Information Security Threat, Risk Factor & Reason

Anonymous
timer Asked: Feb 3rd, 2019
account_balance_wallet $10

Question Description

Use the uploaded excel sheet to handle 24 weakness in the sheet and add 6 more from your side. (Make it total 30).

Should fill the Weaknesses listed in excel sheet (Check attachment).

Complete the Excel-Sheet all columns (Risks, Threats, Countermeasures and Risk Factor & Reason).

Unformatted Attachment Preview

Student Name: ISOL 533 Weakness Violates a policy or procedure Threat What is the danger that exploits Office areas unlocked after everyone left for day 1 Employee taped password to screen 2 LAN/WAN UPS not operational 3 Regular Firewall maintenance not conducted 4 SysAdmin has little-to-no security awareness training 5 Servers does not contain latest patches 6 Databases/systems not backed-up 7 Computer always left loggedin 8 Computer login shared by everyone 9 Employee uses a very simple password Risk Countermeasure Risk Factor & Reason What ASSET could be lost (qualitative/quantitative) How can it be safeguarded “1” Critical: impacts company viability “2” Major: impacts asset or IT infrastructure “3” Minor: impacts productivity / availability the weakness Janitors or others having access to the Client records left out in the Ex1 building after hours can gain access to office after hours files in the cabinets EX2 1 of 3 Visitors and others can gain access to office areas without being seen a. Client sensitive information to include social security numbers can be stolen and used to open new accounts. b. Client financial account numbers can be obtained and finances can be stolen. c. Negative publicity can impact company's reputation. 1. Enforce policies requiring client records to be stored securely. 2. Discipline employess who left records out. a. Company assets can be stolen or vandalized b. IT infrastruture can be destoyed c. File cabinets can be broken into and client files can be stolen or destroyed d. Negative publicity can impact company's reputation. 1. Enforce policies requiring securing "1" (company may have to pay penalities offices. for each incident; negative publicity could 2. Discipline employess who left offices destroy company's reputation) unlocked. "2" (stolen company assets and destroyed 3. Add contact information to office IT Infrastructure must be replaced) entryways so janitors or others can call to "3" (stolen files must be replaced) report unsecured offices. "1" (company may have to pay penalities for each incident; negative publicity could destroy company's reputation) "3" (stolen files must be replaced) Student Name: ISOL 533 Weakness Violates a policy or procedure 10 InfoSec audits not conducted Employees using personal 11 laptops to do corporate business 12 Client files left out on the desk overnight 13 Client personal data shared with everyone via email 14 Password hasn't been changed in over a year 15 Office left unlocked during lunch/breaks and overnight 16 Retired employee able to login 17 Inventory control and access control policies not followed 18 Record cabinets cannot be locked or are left unlocked 19 Computers do not have latest software patches Unauthorized software 20 discovered on corporate computers 21 Default password still being used 22 Laptops with sensitive data not encrypted 23 Master login created by IT and used by offices Threat What is the danger that exploits the weakness 2 of 3 Risk Countermeasure Risk Factor & Reason What ASSET could be lost (qualitative/quantitative) How can it be safeguarded “1” Critical: impacts company viability “2” Major: impacts asset or IT infrastructure “3” Minor: impacts productivity / availability Student Name: ISOL 533 Weakness Violates a policy or procedure 24 25 26 27 28 29 30 Users can download data to USB drives Threat What is the danger that exploits the weakness 3 of 3 Risk Countermeasure Risk Factor & Reason What ASSET could be lost (qualitative/quantitative) How can it be safeguarded “1” Critical: impacts company viability “2” Major: impacts asset or IT infrastructure “3” Minor: impacts productivity / availability ...
Purchase answer to see full attachment

Tutor Answer

Tutortitus
School: Cornell University

Hello, attached is the complete work. Thank you

Student Name:

ISOL 533

Threat
What is the danger that exploits
the weakness

Risk
What ASSET could be lost
(qualitative/quantitative)

Countermeasure
How can it be safeguarded

Risk Factor & Reason
“1” Critical: impacts company viability
“2” Major: impacts asset or IT
infrastructure
“3” Minor: impacts productivity /
availability

Weakness
Violates a policy
or procedure

Janitors or others having access to the
Ex Client records left out in the
building after hours can gain access to
1 office after hours
files in the cabinets

a. Client sensitive information to include
social security numbers can be stolen and
used to open new accounts.
b. Client financial account numbers can be
obtained and finances can be stolen.
c. Negative publicity can impact company's
reputation.

1. Enforce policies requiring client records "1" (company may have to pay penalities
to be stored securely.
for each incident; negative publicity could
2. Discipline employess who left records
destroy company's reputation)
out.
"3" (stolen files must be replaced)

EX Office areas unlocked after
2 everyone left for day

a. Company assets can be stolen or
vandalized
b. IT infrastruture can be destoyed
c. File cabinets can be broken into and
client files can be stolen or destroyed
d. Negative publicity can impact company's
reputation.

1. Enforce policies requiring securing
"1" (company may have to pay penalities
offices.
for each incident; negative publicity could
2. Discipline employess who left offices
destroy company's reputation)
unlocked.
"2" (stolen company assets and destroyed
3. Add contact information to office
IT Infrastructure must be replaced)
entryways so janitors or others can call to
"3" (stolen files must be replaced)
report unsecured offices.

Visitors and others can gain access to
office areas without being seen

Anybody can access and see the
employees password without their
authorization

1

2

a. Client personal information can be
accessed and stolen
b. Clients
financial information can be accessed
stolen and later used to steal from them
Employee taped password to
c. Sensitive company data can be accessed
screen
and stolen or altered to make it harmful or
useless to the company'soperations and
functions d. Malware and unauthorized
software can be installed on the
employee's computer that can cause
Operations performed over the network a. Exchange of information over the
will not be done as required
network will not be possible hampering the
company's operations
b. Employee's will not have access to
LAN/WAN
emails, memos and other information that
UPS not operational
require a network to generate and access
c. Communication within the preventing
will be crippled preventing proper
functioning and may bring all operations to
a halt
Employees, hackers and unauthorized
a. Sensitive information guarded by the
websites can use unresolved
firewall will be accessible and may be
vulnerabilities in the firewall tobypass it stolen or altered to make it harmful or
and access the system or unauthorized
useless to the organization
Regular Firewall
information or websites
b. Malware may be installed into the
maintenance not conducted
company system undetected and cause
damage to the system, hamper its
operation, steal data or shut down the
entire system
c. Employees will be
able to access unauthorized websites and
Security threats can occur easily without a. Security threats to the company can
hindrance or any preventive measures to occur without prevention due to lack of
avert them
skill and awareness by the System
Administrator
b. Lack of
SysAdmin has little-to-no
training will mean the security policies
security awareness training
developed by the company will be
inadequate to address security challenges
and threats it may face
c.
Company information will be at risk of
theft and alteration as a result of poor
Unauthorized personnel can hack the
a. Data stored in the company servers can
server or damage it by taking advantage be stolen or altered by taking advantage of
of the lack of up to date patches
the lack of updated patches
b. Server security quality and capabilities
Servers does not contain
will be limited as a resultof lack of latest
latest patches
patches
c. Servers will be vulnerable
to hacks and malware that can damage its
operation and data integrity

1. Make it policy for employees to keep
their passwords secret
2.
Provide secure files for employees to
store their passwords for future reference

1. Enforce LAN/WAN maintenance
polices and procedures
Set up a back-up LAN/Wan and UPS

"1" (company may have to pay penalities
for each incident; negative publicity could
destroy company's reputation)
"3" (stolen files must be replaced)

"1" (company may have to pay
2. additionally for poor networking service)
"2" (company networking assests must be
maintained)
"3" (damaged equipment must be
replaced)

1. Enforce policies requiring constant
update and maintenance of the firewall
2. Assign employees to handle the
maintenance of the firewall

"1" (company may have to pay penalities
for incidence of insecurity and negative
...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors