Risk Threats And Vulnerabilities Project 1

Good Essays
Risk Threats And Vulnerabilities
Marisel Hernandez
Professor Julian Slaughter
Foundations of Cyber Security
July 6, 2015

Assessing risk, threats, and vulnerabilities
Focus on the problem as soon as it occurs
The severity of the companies security impact due to the data breach
Investigation on the severity of incident and its damages
Actions taken towards this threat
Insights of similar incident
Requirement policies
Identifying reports
Actions that need to be taken
Outcomes and results due to malware attack
Consequences of the attack
Impact of possible exposure to incident
How to prevent future incidents

As we already know Fullsoft Inc, has recently experienced a malware attack that has resulted in proprietary information being leaked. Even though the company is now in the process of this breach being recovered, we will need to come up with a plan so we can prevent such incident of happening again.
[Us as] security professional need to be aware of common attack methods so that they can take proactive steps to prevent attacks [by recognizing] them when they occur and respond [to them] appropriately (James M. Stewart, p. 48).
In order for such incidents to occur again in the future one must have risk management strategies in place. According to the Risk Centric Threat Modeling: Process for Attack Stimulation and Threat Analysis Tony Uceda Velez and, Marco M. Morana state, “A risk management strategy of the company can be proactive or reactive depending on the culture and appetite of the risk (Morana Marco M, 2015, p. 66).”
One must first focus on the problem as soon as it has occurred. Secondly how severe was this companies security impacted such as the security of the incident data breach. A full investigation on the severity of this incident and the measures of all the damages has to be made.
An action plan is to take place by suspending any accounts associated with the threats to this company, such as credit cards, and or blocking credentials



Cited: Coombs, W. T. (2007). PSI Handbook of Business Security. James M. Stewart, M. C. CISSP- Certified Information Systems Security Profession Study Guide (Vol. 6th ed). Lobel Mark, G. L. (n.d.). Retrieved from www.pwc.com/giss2012. Morana Marco M, T. U. (2015). Risk Centric Threat Modeling: Process for Attack Stimulation and Threat Analysis.

You May Also Find These Documents Helpful

  • Good Essays

    Risk Threat Vulnerability

    • 719 Words
    • 3 Pages

    Qualitative Risk Assessment for an IT Infrastructure Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Define the purpose and objectives of an IT risk assessment * Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure * Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template * Prioritize classified risks, threats…

    • 719 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Project Part 3: Identify Risk, Threats, and Vulnerabilities Some risks that I have identified are social engineering techniques due to the excessive trust given to messages coming from friends, contacts or followed people within the OSN(Online-Social Network) identity theft and information leaking furthermore, spam sending and malware distribution through Social Networks are increasing at an incredible pace. They are not the only threats. Within the World Wide Web, social network is becoming the…

    • 526 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Jeramie Feenstra Richard De La Cruz Window 7 vulnerabilities Local Security Authority Subsystem Service There is a recently discovered vulnerability in the Local Security Authority Subsystem Service which can cause a denial of service attack if a hacker sends a packet containing malicious files during NTLM authentication. NTLM protocol refers to the Windows NT LAN Manager which is used to authenticate logons to PCs that are connected to the network. The security update provided by Microsoft includes…

    • 2361 Words
    • 7 Pages
    Powerful Essays
  • Good Essays

    Assignment 1 Threat: An unauthorized employee tries to access data that is hosted on the server. Vulnerability: The organization does not use authentication and access controls. Likelihood: The likelihood is very low, depending on the organization and its budget. For the most part, most organizations have IT specialists that are tasked to keep everything on the network secure. In the government most all data is protected by multiple forms of security. LAN DOMAIN: Weak passwords could be…

    • 614 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Malicious Attacks, Threats, and Vulnerabilities Identifying Potential Malicious Attacks, Threats, and Vulnerabilities As a videogame development company, the network currently set is a sound system. However, security concerns are always present in an ever-changing technology. With 100 desktop / laptop computers connected to one server the potential threats and malicious attacks are a possibility. This report will analyze, identified and assess the potential impact of all vulnerabilities and malicious…

    • 1074 Words
    • 5 Pages
    Better Essays
  • Satisfactory Essays

    Lab 1 Identify Threats and Vulnerabilities in IT Infrastructure Denise Clark, Joseph Huiet, Anthony Brown, Orlando Rodriguez, Niko Budworth, Cory Mooney, Armando Rocha, Denny Hoang Risk – Threat – Vulnerability Primary Domain Impacted Unauthorized access from public internet WAN User destroys data in application and deletes all files System/Application Hacker penetrates your IT infrastructure and gains access to your internal network LAN Intra-office employee romance gone bad User Fire destroys…

    • 454 Words
    • 3 Pages
    Satisfactory Essays
  • Best Essays

    Cloud Computing Threats and Vulnerabilities University of Maryland University College Table of Contents I. Introduction: What is cloud computing and why is it important? II. What are Cloud Computing’s Threats and Vulnerabilities? III. Threat/Vulnerability Occurrence Likelihood, Risk Reduction and Customer Satisfaction A. “Abuse and Nefarious Use of the Cloud” / “Session Riding and Hijacking” B. “Insecure Interfaces and APIs” / “Virtual Machine (VM) Escape”.…

    • 2426 Words
    • 10 Pages
    Best Essays
  • Good Essays

    Risk assessment is an important step towards securing the system and making sure that it is protected from all angles. There are many vulnerabilities and threats out there nowadays that one has to make sure to take the risk management process is taken into careful consideration. The reason we need this, is to be able to provide a safe and quick service to customers with total peace of mind. Wells Fargo deals with an abundance of sensitive private customer data that it needs to make sure that it is…

    • 129 Words
    • 1 Page
    Good Essays
  • Satisfactory Essays

    John Moura Chapter 2: Planning for Security Review Questions 1. Describe the essential parts of planning. How does the existence of resource constraints affect the need for planning? Answer: Organizational planning, described below, and Contingency planning, which focuses on planning or unforeseen events. Organizations must be able to forecast their needs relative to available resources as best they can to insure best decision making. 2. What are the three common…

    • 945 Words
    • 4 Pages
    Satisfactory Essays
  • Satisfactory Essays

    1. An example of a HIPPA privacy violation would be a breach of information from the Healthcare organizations servers. This particular breach would impact the System/Application Domain. A hacker can penetrate a vulnerable system and retrieve patient information such as SSN, DOB, and even credit card payment information. 2. Threats and vulnerabilities: a. User Domain – Unauthorized access to organization owned workstations b. Workstation Domain - User downloads an unknown e-mail attachments c. LAN…

    • 465 Words
    • 2 Pages
    Satisfactory Essays