Security risk managment

Topics: Access control, Computer security, Authentication Pages: 7 (1230 words) Published: July 14, 2014


Analysis and explanation of the threat and vulnerability pairs and their likelihood of occurrence. The chart explains the aspects of the vulnerabilities and threats. b\Because we have no data on these threats on the amount of occurrences we cannot assign an impact rating or a probability rating in which is high medium an low (reference page 121 of book) Vulnerability

Threat
Probability
Impact
Suggested Mitigation Steps
Lack of network security controls
Denial of service attacks
High
High
Enforce security controls
Unencrypted data
Eavesdropping and Interception of data
Low
High
Enforce security controls
Insufficient patch management
Exploiting weaknesses
Medium
High
Enforce security controls
Weak Passwords
Unauthorized system access
Low
High
Enforce security controls
Insufficient backups
Unrecoverable data due to natural or human error
High
High
Sufficient back ups training
Lack of user monitoring
Unauthorized users performing access to sensitive data
High
High
Monitoring control software
Lack of logging and monitoring controls
Unchecked data viewing or alteration
Low
High
Enforce security controls
Monitoring control software
Insufficient media encryption
Theft leading to unauthorized access to sensitive system data in media Low
High
Access controls implemented
Lack of Anti-virus and Malware Prevention
System data loss
Low
High
Employ software security
Untraceable user actions due to generic accounts
Denial of user actions or activity
Low
High
Employ software security
Poor file management
Files could be placed in unsecure location on drive
Low
Low
Training software management
Weak policy control
Users could get away with an unsafe action
Low
High
Access control
Lack of network monitoring
Attacks on network and poor service
Low
Medium
Software monitoring
Poor implementation of security protocols
System breach and unauthorized access of network
Low
High
Training on protocol implementation and monitoring of implementation of protocol’s Lack of email security
Malicious website link gets opened
High
High
Training up graded email service
Lack of network security controls
Sniffing or eavesdropping
Low
High
Training and increase security controls
Lack of network security controls
Spoofing/hide one's true identity on the network
High
High
Training and increase network security
Host threats
Viruses, Trojan horses, and worms designed to perform malicious acts High
High
Training software upgrade patches
Threats by Application/Authentication
Network eaves dropping; brute force attacks; credential theft High
High
Training software upgrade patches
Authorization
Data Tampering unauthorized modification of data
Low
High
Access controls
Configuration Management
Unauthorized Access to Administration Interfaces
Low
High
Access controls
Sensitive Data
Attacks that attempt to view or modify sensitive data
Low
High
Software and monitoring Access controls
Session Management
Session Hijacking attacker uses network monitoring to capture the authentication token Low
High
Software alerts set encryption of software upgraded software access controls to monitoring Cryptography
Poor key generation or key management/attackers can decrypt data Low
High
Updated key encryption
Parameter manipulation
Query String Manipulation users can easily manipulate the query string values Low
High
Access controls
Exception Management
Attackers reveals implementation details
Low
High
Access controls
Auditing and logging
Users denies performing an operation or initiated a transaction Medium
High
HR/ documentation training bio metrics
Media Failure
Storage Media that stops retaining stored information in a retrievable/intact manner Low
Low
Back up with renewable updated materials
Communications Failure / Overload
Communications facility that...


References: Darill Gibson 2011,Managing Risks in Information systems, retrieved July 8, 2014
Stevens, Kyle W. (2009). How to format an APA College Paper, Helpful Templates, Retrieved
15 Jan 2012
Natalie Goldberg, Pen, Paper and the Mind Writer, Sep 2003, Vol. 116 Issue 9, p17, 2p
Retrieved February 21, 2012
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Essay about A Risk managment
  • risk managment Essay
  • Essay about security
  • information systems risk and security Essay
  • Risk And Quality Managment Assessment Essay
  • risk Essay
  • Security Risk Management Essay
  • Network Security Essay

Become a StudyMode Member

Sign Up - It's Free