To: Jude Symonds, System Administrator
The following chart is a risk management assessment of our company. It will list some of the threats, where the vulnerability might be, the impact it might have, where the possible threat might take place, and possible mitigation steps to take. After the chart, I will explain which risk technique to use for each of the threats.
Threats | Vulnerability | Impact | Point of Threat | Mitigation |
An Unauthorized employee trying to access data. | No authentication and access controls are put in place. | Sensitive information could be loss or stolen. Information could be leak out. | Salespersons in every state. | Implement both authentication and access control. |
DoS or DDoS attack | Public-facing servers not protected with firewalls and intrusion detection systems | Loss of services and data. | The Three servers. Active Directory, application, Oracle database. | Implement firewalls. Implement intrusion detection system. |
A social engineer tricking an employee into revealing a secret. | Users aren’t adequately trained. | Passwords could be revealed, attacker could use password and gain access to the network. | Any employee at Yeildmore. | Provide training, raise awareness through e-mails and mini-presentations. |
Fires | Lack of fire detection and suppression equipment. | Can be a total loss of business. | At the Production facilities, Headquarters | Install fire detection and suppression equipment. Purchase insurance |
Any types of malicious software, such as viruses or worms, enter the network. | Antivirus software is not up to date. | Malicious software could be installed on systems which could result in loss of confidentiality, integrity, or availability. | Could be any nodes on the network | Turn on automatic update and have it be done at least once a week. |
Data Loss | Data is stored locally on an attached storage. | Equipment failure, Loss of confidentiality, integrity, availability. | The...