Full Soft Inc Information Security Risks Threats and Vulnerabilities Paper

User Generated

eorff757

Writing

Description

Introduction Contemporary organizations collect, store, and transmit a tremendous amount of highly sensitive data. Despite the many benefits that information technology offers, these systems are not completely secure. Proper controls must be put in place to mitigate security risks and protect vital business information.

Scenario Fullsoft, Inc. is a software development company based in New York City. Fullsoft’s software product development code is kept confidential in an effort to safeguard the company’s competitive advantage in the marketplace. Fullsoft recently experienced a malware attack; as a result, proprietary information seems to have been leaked. The company is now in the process of recovering from this breach.

You are a security professional who reports to Fullsoft’s infrastructure operations team. The Chief Technology Officer asks you and your colleagues to participate in a team meeting to discuss the incident and its potential impact on the company.

Tasks Prepare for the meeting by deliberating on the following questions:  How would you assess the risks, threats, and/or vulnerabilities that may have allowed this incident to occur, or could allow a similar incident to occur in the future?  What insights about risks, threats, and/or vulnerabilities can you glean from reports of similar incidents that have occurred in other organizations?  What potential outcomes should the company anticipate as a result of the malware attack and possible exposure of intellectual property?  Which countermeasures would you recommend the company implement to detect current vulnerabilities, respond to the effects of this and other successful attacks, and prevent future incidents?

Write an outline of key points (related the questions above) that the team should discuss at the meeting.

As a reminder, you may use the book for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work.


Project: Information Security

Page 2
Your Project should be submitted in the following format and style:  Format: Microsoft Word  Font: Arial, Size 12, Double-Space  Citation Style: APA format, see link https://owl.english.purdue.edu/owl/resource/560/02...  Length: 3–6 pages double space.  Due at the end of Module 7.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: INCIDENT AND ITS POTENTIAL IMPACT ON THE COMPANY

Incident and its potential impact on the company
Student name
Institutional Affiliation

1

INCIDENT AND ITS POTENTIAL IMPACT ON THE COMPANY

2

Incident and its potential impact on the company
Full Soft Inc. Information Security
Introduction:
Information technology is very important in storing, retrieving, transmitting and
manipulation of data in a company. There are many advantages of the information technology
but there is also risk attached to it. These systems need to be secure because there are high
threats involved in it. And the measures should be taken to get the security of the data of a
specific company, (Biscoe, 2017). These measures should be taken immediately to resolve the
issues. The company named as Full Soft, Inc. is an information technology company, in New
York City America. Being a security professional, it is required to inform the full soft
infrastructure team about the threats and the vulnerabilities. This essay will talk about the
incident and its potential impact on the company. To be detailed, the following questions will be
discussed:
QUESTION NO.1
Assessing the risks, threats, and vulnerabilities


Risk assessment is a very precise and structured procedure to analyze the risk and to take the
steps to minimize it. risk assess consist of many procedures for example:
Identification of risk:



Who are the main attackers?



What sort of attacks they are?



How many times they can attack?

INCIDENT AND ITS POTENTIAL IMPACT ON THE COMPANY


3

What will be the effects of attacks on the organizations?

Analysis of risk:


What will be the after-effects of the loss?



Are there any chances for this incident to happen again?

Evaluation of risk:


Who are the attackers?



Why they did so?



What will be the effects?



Is there any internal vulnerability or external vulnerability for the organization?



What will be the consequences of the loss if this happens?



And how many are the chances to happen again?

❖ Following are the more point to be taken under consideration while assessing the risk,
threat or vulnerability:


For the assessment of risk, there should be an assessment of the people of the
organization first.



There should be interviews, question-answer sessions to the employees, data owners and
managers.



Review the system and all the infrastructure of the organization.



Analyze the documentation and all the online record.



The valuable asset for example websites, partner documentation, client file, etc should be
checked.



In full soft company their company data was leaked and they still trying to fix it.

INCIDENT AND ITS POTENTIAL IMPACT ON THE COMPANY


4

For future incidents, the full soft company should analyze the previous factors and then
they should obtain the internal and external data and should consider the risks and threats
attached to it and then specific measures should be taken to control it.



Vulnerability is a known weakness that can affect the data. For example, if a person in
company leaves the organization but the organization does not change the login password
and details then this will become the vulnerability for that company and the threat are the
early signs of incident happenings.



Risk and threats can prove very fatal to the organization. So identification of the risk
factors is very important. If the risk factors are unknown one cannot step ahead for the
solution of the problem (Biscoe, 2017).



Risk=asset* threat*vulnerability
QUESTION NO 2
Insights concerning risks, threats, and vulnerabilities

The full soft company should be careful about the following thin...


Anonymous
Super useful! Studypool never disappoints.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Related Tags