Maria A. Tisdale
Professor Robert Whale
December 1, 2014
Identifying Potential Risk, Response, and Recovery
The CIO has requested that we follow up with a plan that is detailing a strategy for addressing all risks identified in the previous research. This plan needs to identify controls in administration, preventative, detective and corrective. With this data, the business will be able to mitigate each risk that we identified earlier. The following paper will explain the approach to correcting the various malware.
The three malicious attacks and threats that are identified from the previous investigation are called man in the middle (MITM), Denial of Service (DoS) and advanced persistent threats (APT). These three malicious attacks and threats not only expose the company to risk but can avoid the proper tools and training. An MITM is very dangerous to any company because data sent over a network, and the MITM threat can intercept this data. This information is then sent to the receiving individual after the MITM has reviewed or changed the data from the sender. In order to avoid the risk, you can receive help with decryption. Data in plain text is easily sniffed out or stolen; data sent over a network that encrypted is only readable by the sender and receiver if the proper decryption tools are present. Both parties will avoid the risk altogether with encryption.
A strategy to use against a Denial of Service (DoS) attack would be risk acceptance. Customers and company employees utilize the company’s website on a day to day basis, without a functioning website revenue will be lost. Because a DoS attack can make a business’s website unserviceable, the company will have to take into account this factor while the site is accessible to the public. Risk avoidance and risk assignment cannot be utilized in this situation because the site has to be up and running for customers and employees