IS3110: Unit 1 Role Scenario
1) Identify threats to the seven domains of IT within the organization:
A. User: Destroy data
B. Workstation: Loss of data, not updated
C. LAN: Unauthorized user, weak password
D. LAN –WAN: Hackers, weak traffic filtering
E. WAN- FTP anon uploads, DoS/DDoS
F. System Application: Fire, DoS/DDoS, SQL injection corrupting data G. Remote: user virus, remote from office unsecure, VPN tunnel hack
2) Identify vulnerabilities in the seven domains of IT within the organization.
A. User: Infected media, social engineering
B. Workstation: OS vulnerability, browser vulnerability
C. LAN: Worms, LAN OS vulnerability
D. LAN-WAN: malicious websites, unblocked ports
E. WAN: network outages
F. System Application: ISP down
G. Remote: Communication Circuit Outage, remote user virus.
3) Identify threat/vulnerability pairs to determine threat actions that could pose risks to the organization.
Terminated employees’ system identifiers (ID) are not removed from the system. Terminated employees
Dialing into company’s network and accessing company proprietary data. Company firewall allows inbound telnet, and guest ID is enabled on XYZ server Unauthorized users (e.g, hackers, terminated employees, computer criminals, terrorists) Using telnet to XYZ server and browsing system files with the guest ID The vender has identified flaws in the security design of the system; however, new patches have not been applied to the system. Unauthorized users (e.g, hackers, terminated employees, computer criminals, terrorists) Obtaining unauthorized access to sensitive system files based on known system vulnerabilities.
4) Estimate the likelihood of each threat action.
A. Terminated employee’s – Medium
B. Company firewall- High
C. Vendor- High
Please join StudyMode to read the full document