15. 12. Risk Assessment. Data Services and Systems Pvt.

Added on -2019-09-20

| 17 pages
| 3540 words
| 348 views

Trusted by 2+ million users,
1000+ happy students everyday

Showing pages 1 to 4 of 17 pages

0Risk AssessmentData Services and Systems Pvt. Ltd.Student Name: Course Name:
1AbstractThe paper is concerned with identification of security risks for a company and understanding the possible mitigation steps for them. The company selected for the assessment is Data Services and Systems Pt. Ltd. It is a hypothetical company chosen for the security risk assessment. The company deals in data analytics and services. The company is situated in Guiyang city of China which is a flood prone location. The client base of the country is all over the world. They are big and small businesses that need data analytic services for specificmarket. The company is headquartered in Guiyang and accesses the data of various other locations with the help of network of freelancers it has built in years. The paper identified twelve security risks for the company. These security risks are: delivery malware to internal system, network sniffing of exposed network, craft phishing attack, get physical access through authorized staffs, communication interception attacks, brute force login, spill sensitive information, flood at primary facility, mishandling of sensitive or criticalinformation, disk error, unreadable display, and incorrect privilege settings. These risks were further analysed on various parameters and mitigation steps for six of the risks were identified. There were multiple security controls identified to ensure that these risks do not occur.
2Table of ContentsAbstract......................................................................................................................................1Introduction................................................................................................................................3Scope of ISMS...........................................................................................................................3Information Security Policy Statement......................................................................................3Risk Assessment.........................................................................................................................3Information Security Risks....................................................................................................3Adversarial Risk.................................................................................................................4Non-Adversarial Risk.........................................................................................................5Response to Identified Risks......................................................................................................6Information Security Controls....................................................................................................6Conclusion..................................................................................................................................6References..................................................................................................................................6
3IntroductionThe company that has been selected for the assessment is Data Services and Systems Pt. Ltd. It is a hypothetical company based out of Guiyang City, China. The company provides data analytics services to various clients around the world. The client of the company ranges from large companies to small companies and some governmental organizations. The company operates with around fifty employees who work in-house. Along with that, the company also has many individuals working for it as freelancers. The freelancers are located in various countries around the world. They provide their services to the company from their respective home countries. All the activities of the company are technology based and company has never involved itself in the activities that require offline management. There are some activities such as field survey for data collection that is conducted by country specific freelance teams. The company is smaller in size and it has no head office outside China. The only method that has been considered to operate for other countries is through the internet based services. The data collection and management of those countries are taken care at the head office. The data collection and compilation is done by the freelancers.The company management is concerned about the various security risks that might impact theorganization’s activities in the days to come. Some of the concerns are related to security of the data and information from physical and technical damages and others. Therefore, the management is willing to implement Information Security Management System (ISMS) to ensure that all the risks are taken care. Various chapters in this section are focused on identifying the likely risks that can occur and then devising appropriate mitigations plans for them. The second chapter discusses about the scope of the ISMS for the company. The third chapter discusses the information security policy statement. The fourth chapter assesses the

Found this document preview useful?

You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss

Students who viewed this