cost benefit analysis.
Level 1 - Knowledge
Level 6 - Evaluation
Table 2: Mapping of Payroll Errors case discussion questions to Blooms Taxonomy.
Payroll Errors Case Discussion Questions
Cognitive Levels
1. What are the different types of payroll errors?
Level 1 - Knowledge
2. What is the probability of payroll errors (in terms of high,
medium, low)? What is the potential impact of payroll errors (in
terms of high, medium, low)? Explain. Refer to [2].
Level 4 - Analysis
3. According to the Risk-Level Matrix in [2], determine the risk scale
Level 4 - Analysis
of payroll errors.
4. What are the control measures currently in use to protect against
payroll errors?
Level 1 - Knowledge
5. What are the vulnerabilities related to payroll error found by the
risk assessment team?
Level 1 - Knowledge
6. Whats the recommendation by the risk assessment team?
Level 1 - Knowledge
7. What are the final decisions made by HGA management? Justify
their decisions based on cost benefit analysis.
Level 1 - Knowledge
Level 6 - Evaluation
Table 3: Mapping of Interruption of Operations case discussion questions to Blooms
Taxonomy.
Interruption of Operations Case Discussion Questions
Cognitive Levels
1. What are the different types of interruption of operations?
Level 1 - Knowledge
2. What is the probability of interruption of operations (in terms of
high, medium, low)? What is the potential impact of interruption of
operations (in terms of high, medium, low)? Explain. Refer to [2].
Level 4 - Analysis
3. According to the Risk-Level Matrix in [2], determine the risk scale
Level 4 - Analysis
of interruption of operations.
4. What are the control measures currently in use to protect against
interruption of operations?
Level 1 - Knowledge
5. What are the vulnerabilities related to continuity of operations
found by the risk assessment team?
Level 1 - Knowledge
6. Whats the recommendation by the risk assessment team?
Level 1 - Knowledge
7. What are the final decisions made by HGA management? Justify
their decisions based on cost benefit analysis.
Level 1 - Knowledge
Level 6 - Evaluation
�Table 4: Mapping of Disclosure or Brokerage of Information case discussion questions to
Blooms Taxonomy.
Disclosure or Brokerage of Information Case Discussion
Questions
1. What are the different types of disclosure or brokerage of
information?
Cognitive Levels
Level 1 - Knowledge
2. What is the probability of disclosure/brokerage of information (in
terms of high, medium, low)? What is the potential impact of
Level 4 - Analysis
disclosure/brokerage (in terms of high, medium, low)? Explain.
Refer to [2].
3. According to the Risk-Level Matrix in [2], determine the risk scale
Level 4 - Analysis
of disclosure/brokerage of information.
4. What are the control measures currently in use to protect against
disclosure/brokerage of information?
Level 1 - Knowledge
5. What are the vulnerabilities related to information
disclosure/brokerage found by the risk assessment team?
Level 1 - Knowledge
6. Whats the recommendation by the risk assessment team?
Level 1 - Knowledge
7. What are the final decisions made by HGA management? Justify
their decisions based on cost benefit analysis.
Level 1 - Knowledge
Level 6 - Evaluation
Table 5: Mapping of Network Threats case discussion questions to Blooms Taxonomy.
Network Threats Discussion Questions
Cognitive Levels
1. What are the different types of network threats? Give a scenario
where HGA had experienced a network related attack.
Level 1 - Knowledge
2. What is the probability of network threats (in terms of high,
medium, low)? What is the potential impact of network threats (in
terms of high, medium, low)? Explain. Refer to [2].
Level 4 - Analysis
3. According to the Risk-Level Matrix in [2], determine the risk scale
Level 4 - Analysis
of network threats.
4. What are the control measures currently in use to protect against
network threats?
Level 1 - Knowledge
5. What are the network-related vulnerabilities found by the risk
assessment team?
Level 1 - Knowledge
6. Whats the recommendation by the risk assessment team?
Level 1 - Knowledge
7. What are the final decisions made by HGA management? Justify
their decisions based on cost benefit analysis.
Level 1 - Knowledge
Level 6 - Evaluation
