1
SNHU
ISE 510 Security Risk Analysis & Plan
Week 1 HW
=====================================
2
Problems
1) For each primary Domain listed below, describe the Risks, Threats, and Vulnerabilities
related to YeildMore. The first domain is done as an example.
a. USER: g g
Risks:
Threats:
Vulnerabilities:
The key user domain risk areas
are the user names, passwords,
biometric or other
authentication elements, and
social engineering.
Cyber attackers can steal the g
usernames and passwords via
malicious downloads, g brute
force or social manipulation
Unsatisfied employees can
move around users’ desk to
steal passwords
Human factors are the weakest
link when it comes to IT
security
The inability to use safe and
secure authentication
Improper IT security training
for users
b. WORKSTATION: g
Risks:
Threats:
Vulnerabilities:
There is an outdated
operating system in the
workstation which can
allow unauthorized access
Online attackers can gain
access due to the outdated
operating system.
Patches is a major issue due
to the outdated operating
system. Without them, new
threats can have an adverse
impact on the firm’s IT
security
c LAN: g g
Risks:
Threats:
Vulnerabilities:
T-1 LAN is not updated.
They have effectively
functioned in the past. But
in the current times, trouble
might arise with the high-
speed internet.
Online attackers will gain an
upper hand if the connection
option is old and outdated.
There is a need to have a
system which can work by
aligning with the internet
connections
In case the internet speed
and the network is not
synced hackers might exploit
the situation.
d. LAN-to-WAN: g
Risks:
Threats:
Vulnerabilities:
As the network is open now
data can be easily accessed.
Hackers will get the
opportunity to gain access
into the network and breach
Malicious attacks
Possibility of Denial of
Service.
3
Clear text data being sent
Data lost in the transition.
the security
Eavesdropping
e. WAN: g
Risks:
Threats:
Vulnerabilities:
As the network is open now
data can be accessed easily.
Clear text data can be sent
Online criminals can gain
entry into the network and
compromise the security
posture.
Malicious attacks
Possibility of Denial of
Service.
Eavesdropping
f. APPLICATION: g
Risks:
Threats:
Vulnerabilities:
Faults relating to coding
Risks relating to the users
Failure relating to
infrastructure
Failure relating to system
Failure relating to data
A loophole in software or
application might become a
major vulnerability to
cyberattack.
g. REMOTE ACCESS: g
Risks:
Threats:
Vulnerabilities:
High risk of hacking
Weak passwords for the
remote access by users
Online hackers will get the
opportunity to gain deep
access into the firm’s
database in case the remote
access is threated
A hacker can get access
remotely by using the
compromised credentials of
employees. He can cause
company-wide security
damage and it cannot be
mitigated.
2) Risk Management Techniques are explained in Gibson, (2015), page 22.
a) Avoidance. Select one of the risks identified in part 1 that you would want to “avoid” and
explain why? (i.e. how would you avoid the risk?)
• Employees or Users – The human factors play a key important role when it comes to
Information Technology or Cyber errors. In case this factor that causes security error
can be eliminated or effectively dealt with, many security threats can become
ineffective.
4
b) Share or Transfer. Would it be a good idea to have a reliable third party to host
Yieldmore’s website? Why or why not?
• It would not be a good idea to have a reliable third party who would host Yieldmore’s
website. In fact, such a step would increase the overall security risks. Thus additional
steps and measures would have to be taken for mitigating such threats which could
lead to the waste of resources.
c) Mitigation. How would a Cost-benefit analysis (CBA) benefit your decision to implement a
control to mitigate risk?
• The cost-benefit analysis can be defined as the process which is used by business
undertakings to evaluate and assess decisions. The firm basically sums the core
benefits of a situation and then subtracts the related costs. g A Cost-benefit analysis
(CBA) could benefit the decision to implement a control to mitigate risk. In case the
costs are more than the benefits, then no actions would be taken. But without
conducting such an analysis, it would be difficult to ascertain the associated positive
and negative implications.
d) Acceptance. Which group of people, at YeildMore, ultimately have the responsibility to
Accept the residual risk? How would you explain it’s impossible to have zero residual risk?
• The customers of YeildMore are the stakeholders that accept the highest level of risk.
When a customer engages with the business they accept the risks that come along.
The employees of an organization are the ones that accept the residual risk. Whether
one is an employee or a customer, there always a certain degree of residual risks.
5
Reference
Gibson, D. (2015). Managing Risk in Information Systems, 2nd Edition. Burlington, MA:
Jones and Bartlett Learning.
Cost-Benefit Analysis. (2019, June 23). Retrieved from Investopedia: g g g g g
https://www.investopedia.com/terms/c/cost-benefitanalysis.asp
For review:
Seven major areas of risk in IT infrastructure