Framework Compliance Assessment Report
Running Head: RISK ASSESSMENT SUMMARY 1
RISK ASSESSMENT SUMMARY 4
Risk Assessment Summary
Student’s Name:
Professor’s Name:
Date:
Executive Summary
Scope
The particular risk assessment was carried out in order to find out an threats or susceptibilities that are related to the Department of IT in a Motor Vehicle firm. This was pertaining to the motor vehicle registration online system which was identified to be a potential risk system in the department. The motor vehicle registration online system included various components. For instance, the external interface, for instance the customer, contains a series of web pages that permitted the operator to punch in data as well as receive information from the application. This online application was developed and maintained by the DMV and was built by use of the Microsoft Internet Information Server as well as uses the Active Server Pages. This application also contains an interface together with the database of the motor vehicle registration together with Paylink. Since the DMV department houses the application, its components are physically at any of its data centers.
Results
According to the risk assessment, we were able to notice that the passwords were a threat since they could be guessed by effective hackers. Another risk concerned the cross site scripting which was a threat to the organization if the hackers found a way to use it against the company. Moreover, we realized that data could be taken out inappropriately and altered in the DMV by commands being entered in the SQL into input fields by hackers or any other sort of criminals especially those with SQL injections. We also noticed something to do with the web servers together with the application server be capable of running services that are unnecessary to the organization, which might incur various threats. This would be a risk in all activities since they don’t have any significance rather than utilizing our resources. Another important risk factor we realized was concerning the absence of a disaster recovery plan which is major risk.
We were able to form a committee that would discuss the various threats and come up with recommended controls that would assist the company to prevent any further disasters. On the issue of passwords, we recommended that all the passwords to be created a fresh and contain special characters in between. We also agreed that all headers, cookies, form fields, query strings as well as hidden fields must be validated against a demanding requirement of what is permitted. We also decided to always guarantee that every parameter is validated before use. Also, each parameter should always be checked versus a stringent design which stipulates what input is permitted. Moreover, we planned to reconfigure the systems in order to do away with the unnecessary services and also to create a competent disaster recovery plan for the organization.
Cost/Benefit Analysis
Before we decided to follow up on this minor project, we calculated the cost-benefit of the project towards the benefits of the company. We realized that without this risk assessment, we would incur much costs, more than what we would use to complete this assessment and prevent any future threats from taking place. With the areas in the IT department that we scrutinized, we realized that we would have undergone a very huge lose if we encountered any of the risks that we actually prevented because of this assessment. From the use of very weak passwords, we noticed that a ransomware that we would have incurred if any hacker decided to lock us out of our own data would have been hectic to come out of. Leave alone the lack of a disaster recovery plan which will help us in case of a very huge disaster that might strike our organization. It was a benefit and not a loss when we decided to undertake this path.
References:
Itsecurityedu. (2015). IT Security & Policy Office |. https://itsecurity.uiowa.edu/sites/itsecurity.uiowa.edu/files/sampleriskassessmentreport.pdf
Kenton W. (2016, November 8). How cost-benefit analysis process is performed. Investopedia. https://www.investopedia.com/terms/c/cost-benefitanalysis.asp
Worksmart.org.uk. (2019). What are the five steps to risk assessment? WorkSmart: The career coach that works for everyone. https://worksmart.org.uk/health-advice/health-and-safety/hazards-and-risks/what-are-five-steps-risk-assessment