CONVXYZ Risk Assessment
Added on 2023-01-19
19 Pages3223 Words38 Views
1CONVXYZ RISK ASSESSMENT
Executive Summary
This report aims to analyse the various assets of CONVXYZ network and identifies threats, vulnerabilities and
specifications. The vulnerabilities and threats discussed represented in two Boston grid matrices based on
identification and likelihood of the risks. Thereafter a summary of security risks are given in impact table
specification after which the report closes with observations in conlusions.
Risk treatment methods recommended are updating the security applications and firewalls to
prevent protocol attacks against the firewall. Operating systems and related software applications must be
updated regularly for incorporating their latest hotfixes and patches. Best method of avoiding phishing
attacks can be by increasing awareness among employees, customers and lawyers while also making them
intuitive in identifying harmful sources. Ways for preventing the social engineering attack like email spoofing,
can be by making customers and lawyers of CONVXYZ communicate through custom mailboxes secured with
firewall policies and rules while promoting caution regarding tempting emails, and use of multifactor
authentication as also updating security software. Operating up to date and industry leading security
applications can help in mitigating malware threats from computers. In addition to appropriate hiring
policies, addressing of database risks can be done significantly by means of query level access controls that
can limit users with minimum privileges the given operational requirements.
Executive Summary
This report aims to analyse the various assets of CONVXYZ network and identifies threats, vulnerabilities and
specifications. The vulnerabilities and threats discussed represented in two Boston grid matrices based on
identification and likelihood of the risks. Thereafter a summary of security risks are given in impact table
specification after which the report closes with observations in conlusions.
Risk treatment methods recommended are updating the security applications and firewalls to
prevent protocol attacks against the firewall. Operating systems and related software applications must be
updated regularly for incorporating their latest hotfixes and patches. Best method of avoiding phishing
attacks can be by increasing awareness among employees, customers and lawyers while also making them
intuitive in identifying harmful sources. Ways for preventing the social engineering attack like email spoofing,
can be by making customers and lawyers of CONVXYZ communicate through custom mailboxes secured with
firewall policies and rules while promoting caution regarding tempting emails, and use of multifactor
authentication as also updating security software. Operating up to date and industry leading security
applications can help in mitigating malware threats from computers. In addition to appropriate hiring
policies, addressing of database risks can be done significantly by means of query level access controls that
can limit users with minimum privileges the given operational requirements.
2CONVXYZ RISK ASSESSMENT
Table of Contents
Introduction.......................................................................................................................................................3
Assessment of risks............................................................................................................................................3
Specifications of Assets..................................................................................................................................3
System Parameters Table...........................................................................................................................3
Threats...........................................................................................................................................................4
Threat Assessment.....................................................................................................................................5
Vulnerabilities.................................................................................................................................................7
Vulnerability Assessment Table:.................................................................................................................8
Likelihood.....................................................................................................................................................10
Dbs & Cud TH Risks...................................................................................................................................10
Dbs & Cud TS Risks...................................................................................................................................11
Impact Table Specifications..........................................................................................................................12
Identification................................................................................................................................................14
Conclusion........................................................................................................................................................14
References........................................................................................................................................................16
Table of Contents
Introduction.......................................................................................................................................................3
Assessment of risks............................................................................................................................................3
Specifications of Assets..................................................................................................................................3
System Parameters Table...........................................................................................................................3
Threats...........................................................................................................................................................4
Threat Assessment.....................................................................................................................................5
Vulnerabilities.................................................................................................................................................7
Vulnerability Assessment Table:.................................................................................................................8
Likelihood.....................................................................................................................................................10
Dbs & Cud TH Risks...................................................................................................................................10
Dbs & Cud TS Risks...................................................................................................................................11
Impact Table Specifications..........................................................................................................................12
Identification................................................................................................................................................14
Conclusion........................................................................................................................................................14
References........................................................................................................................................................16
3CONVXYZ RISK ASSESSMENT
Introduction
This report aims to analyse the various assets of CONVXYZ network and identifies threats,
vulnerabilities and specifications. The vulnerabilities and threats discussed are then plotted in BCG matrices
as per the metrics, identification and likelihood (Madsen 2017). After the report summarizes the security
risks and forms the impact table specification, it ends with concluding notes.
Organizations are facing immense consequences from risks in terms of finances as well as
performance and reputation thus altering safety, societal and environmental image of organizations for
which the ISO 31000:2018 has been formed (Selvaseelan 2018). It provides companies with processes,
principles, frameworks and guidelines to manage security risks but not in the form of certifications.
Risk Analysis
Specifications of Assets
System Parameters Table
ID_No Sys_Desc Application/
Firmware
No_of_Devic
es
Product_Des
c
Vendor_Des
c
SY001 PC Win 10 64bit,
Windows 7
20 Thinkstation
(P320 SFF)
Lenovo PC
Internation
al
SY002 Server Win Server version
2012
5 IBM-AS/400 Internation
al Business
Machine
(IBM)
SY003 Switch SG350 2 QFX-5110 Juniper
networks
SY004 Router C819HG-U-K9 1 Cisco-Rv320 Cisco
Introduction
This report aims to analyse the various assets of CONVXYZ network and identifies threats,
vulnerabilities and specifications. The vulnerabilities and threats discussed are then plotted in BCG matrices
as per the metrics, identification and likelihood (Madsen 2017). After the report summarizes the security
risks and forms the impact table specification, it ends with concluding notes.
Organizations are facing immense consequences from risks in terms of finances as well as
performance and reputation thus altering safety, societal and environmental image of organizations for
which the ISO 31000:2018 has been formed (Selvaseelan 2018). It provides companies with processes,
principles, frameworks and guidelines to manage security risks but not in the form of certifications.
Risk Analysis
Specifications of Assets
System Parameters Table
ID_No Sys_Desc Application/
Firmware
No_of_Devic
es
Product_Des
c
Vendor_Des
c
SY001 PC Win 10 64bit,
Windows 7
20 Thinkstation
(P320 SFF)
Lenovo PC
Internation
al
SY002 Server Win Server version
2012
5 IBM-AS/400 Internation
al Business
Machine
(IBM)
SY003 Switch SG350 2 QFX-5110 Juniper
networks
SY004 Router C819HG-U-K9 1 Cisco-Rv320 Cisco
4CONVXYZ RISK ASSESSMENT
SY005 Firewall Device Cisco Adaptive
Security
Appliance
1 Cisco-ASA-
5505
Cisco
SY006 WebServer ApacheWebServ
er
1 IBM-AS/400 IBM
SY007 MailServer ApacheHTTP_Se
rver
1 IBM-AS/400 IBM
SY008 AuthenticationServ
er
OAuth_2.0 1 IBM-AS/400 IBM
SY009 Employee
DatabaseServer
AdvancedHRM
v1.6
1 IBM-AS/400 IBM
SY001
0
Consumer
DatabaseServer
Mainframe 1 IBM-AS/400 IBM
The different network equipment used by CONVXYZ are provided by the above table and the
applications and firmware used by the systems with part number, vendor and count is also mentioned.
Asset Threat List
Firewall Threat: Protocol attacks are DDoS attacks which drains load balancer, resources of firewall and
prevents processing of legitimate traffic (Hutle, Hansch and Fitzgerald 2015). This may negatively affect
CONVXYZ network. Though firewalls can generally provide adequate protection versus DDoS attacks, are not
as effective against protocol attacks.
Router Threat: VPNFilter targets routers of small offices like CONVXYZ (Siegel 2018). Unlike a traditional
malware, they cannot be erased via resetting that infected system as also converting an infected device to
bot.
SY005 Firewall Device Cisco Adaptive
Security
Appliance
1 Cisco-ASA-
5505
Cisco
SY006 WebServer ApacheWebServ
er
1 IBM-AS/400 IBM
SY007 MailServer ApacheHTTP_Se
rver
1 IBM-AS/400 IBM
SY008 AuthenticationServ
er
OAuth_2.0 1 IBM-AS/400 IBM
SY009 Employee
DatabaseServer
AdvancedHRM
v1.6
1 IBM-AS/400 IBM
SY001
0
Consumer
DatabaseServer
Mainframe 1 IBM-AS/400 IBM
The different network equipment used by CONVXYZ are provided by the above table and the
applications and firmware used by the systems with part number, vendor and count is also mentioned.
Asset Threat List
Firewall Threat: Protocol attacks are DDoS attacks which drains load balancer, resources of firewall and
prevents processing of legitimate traffic (Hutle, Hansch and Fitzgerald 2015). This may negatively affect
CONVXYZ network. Though firewalls can generally provide adequate protection versus DDoS attacks, are not
as effective against protocol attacks.
Router Threat: VPNFilter targets routers of small offices like CONVXYZ (Siegel 2018). Unlike a traditional
malware, they cannot be erased via resetting that infected system as also converting an infected device to
bot.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment on Network of CONVXYZlg...
|16
|3227
|104
Information Security Management: Risk Assessment and Recommendationslg...
|11
|2902
|54
Information Security Managementlg...
|11
|3202
|65
Risk Assessment for CONVXYZ Organizationlg...
|12
|2947
|68
Risk Assessment for CONVXYZlg...
|12
|3189
|82
Risk Assessment Report- Docslg...
|11
|1091
|30