Network Management Security: Vulnerability and Threat Assessment
Analyzing the scenario of the Superb Gift Company and its recent buyout by a Chinese distribution company, along with the potential challenges and concerns for the company's future.
36 Pages7340 Words262 Views
Added on 2023-06-03
About This Document
This report provides a vulnerability and threat assessment for Superb Gift Company's network management security. It identifies key vulnerabilities and threats that can potentially harm the organization and provides recommendations to manage the risks.
Network Management Security: Vulnerability and Threat Assessment
Analyzing the scenario of the Superb Gift Company and its recent buyout by a Chinese distribution company, along with the potential challenges and concerns for the company's future.
Added on 2023-06-03
ShareRelated Documents
Network Management Security 0
NETWORK MANAGEMENT SECURITY
By Name
Course
Instructor
Institution
Location
Date
NETWORK MANAGEMENT SECURITY
By Name
Course
Instructor
Institution
Location
Date
Network Management Security 1
Table of Contents
2 Introduction..............................................................................................................................2
2.1 Objective...........................................................................................................................2
2.2 Scope.................................................................................................................................3
2.3 Limitation..........................................................................................................................3
3 IT systems characterization......................................................................................................3
3.1 Mail Catalogue System.....................................................................................................3
3.2 Website..............................................................................................................................4
3.3 Finance System.................................................................................................................4
3.4 Marketing system..............................................................................................................4
3.5 Logistics and Distribution.................................................................................................5
3.6 Payment System................................................................................................................5
4 VULNERABILITY ASSESSMENT.......................................................................................6
4.1 Vulnerability Identification...............................................................................................6
4.1.1 Website weaknesses...................................................................................................6
4.1.2 Payment vulnerabilities.............................................................................................7
4.1.3 Network Vulnerabilities.............................................................................................7
4.1.4 Vague Policies...........................................................................................................7
4.1.5 Lack of CIRT.............................................................................................................8
4.1.6 Legal vulnerabilities..................................................................................................8
4.1.7 Data Duplication........................................................................................................8
4.2 Assessment........................................................................................................................9
Website weaknesses.................................................................................................................9
5 Threat Assessment.................................................................................................................12
5.1 Threat Identification........................................................................................................12
5.1.1 Impersonification.....................................................................................................12
5.1.2 System Failures........................................................................................................12
5.1.3 Hackers....................................................................................................................13
5.1.4 DDOS......................................................................................................................13
5.1.5 Insider Jobs..............................................................................................................13
5.1.6 Natural Disaster.......................................................................................................13
Table of Contents
2 Introduction..............................................................................................................................2
2.1 Objective...........................................................................................................................2
2.2 Scope.................................................................................................................................3
2.3 Limitation..........................................................................................................................3
3 IT systems characterization......................................................................................................3
3.1 Mail Catalogue System.....................................................................................................3
3.2 Website..............................................................................................................................4
3.3 Finance System.................................................................................................................4
3.4 Marketing system..............................................................................................................4
3.5 Logistics and Distribution.................................................................................................5
3.6 Payment System................................................................................................................5
4 VULNERABILITY ASSESSMENT.......................................................................................6
4.1 Vulnerability Identification...............................................................................................6
4.1.1 Website weaknesses...................................................................................................6
4.1.2 Payment vulnerabilities.............................................................................................7
4.1.3 Network Vulnerabilities.............................................................................................7
4.1.4 Vague Policies...........................................................................................................7
4.1.5 Lack of CIRT.............................................................................................................8
4.1.6 Legal vulnerabilities..................................................................................................8
4.1.7 Data Duplication........................................................................................................8
4.2 Assessment........................................................................................................................9
Website weaknesses.................................................................................................................9
5 Threat Assessment.................................................................................................................12
5.1 Threat Identification........................................................................................................12
5.1.1 Impersonification.....................................................................................................12
5.1.2 System Failures........................................................................................................12
5.1.3 Hackers....................................................................................................................13
5.1.4 DDOS......................................................................................................................13
5.1.5 Insider Jobs..............................................................................................................13
5.1.6 Natural Disaster.......................................................................................................13
Network Management Security 2
5.1.7 Malware...................................................................................................................14
5.1.8 Government Regulations.........................................................................................14
5.2 Threat Assessment..........................................................................................................14
6 Risk Assessment....................................................................................................................17
6.1 Risk Identification...........................................................................................................17
6.1.1 Customer risks.........................................................................................................17
6.1.2 Business failure risks...............................................................................................17
6.1.3 Human risks.............................................................................................................17
6.1.4 ICT Systems and Application..................................................................................18
6.1.5 Legal risks................................................................................................................18
6.1.6 Administrative risks.................................................................................................18
6.2 Risk Analysis..................................................................................................................19
6.3 Impact analysis................................................................................................................20
6.3.1 Human Risks............................................................................................................21
6.3.2 Systems and Applications........................................................................................21
6.3.3 ICT Infrastructure....................................................................................................21
6.3.4 Customer risks.........................................................................................................21
6.3.5 Stock and Inventory.................................................................................................22
6.4 Risk Associated with Law...............................................................................................22
7 overall risk determination......................................................................................................23
8 Control Analysis....................................................................................................................25
9 CONCLUSION......................................................................................................................27
10 Recommendations..................................................................................................................28
5.1.7 Malware...................................................................................................................14
5.1.8 Government Regulations.........................................................................................14
5.2 Threat Assessment..........................................................................................................14
6 Risk Assessment....................................................................................................................17
6.1 Risk Identification...........................................................................................................17
6.1.1 Customer risks.........................................................................................................17
6.1.2 Business failure risks...............................................................................................17
6.1.3 Human risks.............................................................................................................17
6.1.4 ICT Systems and Application..................................................................................18
6.1.5 Legal risks................................................................................................................18
6.1.6 Administrative risks.................................................................................................18
6.2 Risk Analysis..................................................................................................................19
6.3 Impact analysis................................................................................................................20
6.3.1 Human Risks............................................................................................................21
6.3.2 Systems and Applications........................................................................................21
6.3.3 ICT Infrastructure....................................................................................................21
6.3.4 Customer risks.........................................................................................................21
6.3.5 Stock and Inventory.................................................................................................22
6.4 Risk Associated with Law...............................................................................................22
7 overall risk determination......................................................................................................23
8 Control Analysis....................................................................................................................25
9 CONCLUSION......................................................................................................................27
10 Recommendations..................................................................................................................28
Network Management Security 3
1 INTRODUCTION
This risk assessment is conducted for the Superb Gift company in order to have a report on
the assessment of the various risks that can potentially harm the organization. A detailed
vulnerability report is included in the report to point put key weaknesses in the company that can
potentially harm the organization not only in terms of its reputation but also its ability to deliver
its services as prescribed in the service charter. Various threats and threat agents have also been
identified in the report to gauge their impact level when they exploit the vulnerabilities. To make
the recommendations, the vulnerabilities, threats were assessed to determine the risk they portray
to company’s assets and processes (Jones, 2010).
To better conduct the assessment, the ISO 27001 standard on information security
management systems was used as a baseline to identify risk through assessment of vulnerabilities
in the company that does not conform to the security management systems process and practices.
The objective of this reports is as explained below
1.1 OBJECTIVE
i. Identification of exposures within the company that makes the company have risks in
the Information security
ii. Identification of key vulnerabilities in the company
iii. Identification of threats and threat agents that can exploit vulnerabilities in the
company
iv. Provide key recommendation to the company to manage the risks
1 INTRODUCTION
This risk assessment is conducted for the Superb Gift company in order to have a report on
the assessment of the various risks that can potentially harm the organization. A detailed
vulnerability report is included in the report to point put key weaknesses in the company that can
potentially harm the organization not only in terms of its reputation but also its ability to deliver
its services as prescribed in the service charter. Various threats and threat agents have also been
identified in the report to gauge their impact level when they exploit the vulnerabilities. To make
the recommendations, the vulnerabilities, threats were assessed to determine the risk they portray
to company’s assets and processes (Jones, 2010).
To better conduct the assessment, the ISO 27001 standard on information security
management systems was used as a baseline to identify risk through assessment of vulnerabilities
in the company that does not conform to the security management systems process and practices.
The objective of this reports is as explained below
1.1 OBJECTIVE
i. Identification of exposures within the company that makes the company have risks in
the Information security
ii. Identification of key vulnerabilities in the company
iii. Identification of threats and threat agents that can exploit vulnerabilities in the
company
iv. Provide key recommendation to the company to manage the risks
Network Management Security 4
1.2 SCOPE
The risk assessment shall only rely on the information about the Superb company as
prescribed in the case study give. The risk assessment is conducted using the ISO 27001
standard guidelines on information security management system detailing how to plan
processes that are meant to deploy and manage security systems to safeguard information
assets of the company.
1.3 LIMITATION
The risk assessment did not go into the nitty-gritty of an audit report and focus only on the
risk assessment based on the case study give and proposed recommendations to help
reduce the risk to manageable levels.
To begin the risk assessment, it is vital to identify the various IT systems. This is as shown
below
1.2 SCOPE
The risk assessment shall only rely on the information about the Superb company as
prescribed in the case study give. The risk assessment is conducted using the ISO 27001
standard guidelines on information security management system detailing how to plan
processes that are meant to deploy and manage security systems to safeguard information
assets of the company.
1.3 LIMITATION
The risk assessment did not go into the nitty-gritty of an audit report and focus only on the
risk assessment based on the case study give and proposed recommendations to help
reduce the risk to manageable levels.
To begin the risk assessment, it is vital to identify the various IT systems. This is as shown
below
Network Management Security 5
2 IT SYSTEMS CHARACTERIZATION
To correctly identify risks, it is vital to identify the various systems and applications that are
critical for the functioning of Superb Gift. The first line of protection against unfavorable
uncertainties is to know yourself (Anie, 2011). This involves scrutinizing the key technology
assets to identify the vulnerabilities in them which shall make the design of control much
effective. The key system in the Superb Gifts is explained below,
2.1 MAIL CATALOGUE SYSTEM
The mail order system contains a catalog of the various Gifts that the company sells. Customers
can view the itemized lists of the gift to buy and make an order through the ordinary mail. Once
the mail is received after some time, the company sends acknowledgment note to the mailer on
the order status. The order is then dispatched to the mailer address together with an invoice for
demanding payments (Szóstek, 2011).
2.2 WEBSITE
The Superb Gifts own a website which again acts as a secondary place where customers can hunt
for the gifts they seek to purchase. The website has a digital catalog of the key gifts that the
company sells. Clients check in the gifts and make orders online for the goods they seek. Once a
potential buyer finds the good he/she seeks, the checkout process where they make payments
using PayPal and credit and or debit cards (Garrido, Sullivan and Gordon, 2010).
2.3 FINANCE SYSTEM
The finance system which is mainly used for accounting purposes such as accounting the
payments from the buyers of the Gifts. The employees also get their systems tied to the finance
2 IT SYSTEMS CHARACTERIZATION
To correctly identify risks, it is vital to identify the various systems and applications that are
critical for the functioning of Superb Gift. The first line of protection against unfavorable
uncertainties is to know yourself (Anie, 2011). This involves scrutinizing the key technology
assets to identify the vulnerabilities in them which shall make the design of control much
effective. The key system in the Superb Gifts is explained below,
2.1 MAIL CATALOGUE SYSTEM
The mail order system contains a catalog of the various Gifts that the company sells. Customers
can view the itemized lists of the gift to buy and make an order through the ordinary mail. Once
the mail is received after some time, the company sends acknowledgment note to the mailer on
the order status. The order is then dispatched to the mailer address together with an invoice for
demanding payments (Szóstek, 2011).
2.2 WEBSITE
The Superb Gifts own a website which again acts as a secondary place where customers can hunt
for the gifts they seek to purchase. The website has a digital catalog of the key gifts that the
company sells. Clients check in the gifts and make orders online for the goods they seek. Once a
potential buyer finds the good he/she seeks, the checkout process where they make payments
using PayPal and credit and or debit cards (Garrido, Sullivan and Gordon, 2010).
2.3 FINANCE SYSTEM
The finance system which is mainly used for accounting purposes such as accounting the
payments from the buyers of the Gifts. The employees also get their systems tied to the finance
Network Management Security 6
system since all the payroll information get accounted from it. This makes the system very key
for the company as it contains critical company and employees’ financial information such as
bank account details (McGuire et al., 2008).
2.4 MARKETING SYSTEM
The marketing system is used to send customized advertisement and coupons to potential
customers. The data is mined from the users who sign up on the website. The big data analysis
ensures there is a high success ratio for the targeted marketing strategies that the company use.
The physical marketing offices are located far away in Bristol hence employees always connect
remotely to the other colleagues in other branches.
With the buyout by the Chinese corporation, new systems will be integrated to ensure smooth
operations (Batchu, Mishra and Rege, 2014).
2.5 LOGISTICS AND DISTRIBUTION
The logistics and distribution of Superb Gift are hosted in the physical depot in South Wales
where the inventory and internal logistics is hosted to facilitate the process of goods transfer.
Once the order has been authenticated at the administration in Bristol, the dispatch order get
processed at the depot where information such as customer shipping address is entered into the
consignment form filled in three copies, once for the depot, the other for driver and the
remaining will be issued to the customer upon receipt of goods and validate they are what he/she
ordered and that the goods are in good shape without any physical damages (Whitman and
Mattord, 2013)
system since all the payroll information get accounted from it. This makes the system very key
for the company as it contains critical company and employees’ financial information such as
bank account details (McGuire et al., 2008).
2.4 MARKETING SYSTEM
The marketing system is used to send customized advertisement and coupons to potential
customers. The data is mined from the users who sign up on the website. The big data analysis
ensures there is a high success ratio for the targeted marketing strategies that the company use.
The physical marketing offices are located far away in Bristol hence employees always connect
remotely to the other colleagues in other branches.
With the buyout by the Chinese corporation, new systems will be integrated to ensure smooth
operations (Batchu, Mishra and Rege, 2014).
2.5 LOGISTICS AND DISTRIBUTION
The logistics and distribution of Superb Gift are hosted in the physical depot in South Wales
where the inventory and internal logistics is hosted to facilitate the process of goods transfer.
Once the order has been authenticated at the administration in Bristol, the dispatch order get
processed at the depot where information such as customer shipping address is entered into the
consignment form filled in three copies, once for the depot, the other for driver and the
remaining will be issued to the customer upon receipt of goods and validate they are what he/she
ordered and that the goods are in good shape without any physical damages (Whitman and
Mattord, 2013)
Network Management Security 7
2.6 PAYMENT SYSTEM
This represents the check-out systems that the company use to facilitate the transfer of money
from the buyer to the company. The company has adopted three payment methods which include
the use of PayPal online money transfer, the use of credit card and also have the option for the
use of credit card to make purchases. All the systems require a secure environment to ensure the
seamless transfer of money to clear the invoices. It is therefore critical for the company to ensure
customer confidential don’t get preyed by hackers, rogue employee or competitor seeking to
tarnish the name of the company (Laurila et al., 2012).
2.6 PAYMENT SYSTEM
This represents the check-out systems that the company use to facilitate the transfer of money
from the buyer to the company. The company has adopted three payment methods which include
the use of PayPal online money transfer, the use of credit card and also have the option for the
use of credit card to make purchases. All the systems require a secure environment to ensure the
seamless transfer of money to clear the invoices. It is therefore critical for the company to ensure
customer confidential don’t get preyed by hackers, rogue employee or competitor seeking to
tarnish the name of the company (Laurila et al., 2012).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information Security Management for CloudXYZ: Risk Assessment and Mitigationlg...
|18
|3419
|275
Cloud Architecture Risk Assignment PDFlg...
|15
|2969
|384
Cloud Architecture Risk Assessment - ISO 27001 Standardslg...
|15
|3032
|114
Risk Assessment for CloudXYZ Security Network Architecturelg...
|15
|2929
|491
Cybersecurity Assignment 2022lg...
|12
|3058
|22
Implementing an Information Security Management System (ISMS) for ABC Organizationlg...
|2
|593
|260