1 / 5100%
1
SNHU
ISE 510 Security Risk Analysis & Plan
Week 1 HW
1-3 Jones & Bartlett Lecture Presentation and Assignment:
Application of Risk Management Techniques
30 points
Carlos Delapaz
Due August 19,2019
If late let me know why:Resubmission as asked
=====================================
2
Problems
1) For each primary Domain listed below, describe the Risks, Threats, and Vulnerabilities related
to YeildMore. The first domain is done as an example.
a. USER:
Risks: Threats: Vulnerabilities:
The key user domain risk areas
are the user names, passwords,
biometric or other authentication
elements, and social
engineering.
Cyber attackers can steal the
usernames and passwords via
malicious downloads, brute
force or social manipulation
Unsatisfied employees can
move around users’ desk to steal
passwords
Human factors are the weakest
link when it comes to IT
security
The inability to use safe and
secure authentication
Improper IT security training for
users
b. WORKSTATION:
Risks: Threats: Vulnerabilities:
There is an outdated
operating system in the
workstation which can
allow unauthorized access
Online attackers can gain
access due to the outdated
operating system.
Patches is a major issue due
to the outdated operating
system. Without them, new
threats can have an adverse
impact on the firm’s IT
security
c LAN:
Risks: Threats: Vulnerabilities:
T-1 LAN is not updated.
They have effectively
functioned in the past. But in
the current times, trouble
might arise with the high-
speed internet.
Online attackers will gain an
upper hand if the connection
option is old and outdated.
There is a need to have a
system which can work by
aligning with the internet
connections
In case the internet speed and
the network is not synced
hackers might exploit the
situation.
d. LAN-to-WAN:
Risks: Threats: Vulnerabilities:
As the network is open now
data can be easily accessed.
Hackers will get the
opportunity to gain access
into the network and breach
Malicious attacks
Possibility of Denial of
Service.
3
Clear text data being sent
Data lost in the transition.
the security Eavesdropping
e. WAN:
Risks: Threats: Vulnerabilities:
As the network is open now
data can be accessed easily.
Clear text data can be sent
Online criminals can gain
entry into the network and
compromise the security
posture.
Malicious attacks
Possibility of Denial of
Service.
Eavesdropping
f. APPLICATION:
Risks: Threats: Vulnerabilities:
Faults relating to coding
Risks relating to the users
Failure relating to
infrastructure
Failure relating to system
Failure relating to data
A loophole in software or
application might become a
major vulnerability to
cyberattack.
g. REMOTE ACCESS:
Risks: Threats: Vulnerabilities:
High risk of hacking
Weak passwords for the
remote access by users
Online hackers will get the
opportunity to gain deep
access into the firm’s
database in case the remote
access is threated
A hacker can get access
remotely by using the
compromised credentials of
employees. He can cause
company-wide security
damage and it cannot be
mitigated.
2) Risk Management Techniques are explained in Gibson, (2015), page 22.
a) Avoidance. Select one of the risks identified in part 1 that you would want to “avoid” and
explain why? (i.e. how would you avoid the risk?)
Employees or Users – The human factors play a key important role when it comes to
Information Technology or Cyber errors. In case this factor that causes security error can
be eliminated or effectively dealt with, many security threats can become ineffective.
b) Share or Transfer. Would it be a good idea to have a reliable third party to host Yieldmore’s
website? Why or why not?
4
It would not be a good idea to have a reliable third party who would host Yieldmore’s
website. In fact, such a step would increase the overall security risks. Thus additional
steps and measures would have to be taken for mitigating such threats which could lead
to the waste of resources.
c) Mitigation. How would a Cost-benefit analysis (CBA) benefit your decision to implement a
control to mitigate risk?
The cost-benefit analysis can be defined as the process which is used by business
undertakings to evaluate and assess decisions. The firm basically sums the core benefits
of a situation and then subtracts the related costs. A Cost-benefit analysis (CBA) could
benefit the decision to implement a control to mitigate risk. In case the costs are more
than the benefits, then no actions would be taken. But without conducting such an
analysis, it would be difficult to ascertain the associated positive and negative
implications.
d) Acceptance. Which group of people, at YeildMore, ultimately have the responsibility to
Accept the residual risk? How would you explain it’s impossible to have zero residual risk?
The customers of YeildMore are the stakeholders that accept the highest level of risk.
When a customer engages with the business they accept the risks that come along. The
employees of an organization are the ones that accept the residual risk. Whether one is
an employee or a customer, there always a certain degree of residual risks.
5
Reference
Gibson, D. (2015). Managing Risk in Information Systems, 2nd Edition. Burlington, MA: Jones
and Bartlett Learning.
Cost-Benefit Analysis. (2019, June 23). Retrieved from Investopedia:
https://www.investopedia.com/terms/c/cost-benefitanalysis.asp
For review:
Seven major areas of risk in IT infrastructure
Students also viewed