Threat: An unauthorized employee tries to access data that is hosted on the server. Vulnerability: The organization does not use authentication and access controls. Likelihood: The likelihood is very low, depending on the organization and its budget. For the most part, most organizations have IT specialists that are tasked to keep everything on the network secure. In the government most all data is protected by multiple forms of security. LAN DOMAIN: Weak passwords could be broken with a brute force attacks. Ensure all access permissions are set up correctly. If there is not attention to detail with configurations unauthorized access may be easy to obtain on the network and information could be compromised or stolen.
Threat: Any type of malicious software that enters the network. Vulnerability: Antivirus software doesn’t detect the virus. Likelihood: The likelihood is frequent. Anti-viruses have a hard time keeping up to date before new viruses pop up. The best way to deal with this is keeping the automatic update enabled for one’s virus protection program, and if you suspect a virus either shutdown or at least disconnect from the network to prevent further contamination of the network. REMOTE ACCESS DOMAIN: Remote users could be infected with a virus, and when they connect to the internal network, they can propagate the virus without any knowledge. Threat: An attacker modifies or defaces a company Web site. Vulnerability: The Web site isn’t protected.
Likelihood: The likelihood of this is minimal, unless an inexperienced webmaster was hired. One way to avoid this is have a backup IT specialist to do checks and balances to ensure the website is secure. Another way to prevent this is by ensuring permissions and authentication is programmed properly. LAN-TO-WAN DOMAIN: A malicious web sites may be allowed access, malicious software may be downloaded, or firewalls are not configured properly; all of these can compromise a network...
Please join StudyMode to read the full document