paper 4
KevinLiang
Paper4.zipPaper4/HealthCare Risk Matrix2.xlsx
Sheet1
| Likelihood of Occurrence | |||||||
| Event is expected to occur and is understood | Almost Certain | 5 | 5 | 10 | 15 | 20 | 25 |
| Event is reasonably expected to occur and is understood | Likely | 4 | 4 | 8 | 12 | 16 | 20 |
| Event should occur at some time but not expected | Moderate | 3 | 3 | 6 | 9 | 12 | 15 |
| Event could occur and should be rare | Unlikely | 2 | 2 | 4 | 6 | 8 | 10 |
| Event occurrence would be an exceptional circumstance | Remote | 1 | 1 | 2 | 3 | 4 | 5 |
| Rating | 1 | 2 | 3 | 4 | 5 | ||
| Impact | Type of Harm | Insignificant | Low | Medium | High | Critical | |
| Patient Care | Impact would result in inability for physician to concurrently access and update medical records on patients for brief period. | Impact would cause a physician to diagnose and treat a new patient without a complete record. | Impact would impede physician's ability to diagnose or read a patient's chart, which could delay care or cause improper care to a patient. | Prolonged event would impact nurses and dialysis technicians ability to deliver the correct treatment or pharmaceuticals to the correct patient. | Impact will cause the nurses and technicians to provide inaccurate treatment resulting in a sentinel event. | ||
| Patient Community | No impact to satisfaction or retention. | Minor negative impact to satisfaction or retention. | Moderate negative impact to satisfaction or retention | Serious negative impact to satisfaction or retention. | Severe negative impact to satisfaction or retention. | ||
| Regulatory | No legal, regulatory impact and no anticipated reimbursement moratoriums, or regulatory actions, or loss of certification. | Minor legal, regulatory impact and limited anticipated reimbursement moratoriums, or regulatory actions, or loss of certification. | Moderate legal, regulatory impact and moderate anticipated reimbursement moratoriums, or regulatory actions, or loss of certification. | Serious legal, regulatory impact and significant anticipated reimbursement moratoriums, or regulatory actions, and potential loss of certification. | Critical legal, regulatory impact and substantial anticipated reimbursement moratoriums, or regulatory actions, and/or loss of certification. |
Sheet2
Sheet3
Paper4/Paper3.docx
The task: Progress your Module 7 write-up to include a vulnerabiltiy analysis
You have provided insight into your organization. You have described it. You understand the essential business function of your organization. Somewhere in the past two papers (the context and threat analysis), I hope you have called out and introduced what business aspect is important to the company.
You have utilized the context to identify and explain three cybersecurity threats that are significant to the organization.
Well, threats exploit vunerabilities. It is now time to add to your paper. You will identify three potential vulnerabilities in your organization that the threats could exploit that could cause significant harm to the organization. When you mention the vulnerabilities, you will make sure the reader understands which specific threat of the three earlier noted could exploit the potential vulnerability.
I highly advise that you go to the lesson we had on vulnerabilities and extract relevant vulnerabilities that a threat could exploit from there. If you have two or more threats that exploit the same vulnerability (e.g. maybe something like system configuration), ensure you explain enough in your analysis how the system configuration vulnerability is exploitable specifically for each particular threat. There will be a difference, even if the vulnerabilities are of the same category.
You will provide backup to your main point and analysis through reference to external sources. You will cite those sources. You will ensure they are properly referenced at the end of your paper. You will ensure any reference at the end of the paper is also cited in your paper.
You will modify your introduction from the first and second paper to let the reader know that your paper does an inventory of various relevant aspects of your organization and then examines threats and the potential vulnerabilities that those threats could exploit that could cause significant harm to your organization.
Summarize the paper in a paragraph. Reintroduce the highlights of the introduction, reintroduce the main context points that are relevant, summarize the relevant threats and vulnerabilities. Do not introduce new concepts or make some new “point” in the summary.
All the guidance from the Lesson 2 paper assignment ("Identify and Inventory the Organization") and the Lesson 7 paper assignment ("Threat Analysis") pertains, even if not explicitly called out in this assignment.
Writing is to be submitted in Word in APA format. Data that is extracted from external resources and used in your document must be referenced both inline and at the end. If there is an inline resource, it must be referenced. If you have a reference, it must be cited in the paper.
Last Paper professsor comment
Good threat analysis. My concern that I had in the first paper and that I wrote you about kind of became real. You definitely looked at this differently and it caused just a bit of scope creep in your analysis. In one place, you did a risk assessment and not a threat analysis. You need to adjust your first "threat". The risk thing you did. Else your next paper won't work. You won't be able to match a vulnerability to your threat.
Rubric
Written Assignment Vulnerability Analysis
|
Written Assignment Vulnerability Analysis |
||||||
|
Criteria |
Ratings |
Pts |
||||
|
This criterion is linked to a Learning OutcomeStyle and Professionalism APA format. Supports statement of fact with appropriate inline references. References annotated properly at end. Paper lives on its own. Reader is presented with what the paper will discuss early on. Proper use of neutral voice. Very well organized, keeping the reader aligned with the points the author intends to make. |
|
20 pts |
||||
|
This criterion is linked to a Learning OutcomeContent Student leverages the information from the context earlier established to identify relevant and meaningful vulnerabilities associated with earlier-identified threats to that portion of the organization. The vulnerability is appropriate, it is identified, the case for that vulnerability being significant is supported and justified in the document. |
|
80 pts |
||||
|
Total Points: 100 |
Paper4/Paper4.docx
HealthCare Risk Matrix2.xlsx download The task: Progress your Module 11 write-up to suggest a risk measurement model/risk matrix
You have provided insight into your organization. You have described it. You understand the essential business function of your organization. Somewhere in the past two papers (the context and threat analysis), I hope you have called out and introduced what business aspect is important to the company.
You have utilized the context to identify and explain three cybersecurity threats that are significant to the organization.
You have identified vulnerabilities that are exploitable by those threats and explained why such would be significant to the organization.
Now, in the end, propose a risk measurement model/matrix and explain the attributes of the matrix. If you use a probability and impact, explain your reasoning behind the scales of probability and impact. If you use qualitative measurements for impact, describe your selection and why. It is ALWAYS important to tie the attributes of the matrix to the context of your organization.
You will modify your introduction from the third paper to let the reader know that your paper does an inventory of various relevant aspects of your organization and then examines threats and the potential vulnerabilities that those threats could exploit and concludes with the recommendation of a risk measurement model/matrix.
Summarize the paper in a paragraph. Reintroduce the highlights of the introduction, reintroduce the main context points that are relevant, summarize the relevant threats and vulnerabilities. Summarize the high points of your risk measurement model. Do not introduce new concepts or make some new “point” in the summary.
All the guidance from the Lesson 2 paper assignment ("Identify and Inventory the Organization") and the Lesson 7 paper assignment ("Threat Analysis") and the Lesson 11 paper assignment ("Vulnerability Analysis") pertains, even if not explicitly called out in this assignment.
Writing is to be submitted in Word in APA format. Data that is extracted from external resources and used in your document must be referenced both inline and at the end. If there is an inline resource, it must be referenced. If you have a reference, it must be cited in the paper.
For additional guidance, find the Lesson 17 Zoom Recording where this assignment is discussed.
Last paper Comments:
what is a malware-related vulnerability? What is a DoS vulnerability? You were supposed to identify the vulnerabilities exploited by your threat and not just call it a threat-related vulnerability. And you didn't even complete this paper.
Paper4/WellsFargo-1.docx
1
Running head: WELLS FARGO
7
WELLS FARGO
Wells Fargo
Zihao Dou
University of Washington Bothell
CSS310
04/23/2021
Wells Fargo
About the Company
Wells Fargo is a business that was set up in accordance to the laws in Delaware and its is a bank holding business that was incorporated under the BHC Act 1956 (Bank Holding Company Act. It acts as a principal for the subsidiaries that exist in different of the world. In other words, it is a parent company (Desai, 2019). In 2015, the business has assets that were valued at $1.8 trillion, equity worth $193 billion, deposits worth $1.2 trillion and loans worth $917 billion. Based on these figures, Wells Fargo is the third leading American company in the bank holding sector. The business had over 264, 700 full-time and active team members.
A brief description of the business focusses on the general aspect and the competition. Wells Fargo is a diversified business that offers financial services to the global market. It offers corporate, commercial and retail banking services through a wide range of distribution channels such as offices, banking stores and the internet. These channels target institutions, businesses and individuals in the US and across the globe (Desai, 2019). Additionally, the business offers a wide range of financial services through the subsidiaries that are involved in different sectors. The sectors include venture capital, investment advisory services, data processing brokerage, commercial finance, insurance agency, mortgage and wholesale banking. Notably, there are three major segments of the business that have been put in place for the easy management of the business. These include Community Banking, Wealth and Investment Management and Wholesale Banking.
The business operates in a competitive environment based on the fact that the subsidiaries compete with financial services providers including mutual fund companies, investment banks, insurance companies, finance companies, credit unions, banks and savings organizations. They also face a high level of competition from non-banking institutions such as online lending organizations, private equity companies and brokerage houses. It can be noted the most of the competitors face a lower number of regulations while compared to Wells Fargo. Securities and insurance companies that choose to become financial holding organizations acquire financial organizations. These arrangements have resulted in changes in the competitive environment. It is expected that the financial services sector will become increasingly competitive owing to the technological advancements that have taken place in the field. These technological changes could reduce the significance of financial intermediaries and depository institutions.
About Security Systems
Wells Fargo takes its data and that of its clients seriously as observed from the security measures that have been adopted by the business to address the existing and emerging threats. To start with, the company adopts appropriate identification measures to ensure that they communicate to the right individuals. When users sign up in the Wells Fargo website, they are requested to create a unique password and username and this data is encrypted. Further, the company utilizes advanced access which is a comprehensive security measure that bars unauthorized transactions and ensures the safety of the clients’ data (Desai, 2019). It follows that customers are needed to give an access code name that confirms the identity of the users in specific transactions. The company also sends an access code when one signs in. Customers offer the users comprehensive safety tips that ensure that the users are safe from cyber-crime.
Data protect is at the heart of the company’s operation. The first initiative that proves this is the round the clock fraud monitoring initiative (Desai, 2019). Customers are advised to contact the company if they detect any unusual activity. The business has come up with measures to address online fraud in a timely manner without asking for the users to give their personal information. For instance, customers are required to confirm their identity before their online access can be restored.
The company provides browser and encryption requirements. It follows that the Wells Fargo and Wells Fargo mobile banking sessions are all encrypted as a way of protecting customers’ data. the business also supports the browsers that follow encryption standards. It advises its customers to keep their mobile apps, malware elimination and antivirus programs up to date and retain security patches. On the other hand, outdated browsers are blocked as they can contribute to security risks (Desai, 2019). Account problems have also been found to be a critical area that is covered by the company’s security policy. It follows that any unauthorized activity is treated by the company under the Electronic Fund Transfer Act and federal law. The regulation covers all the funds that are transferred electronically using ATMs and debit and credit cards. The business provides zero liability protection which means that the debit and credit cards are covered by the system at no added cost. This means that individuals are not held responsible for any illegal transactions that are done using their cards as long as they are reported promptly.
Applications and Data
Companies in the modern times are dealing with a high volume of diverse data. The management understands that when data is structured effectively, it can be used as a catalyst for transformation. The business has been implementing data analytics and data that is aimed at fraud management and personalization. Prahalad Thota who is the Head of Enterprise Analytics & Data Science is the brain behind these initiatives. He believes that data can be used to make changes and maintain a high level of competitiveness in the business.
In the recent times, Wells Fargo has adopted a centralized approach that is focused on managing the data bank of all the function, products and business aspects. The company has organized a team that brings together the information that has been collected from diverse sources. Additionally, the business is keen on establishing the appropriate governance in regards to data management and storage. The team has shown its commitment on leveraging data for driving innovation. Wells Fargo has been investing in machine learning and artificial intelligence as a way of facilitating the customers. More importantly, the business is in the process of coming up with a data lake and come up with a strong data policy and system in all areas of the organization. The data analytics that have been put together by the business are applied for diverse uses. To start with, the data is used to determine how the company’s products perform in the market and the factors influencing their growth.
Market analytics is also utilized by the business to establish how the marketing of different products and services is being conducted in the market. It offers insight on the efficacy of the various marketing channels that are utilized by the organization. The third facet is risk analytics and the information is used to get a detailed examination of the performance of the products in the market. The business is also needed to conduct a high level of financial reporting and data analytics make the process easier. Wells Fargo utilizes the data available to come up with models that can be utilized in making future predictions. For instance, the business can establish the products that the customers will prefer in future. Overall, a lot of work in put into this and the business hires experts to come up with meaningful conclusions regarding data use.
Third Parties and Third-Party Services
Wells Fargo has shown that its main interest is ensuring that the customers needs are met adequately. The bank’s customers are now in the position to share their financial position utilizing and API the exists with more than fourteen hundred third part capabilities that apply Envestnet. This goes in line with the company’s plan to grant their customers freedom on how they deal with their financial information (Magana, 2020). The company has been planning to launch the experience with select app companies that work in collaboration with Envestnet. It is expected that the deal between Envestnet and Wells Fargo will pave the way for the entity to grow the Control Tower value. It follows that Control Tower paves the way for the business to centralize how customers access their account and cards information. On the other hand, it shows a lost of the merchants that have frequent transactions within one year.
The collaboration with Envestnet will result in an expansion in the control tower abilities that pave the way for the clients to allow or prohibit the third parties from accessing their financial details. Based on the past studies, organizing these resources in a single platform paves the way for improved customer satisfaction (Magana, 2020). The business has between working towards attaining frictionless links between third party financial apps. This will help the company grow its market share such as fintech in the light of the Covid-19 pandemic. The current crisis has caused consumers to get into a financial crisis that calls for the support of stable financial institutions such as Wells Fargo. A survey conducted in the recent times on the American consumers showed that a higher number of individuals are utilizing fintech apps. The company’s success is dependent on the collaborative efforts that it has put with the third parties that have enabled it to retain its relevance and significance in the market.
Threat Analysis
Wells Fargo Company
This business tends to focus on providing financial services to the global market. It provides banking services that are corporate, commercial as well as diversified in nature through a vast range of distribution channels. These channels tend to be inclusive of banking stores, offices, the internet, and many others. Moreover, the business has a major interest in making sure that the needs of its clients are met as per their desires. In addition to that, this company has adopted various proper identification measures for the purposes of ensuring communication with the right people. Wells Fargo aims at protecting the client's and company's data. This document will focus on examining the major potential threats with regards to the final discussed purpose. Threats pertaining to data protection in this financial business. A threat tends to be something that brings about damage once inflicted.
Threats
Global Operational Risks: The company tends to provide financial services globally. Globalization is an indication of the fact that this business operates internationally, across various state lines. In distinct towns possessing varying languages, rules as well as expectations. As a result, this leads to an increment of the operational size hence a rise in operational risk. Cybercriminals might target this particular financial sector hoping to obtain a larger monetary gain hence disrupting the data's integrity if the threat happens in a successful manner (Li, Yu & He, 2019).
DDoS Attacks: This is the distributed denial-of-service attack (Chadd,2018). They will slow down the company's website by making it unavailable to the client. This in turn disrupts the data's availability. These attacks might go a step ahead to silence the website hence interfering with the business flow of the company. Upon the website being silenced, clients will be unable to access the site in order to either transact, send or deposit. About ½ of the network downtime incidents will be brought about by these attacks which will as a result cost the business a lot of financial losses as well as damages with regards to reputation.
Insider Threats: This might take place in three different ways. The first is through malicious insider threats. For instance, this can occur as a result of disgruntled employees or those that might be in search of financial gain. The second one is through accidental insider threats whereby an employee can put the business at risk by mistake. The final one is credential theft. This can happen upon an individual stealing the credentials of an insider for the purposes of carrying out a security threat. All these ways contribute to the disruption of confidentiality with regards to the company's data (Xiangyu, Qiuyang & Chandel, 2017, October).
Summary
Wells Fargo is a company that tends to b financially oriented. It normally puts an emphasis on the provision of financial services to the market in global terms. It offers banking services through various distribution channels that tend to be inclusive of offices. In addition to that, this business aims at ensuring all the wants of a customer have been fulfilled diligently. In this paper, there is a focus on one of the company’s functions; data protection. A threat analysis has been performed whereby there has been an identification of three major types of threats that might be faced. These threats are inclusive of global operational risks, DDoS attacks as well as Insider threats. They all have their own distinct impacts on the company which brings about various effects in return. Global operational risks will tend to interfere with the data’s integrity, DDoS attacks will disrupt the availability of data while on the other hand, Insider threats will affect the confidentiality of the data.
Potential Risks Facing Wells Fargo
Introduction
Wells Fargo must recognize the threats to their activities. Potential challenges include local hazards, including fires and storms, alcohol as well as human-induced substance misuse, technological risks such as electrical failures, and financial risks, like the research and innovation investments (Bush, 2020).
Both organizations, from a wide range of outlets, face a relentless attack. This means the companies are not 100% shielded from constant attacks. The truth is that companies face multiple flaws or risks and that leaves them not in a position to avoid them all effectively. The below are the organization's flaws. Each organization, from several outlets, faces a relentless threat. This means that the company is not 100% protected from these constant attacks. The irony is that companies face multiple risks or challenges, and this makes them not in a position to mitigate them all successfully. These are the company's flaws.
Wells Fargo Employees
The organization's own workers are the greatest weakness or challenge. Most data violations can be traced back to such an employee of an organization, whether a mistake or attempt to a mishap. An organization's employees must not be able to use their rights for personal benefit. Employees play another immensely important role in getting attackers to enter the device, such as uploading the faulty file from an internet platform, sending the faulty people their user profile keys, or perhaps even clicking the incorrect key mostly on e-mails sent.
Wells Fargo Malware
New malware is constantly being developed. There are about 360,000 newer malware files per day, although all of them are actually older programs that have been reworked and modified to make them not recognized by the antivirus systems. Over the years, several types of malware, particularly trojans, worms, ransomware, have been developed.
Denial of Service in Wells Fargo
This is just an organization's security weakness. An attack by an attacker that is malicious is indeed a cyber-attack in which the targeted victims do not have a machine available, and the usual operation of the system ends up being interrupted. The intended computer is overwhelmed or exhausted by the request before usual traffic can indeed be handled, resulting in the service denial. The main goal for the DoS attack is to oversaturate the specific system capability, leading to the denial of service of some other additional requests. DoS costs the organization primarily both money as well as time as programs and infrastructure continue to be unavailable. Service denial takes place through several various methods. The most popular form of DoS is when data floods mostly on network servers.
The Risks of The Vulnerabilities in Wells Fargo
Wells Fargo Employees
Data violation in the organization is the danger associated with this vulnerability. An infringement of data includes the exposure of sensitive and secure company data. As the company handles confidential information such as credit card data, e-mails as well as passwords, the data infringement loses or stolen these sensitive data. The ISO 31000 series system for risk control is aligned with such a risk (Carley, 2004).
Wells Fargo Malware
A malware-related vulnerability is a danger to the credibility of the company. Constant threats by ransomware would make the organization’s network protection proactive. The malware attack can cause data leakage, downtime, or maybe just the two, and the company is unable to absorb the harm to its image on the market (Bush, 2020).
Denial of Service in Wells Fargo
The DoS vulnerability is a failure in which the organization's operating infrastructure is inaccessible.
References
Desai, V. J. (2019). Inside Wells Fargo’s data management system. Retrieved from https://cio.economictimes.indiatimes.com/news/strategy-and-management/inside-wells- fargos-data-management-system/71799797
Magana, G. (2020). Wells Fargo will enable customers to share financial data with third parties via Envestnet | Yodlee's platform. Retrieved from https://www.businessinsider.com/wells- fargo-ups-third-party-fintech-data-sharing-capabilities-2020-9?IR=T
Li, H., Yu, L., & He, W. (2019). The impact of GDPR on global technology development.
Chadd, A. (2018). DDoS attacks: past, present and future. Network Security, 2018(7), 13-15.
Xiangyu, L., Qiuyang, L., & Chandel, S. (2017, October). Social engineering and insider threats. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 25-34). IEEE.
Bush, L. (2020). Examining the Relationship Between Cybersecurity-Employee Vulnerabilities and Reduction of Security Breaches in Information Technology Organization (Doctoral dissertation, Colorado Technical University).
Carley, K. M., & Reminga, J. (2004). Ora: Organization risk analyzer. CARNEGIE-MELLON UNIV PITTSBURGH PA INST OF SOFTWARE RESEARCH INTERNAT.
Suryateja, P. S. (2018). Threats and vulnerabilities of cloud computing: a review. International Journal of Computer Sciences and Engineering, 6(3), 297-302.
