Colorado State Risk Assessment Report for Intellectsoft

User Generated

pbank9979

Other

CSU Global

Description

The objective of this assignment is to develop a Risk Assessment Report for an organization including companies and government agencies.

You will conduct the analysis using only public information from the internet, organizational and news reports, journal articles, etc., and information based on judicious, believable extrapolation of that information. Consider the organization’s information assets (computing and networking infrastructure), vulnerabilities, and legitimate threats that can exploit those vulnerabilities.

There is a wealth of business-oriented and technical information that can be used to infer likely vulnerabilities and assets for an organization. It is recommended that students select their organizations based at least in part on ease of information gathering, from a public record perspective.

Instructions

(NOTE: You will complete steps 1 and 2 by the end of Week 4 to submit as the Portfolio Project Milestone.)

  1. Select an organization that has sufficient publicly available information to support a reasonable risk analysis, particularly including threat and vulnerability identification.
  2. Create an organization profile that includes:
  • Name and location
  • Management or basic organization structure
  • Industry and purpose (i.e., the nature of its business)
  • Financial information, standing in its industry, reputation
  • Relevant aspects of the company/organization’s computing and network infrastructure

Note: Do not try to access more information through Social Engineering or through attempted cyber-attacks or intrusion attempts. This is a look at how readily available information might be used from a risk management perspective.

  1. Conduct the analysis using the National Institute of Standards and Technology (NIST) Risk Management Guide for Information Technology Systems (Links to an external site.)Links to an external site..
    1. Focus on identifying threats and vulnerabilities faced by the organization.
    2. Based on the threats and vulnerabilities, determine the likelihood and severity of impact that would occur should each of the threats materialize. This should produce a listing of risks, at least roughly ordered by their significance to the organization.
    3. For the risks you have identified, suggest ways that the subject organization might respond to mitigate the risk.

Your well-developed report must meet the following requirements.

  • Include 15 to 20 pages, not including the cover page and reference page.

Unformatted Attachment Preview

Running head: THREAT ASSESSMENTS AND RISK ANALYSIS Threat Assessments and Risk Analysis Colorado State University (Global) John Cohan February 20, 2019 1 THREAT ASSESSMENTS AND RISK ANALYSIS 2 Intellectsoft is both software development and digital transformation Consultancy Company that offers state of the art engineering solutions. The company headquarters are located in Palo Alto, California. It helps global companies and enterprise clients solve complex problems that arise during their day to day operations. Since its establishment in 2007, the company has been a visionary and reliable software engineering enterprise for high-class brands. The company helps through the creation of impactful digital engineering products centred on the current technologies. Their mission is to primarily accelerate the adoption of new technologies during digital evolution, and ongoing innovation for other companies. Intellectsoft has a local and wide area network that cover the various branches that have remote access for its employees and clients. The company has a diverse computing environment with numerous standards in place that includes physical infrastructure such as workstations and device OSs like Microsoft Windows, Mac and Linux. The company has data centers in operation at the various branches. The main data center is located in Palo Alto, California and is utilized as the primary company data center for the official company email, file sharing and database as well as intranet web servers. It is also used for heavy performance computing and application development servers as well as video-conference solutions. Since the company is rapidly growing, it has the potential to experience a significant loss of proprietary data stored electronically in their main office database. The loss of data may result from intrusion attack or deliberate deletion of company data by systems admins. In addition, the company may face the threat where their global partners’ websites may be defaced with irrelevant content. THREAT ASSESSMENTS AND RISK ANALYSIS References Allen, G., & Derr, R. (2016). Threat assessment and risk analysis: An applied approach. Waltham, MA: Butterworth-Heinemann Broder, J. F., & Tucker, E. (2012). Risk analysis and the security survey. Waltham, MA: Butterworth-Heinemann. 3
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hey am through. Everything is attached. Thank you

Running head: RISK ASSESSMENT REPORT FOR INTELLECTSOFT

Risk Assessment Report for Intellectsoft
Institution
Instructor Name
Date

1

RISK ASSESSMENT REPORT FOR INTELLECTSOFT

2

1. Introduction
Intellectsoft will utilize risk assessment to establish the extent of the possible threats and
risks related to the company’s network and information systems. The results of this exercise aids
in determining that proper controls for minimizing and eradicating risks in the risk mitigation
activities. The occurrence of risks depends on the likelihood of a particular source of threat
causing a vulnerability within a system whose impact adversely affect the company. In order to
establish the likelihood of an adverse event in the company, all threats to the company’s IT
system need to be analysed together with the possible vulnerabilities as well as the controls put
in place (Kouns & Minoli, 2011).
The risk assessment for Intellectsoft will entail numerous phases like characterization of
the systems, threats and vulnerabilities identification, analysis of security controls, determination
of the likelihood of risks, analysis of risk impacts, determination of risks and recommendations
on controls to implement.
1.1 Purpose
The purpose of the risk assessment is to give Intellectsoft IT system administration an
evaluation on the sufficiency of the existing IT security measures that secure the company’s
information assets. The report determines all threats and vulnerabilities in the company’s IT
system and reviews the likelihood that a particular vulnerability has chances of being exploited
as well as assess their impact by determining the overall risk level.
1.2Scope
The risk assessment exercise will cover the physical security reviews of the company’s IT
infrastructure. It will cover the data centres the General Support System situated in the
company’s headquarter offices and the company’s backbone network.

RISK ASSESSMENT REPORT FOR INTELLECTSOFT

3

2. Identification of Threats
Identification of threat source
A threat source refers to scenarios or events that have the capability to cause damage to
IT infrastructure and systems. Threat sources are classified as natural, human and environmental
categories.

Natural threats are caused by natural occurrences like earthquakes, floods and

tornadoes while human threats are events caused by humans intentionally or deliberately. For
example, inadvertent data entry, malicious software upload, unapproved access to private data
and network oriented attacks. The environmental threats may include persistent power failure
and leakage from drainage (Broder & Tucker, 2012).
3. Identification of Vulnerabilities
Threat analysis of the IT system for the organization would entail vulnerabilities analysis linked
with the IT system settings. These weaknesses may be found in the IT system architecture,
design or in the company policies, procedures and practices as well as in the management of the
IT infrastructure (hardware, software, data and facilities).
Threats and Potential Impacts

RISK ASSESSMENT REPORT FOR INTELLECTSOFT
Threat source

4

Description

Impact/threat action

Faulty electrical circuits may cause an accidental

DOS (Denial of

fire that could destroy the company’s IT system

Service)

equipment or IT facilities

Damage

Leaking drainage system may damage

DOS

Intellectsoft IT infrastructure and other system

Damage

Natural threats
Fire

Water Damage

components.
Natural events

All kinds of natural events like earthquakes,

DOS

hurricanes and tornadoes may cause destruction

Damage

or affect Intellectsoft IT infrastructure

Unapproved data
alteration
Data Leakage

Human threats
Espionage,

Espionage refers to a deliberate action of

DOS

Sabotage and

acquiring company’s confidential data. Sabotage

Damage

Vandalism

refers to a planned damage or malicious

Unapproved data

alteration of information assets for personal gains

alteration

while vandalism is a deliberate damaging of the

Data Leakage

company’s system resources without a clear goal.
Loss of Data

Intentional modification of system data affecting

Unapproved data

Integrity

its integrity

alteration

Theft or Pilferage

Theft refers to the illegal removal of the

DOS

organization’s computer hardware or media.

Data Leakage

Pilferage refers to the illegal removal of company
property by employees with access permission to
the property.

RISK ASSESSMENT REPORT FOR INTELLECTSOFT

5

Utilization of the company IT systems by

Unapproved data

authorized employee for illicit monetary gain.

alteration

Malicious program

Malicious applications like viruses or worms can

DOS

code

infiltrate the company’s IT systems and cause

Damage

data damage or alter the normal functioning of

Unapproved data

software.

alteration

Fraud

Data Leakage
End user

Unpremeditated administrator and user errors

omissions or errors may cause improper modification on applications
and support system modules.

DOS
Damage
Unapproved data
alteration
Data Leakage

Information

This is also referred to as browsing which is

Disclosure

deliberate unauthorized access to private data by

Data Leakage

intruders or by employees with access credentials
but without the need to read them.
Eavesdropping/

This is a deliberate unauthorized access to private Data Leakage

data

data via technical methods such as

interception

sniffing/interception or by employees with some
access credentials/privileges but without the need
to read them.

Hacking or Social

Hackers may deliberately modify software

DOS

Engineering

applications and bypass the set system security

Unauthorized alteration

controls, alter data and lead to denial of service

Unapproved

while social engineering refers to the activities

leak/exposure

where the hacker collects data from the system
user to propagate his/her actions of altering or
manipulating the IT system.
Physical Threats

RISK ASSESSMENT REPORT FOR INTELLECTSOFT

6

Hardware or

Computer hardware may break down or

DOS

Equipment Failure

malfunction leading to denial of service to the

Unapproved data

system users. Unauthorized modification of

alteration

hardware configuration leads to inadequacy of

Data Leakage

the set security configuratio...


Anonymous
This is great! Exactly what I wanted.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags