15. 12. Risk Assessment. Data Services and Systems Pvt.

Added on - 20 Sep 2019

  • 17

    pages

  • 3540

    words

  • 119

    views

  • 0

    downloads

Showing pages 1 to 4 of 17 pages
0Risk AssessmentData Services and Systems Pvt. Ltd.Student Name:Course Name:
1AbstractThe paper is concerned with identification of security risks for a company and understandingthe possible mitigation steps for them. The company selected for the assessment is DataServices and Systems Pt. Ltd. It is a hypothetical company chosen for the security riskassessment. The company deals in data analytics and services. The company is situated inGuiyang city of China which is a flood prone location. The client base of the country is allover the world. They are big and small businesses that need data analytic services for specificmarket. The company is headquartered in Guiyang and accesses the data of various otherlocations with the help of network of freelancers it has built in years.The paper identified twelve security risks for the company. These security risks are: deliverymalware to internal system, network sniffing of exposed network, craft phishing attack, getphysical access through authorized staffs, communication interception attacks, brute forcelogin, spill sensitive information, flood at primary facility, mishandling of sensitive or criticalinformation, disk error, unreadable display, and incorrect privilege settings.These risks were further analysed on various parameters and mitigation steps for six of therisks were identified. There were multiple security controls identified to ensure that theserisks do not occur.
2Table of ContentsAbstract......................................................................................................................................1Introduction................................................................................................................................3Scope of ISMS...........................................................................................................................3Information Security Policy Statement......................................................................................3Risk Assessment.........................................................................................................................3Information Security Risks....................................................................................................3Adversarial Risk.................................................................................................................4Non-Adversarial Risk.........................................................................................................5Response to Identified Risks......................................................................................................6Information Security Controls....................................................................................................6Conclusion..................................................................................................................................6References..................................................................................................................................6
3IntroductionThe company that has been selected for the assessment is Data Services and Systems Pt. Ltd.It is a hypothetical company based out of Guiyang City, China. The company provides dataanalytics services to various clients around the world. The client of the company ranges fromlarge companies to small companies and some governmental organizations. The companyoperates with around fifty employees who work in-house. Along with that, the company alsohas many individuals working for it as freelancers. The freelancers are located in variouscountries around the world. They provide their services to the company from their respectivehome countries. All the activities of the company are technology based and company hasnever involved itself in the activities that require offline management. There are someactivities such as field survey for data collection that is conducted by country specificfreelance teams. The company is smaller in size and it has no head office outside China. Theonly method that has been considered to operate for other countries is through the internetbased services. The data collection and management of those countries are taken care at thehead office. The data collection and compilation is done by the freelancers.The company management is concerned about the various security risks that might impact theorganization’s activities in the days to come. Some of the concerns are related to security ofthe data and information from physical and technical damages and others. Therefore, themanagement is willing to implement Information Security Management System (ISMS) toensure that all the risks are taken care. Various chapters in this section are focused onidentifying the likely risks that can occur and then devising appropriate mitigations plans forthem. The second chapter discusses about the scope of the ISMS for the company. The thirdchapter discusses the information security policy statement. The fourth chapter assesses the
desklib-logo
You’re reading a preview
card-image

To View Complete Document

Become a Desklib Library Member.
Subscribe to our plans

Download This Document