Risk Analysis for XYZU: Vulnerabilities, Risks, and Mitigation Strategies
VerifiedAdded on 2023/04/22
|12
|2557
|127
AI Summary
This report discusses the vulnerabilities and risks faced by XYZU, along with recommendations and protection mechanisms that can be implemented to prevent these threats. It also includes a qualitative and quantitative risk analysis, and identifies gaps that require further analysis.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: RISK ANALYSIS
RISK ANALYSIS
Name of Student
Name of University
Author’s Note
RISK ANALYSIS
Name of Student
Name of University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1RISK ANALYSIS
Executive summary
Vulnerabilities like threats and risks are very common problems for various enterprises.
Vulnerabilities might take place because of various loopholes in the organization. Some
loopholes might be present in the working principles, technical systems, strategies or many more
factors of the organization. The case study on XYZU has various factors because of which they
are vulnerable to numerous security threats. This assignment discusses regarding various issues
faced by the organization including numerous recommendations that can be utilized by the
organization in order to prevent the issues. Some recommendations are creating passwords that
are strong in nature, implementing various programs for security, implementing a firewall and
some more. This particular assignment describes regarding various gaps that require attention in
order to secure data that belongs to the organization. Analysis that are qualitative as well as
quantitative in nature are also described as one of the ways that can be used to secure data.
Executive summary
Vulnerabilities like threats and risks are very common problems for various enterprises.
Vulnerabilities might take place because of various loopholes in the organization. Some
loopholes might be present in the working principles, technical systems, strategies or many more
factors of the organization. The case study on XYZU has various factors because of which they
are vulnerable to numerous security threats. This assignment discusses regarding various issues
faced by the organization including numerous recommendations that can be utilized by the
organization in order to prevent the issues. Some recommendations are creating passwords that
are strong in nature, implementing various programs for security, implementing a firewall and
some more. This particular assignment describes regarding various gaps that require attention in
order to secure data that belongs to the organization. Analysis that are qualitative as well as
quantitative in nature are also described as one of the ways that can be used to secure data.
2RISK ANALYSIS
Table of Contents
Introduction..........................................................................................................................3
Discussion............................................................................................................................3
Risks................................................................................................................................3
Recommendations for the project and their impacts on the organization.......................5
Qualitative and quantitative approaches and their advantages........................................6
Protection mechanisms that can be implemented............................................................6
Gaps that require further analysis....................................................................................7
Conclusion...........................................................................................................................8
References..........................................................................................................................10
Table of Contents
Introduction..........................................................................................................................3
Discussion............................................................................................................................3
Risks................................................................................................................................3
Recommendations for the project and their impacts on the organization.......................5
Qualitative and quantitative approaches and their advantages........................................6
Protection mechanisms that can be implemented............................................................6
Gaps that require further analysis....................................................................................7
Conclusion...........................................................................................................................8
References..........................................................................................................................10
3RISK ANALYSIS
Introduction
Usually organizations are open to threats and vulnerabilities due to various reasons. The
issues that might cause threats include errors in working principles IT framework or any among
the factors of the organization. In this assignment a scenario had been provided of XYZU, this
university consists of some loopholes and can be misused by hackers in order to steal data that
belongs to the organization (Aven, 2016). This report discusses regarding the issues, it further
discusses regarding the mitigation strategies along with their impacts on the university. This
report depicts the analysis of technical risk that had been done by keeping in mind the
technology environment present in organization.
Discussion
Risks
Considering the provided scenario provided in the report it can be found that the
organization is vulnerable to a huge number of risks, the risks are mentioned below
Data breach: data breach can be described as a process of data loss where the
data owned by an organization is accessed by an unauthorized user or hacker.
This data is stolen for ill purposes. The organization in the scenario is vulnerable
to this sort of data breach because the documentations are saved in various servers
that are usually visible by people having access to internet (Shapiro, 2016). If
people who does not belong to the organization might use it for handing over to
opponent organization or hackers. Moreover the servers do not run on recent
operating systems which might also be the reason for security threat.
Introduction
Usually organizations are open to threats and vulnerabilities due to various reasons. The
issues that might cause threats include errors in working principles IT framework or any among
the factors of the organization. In this assignment a scenario had been provided of XYZU, this
university consists of some loopholes and can be misused by hackers in order to steal data that
belongs to the organization (Aven, 2016). This report discusses regarding the issues, it further
discusses regarding the mitigation strategies along with their impacts on the university. This
report depicts the analysis of technical risk that had been done by keeping in mind the
technology environment present in organization.
Discussion
Risks
Considering the provided scenario provided in the report it can be found that the
organization is vulnerable to a huge number of risks, the risks are mentioned below
Data breach: data breach can be described as a process of data loss where the
data owned by an organization is accessed by an unauthorized user or hacker.
This data is stolen for ill purposes. The organization in the scenario is vulnerable
to this sort of data breach because the documentations are saved in various servers
that are usually visible by people having access to internet (Shapiro, 2016). If
people who does not belong to the organization might use it for handing over to
opponent organization or hackers. Moreover the servers do not run on recent
operating systems which might also be the reason for security threat.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4RISK ANALYSIS
Failure of operating system: the operating system on which the server runs is
backdated which might be the root cause for the organization to be vulnerable to
data breach. Backdated servers usually have various loopholes and due to which
data can be accessed by various unauthorized users for getting access of data
(Jacobsson, Boldt & Carlsson, 2016).This data can be provided to other
organizations that can steal its working principles and strategies as well.
Crashed software: in the XYZU hardware and software are nor maintained. This
might crash the software and result in data loss (Cheng, He & Hu, 2017). Besides
this, not maintaining the hardware might break down the computers that are used
by the company, this might also result in data loss, along with these, and there are
chances that the data can never be retrieved due to improper security process.
Leakage in backdated servers: some servers that belong to the organization like
Sparc Station are nearly 5 years old, they have not been updated as well; as a
result it might produce serious threats for the company that can result in causing
data breach by cyber criminals.
Internal risks due to accessibility of data: every employee in the organization is
provided with the administrator password, this might result in various internal
risks. Employees might delete or utilize the data for various advantages; they can
change the codes as well (De & Métayer, 2016). All the users are allowed to have
accounts in all servers irrespective of the fact that they are not admins, this allows
the employees to get hold of data in server and might cause internal risks.
Information system compromises: the organization claims in compromising
various machines previously, the admins are not very confident regarding the fact
Failure of operating system: the operating system on which the server runs is
backdated which might be the root cause for the organization to be vulnerable to
data breach. Backdated servers usually have various loopholes and due to which
data can be accessed by various unauthorized users for getting access of data
(Jacobsson, Boldt & Carlsson, 2016).This data can be provided to other
organizations that can steal its working principles and strategies as well.
Crashed software: in the XYZU hardware and software are nor maintained. This
might crash the software and result in data loss (Cheng, He & Hu, 2017). Besides
this, not maintaining the hardware might break down the computers that are used
by the company, this might also result in data loss, along with these, and there are
chances that the data can never be retrieved due to improper security process.
Leakage in backdated servers: some servers that belong to the organization like
Sparc Station are nearly 5 years old, they have not been updated as well; as a
result it might produce serious threats for the company that can result in causing
data breach by cyber criminals.
Internal risks due to accessibility of data: every employee in the organization is
provided with the administrator password, this might result in various internal
risks. Employees might delete or utilize the data for various advantages; they can
change the codes as well (De & Métayer, 2016). All the users are allowed to have
accounts in all servers irrespective of the fact that they are not admins, this allows
the employees to get hold of data in server and might cause internal risks.
Information system compromises: the organization claims in compromising
various machines previously, the admins are not very confident regarding the fact
5RISK ANALYSIS
that servers had not been compromised (He, Li & Chen, Wang, 2018). This
proves that they do not have any security plan for securing the servers as well as
machines. This might result in numerous hacks in the future as well.
Phishing or any other similar hacks: the organization has no security system
like firewall for securing data. Along with this they have no email protection
system that can cause phishing. The company does not have any recovery system
for any kind of disaster. The lack of any kind of backup system would prevent
them to retrieve their data if lost.
Hacking of accounts due to poor passwords: the organization has no rule for
setting passwords, numerous employees have set their passwords on their names,
date of births and similar data. This sort of data is easy to hack from machines.
The main risk due to this is that other employees might access the data in their
colleges’ machines without their permission (Ferlisi, De Chiara & Cascini, 2016).
This might result in internal as well as external threats; it would be tough for the
organization to know if the data has been hacked by internal or external sources.
Recommendations for the project and their impacts on the organization
Few recommendations that the organization can utilize are mentioned below
A specific effective system for security must be utilized that will have the
capability of organization to secure information.
Encryption of information must be followed by the organization which would
contribute in helping them in securing information, no external hacker or
unauthorized user can access the information.
that servers had not been compromised (He, Li & Chen, Wang, 2018). This
proves that they do not have any security plan for securing the servers as well as
machines. This might result in numerous hacks in the future as well.
Phishing or any other similar hacks: the organization has no security system
like firewall for securing data. Along with this they have no email protection
system that can cause phishing. The company does not have any recovery system
for any kind of disaster. The lack of any kind of backup system would prevent
them to retrieve their data if lost.
Hacking of accounts due to poor passwords: the organization has no rule for
setting passwords, numerous employees have set their passwords on their names,
date of births and similar data. This sort of data is easy to hack from machines.
The main risk due to this is that other employees might access the data in their
colleges’ machines without their permission (Ferlisi, De Chiara & Cascini, 2016).
This might result in internal as well as external threats; it would be tough for the
organization to know if the data has been hacked by internal or external sources.
Recommendations for the project and their impacts on the organization
Few recommendations that the organization can utilize are mentioned below
A specific effective system for security must be utilized that will have the
capability of organization to secure information.
Encryption of information must be followed by the organization which would
contribute in helping them in securing information, no external hacker or
unauthorized user can access the information.
6RISK ANALYSIS
Strong passwords should be set by all the employees (Shapiro, 2017). This would
be helpful for them in securing their individual data along with the data that
belongs to the organization. Strong passwords also help in reducing external along
with internal threats.
Updates in operating system is a vital step that must be followed by the company
because backdated operating system are vulnerable to risks and can be hacked by
unauthorized hackers.
Employees should be provided with proper training about securing their personal
and organizational data; they should not be allowed to get hold of the data that are
secured in machines of various employees.
Qualitative and quantitative approaches and their advantages
In this case the qualitative as well as quantitave risk analysis is done. Qualitative risk
assessment is done for placing various risks based on their priorities, it also helps in ranking
them. This gives the knowledge regarding when risks should be mitigated. This approach helps
the organization to know how dangerous a specific riskis and when it must be mitigated (Caton,
Koop & Fowler, 2018). The probability as well as risks is rated on the basis of the priorities.
Whereas the quantitative risk assessment helps in measuring data. It needs the impact values as
well as probability in the terms of money. This approach helps the organization in predicting the
amount of cost invested for mitigating risks.
Protection mechanisms that can be implemented
Intrusion Detection System (IDS) can be used that can help in monitoring the
traffic in the network in order to avoid suspicious activities and issues in case of
similar activities.
Strong passwords should be set by all the employees (Shapiro, 2017). This would
be helpful for them in securing their individual data along with the data that
belongs to the organization. Strong passwords also help in reducing external along
with internal threats.
Updates in operating system is a vital step that must be followed by the company
because backdated operating system are vulnerable to risks and can be hacked by
unauthorized hackers.
Employees should be provided with proper training about securing their personal
and organizational data; they should not be allowed to get hold of the data that are
secured in machines of various employees.
Qualitative and quantitative approaches and their advantages
In this case the qualitative as well as quantitave risk analysis is done. Qualitative risk
assessment is done for placing various risks based on their priorities, it also helps in ranking
them. This gives the knowledge regarding when risks should be mitigated. This approach helps
the organization to know how dangerous a specific riskis and when it must be mitigated (Caton,
Koop & Fowler, 2018). The probability as well as risks is rated on the basis of the priorities.
Whereas the quantitative risk assessment helps in measuring data. It needs the impact values as
well as probability in the terms of money. This approach helps the organization in predicting the
amount of cost invested for mitigating risks.
Protection mechanisms that can be implemented
Intrusion Detection System (IDS) can be used that can help in monitoring the
traffic in the network in order to avoid suspicious activities and issues in case of
similar activities.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7RISK ANALYSIS
Firewall can be defined as an activity that can be implemented in order to perform
network security (Kokolakis, 2017). It helps in controlling as well as monitoring
incoming and outgoing network traffic which is on the basis of various security
issues which are identified previously. Firewall forms a barrier between the
internal network and external network.
Vulnerability scanners are used for inspecting various potential points where
exploitation might occur and is present in a machine. This particular application
finds out holes in their system. The vulnerability scan classifies as well detects
various weaknesses in computers and networks. It also predicts various
effectiveness’s and the countermeasures.
Transferring of various risks can be carried out by the company, with the use of
this technique; organization would be able to shift numerous risks from a
particular party to another party. The risks could be transferred to a particular
insurance from an organization (Abowd, Alvisi & Dwork, 2017). The
organization would be able to purchase an insurance and the insurer would be
convinces for identifying a particular policy holder to a specific loss in exchange
of their payment.
Gaps that require further analysis
Various gaps which need further analysis in securing the data that belongs to the
organization along with the individual data of the company are mentioned below
Employees should be provided with training about various principles on cyber
security. The training would be helpful for them to know various ways that can be
Firewall can be defined as an activity that can be implemented in order to perform
network security (Kokolakis, 2017). It helps in controlling as well as monitoring
incoming and outgoing network traffic which is on the basis of various security
issues which are identified previously. Firewall forms a barrier between the
internal network and external network.
Vulnerability scanners are used for inspecting various potential points where
exploitation might occur and is present in a machine. This particular application
finds out holes in their system. The vulnerability scan classifies as well detects
various weaknesses in computers and networks. It also predicts various
effectiveness’s and the countermeasures.
Transferring of various risks can be carried out by the company, with the use of
this technique; organization would be able to shift numerous risks from a
particular party to another party. The risks could be transferred to a particular
insurance from an organization (Abowd, Alvisi & Dwork, 2017). The
organization would be able to purchase an insurance and the insurer would be
convinces for identifying a particular policy holder to a specific loss in exchange
of their payment.
Gaps that require further analysis
Various gaps which need further analysis in securing the data that belongs to the
organization along with the individual data of the company are mentioned below
Employees should be provided with training about various principles on cyber
security. The training would be helpful for them to know various ways that can be
8RISK ANALYSIS
used to secure information saved in computers. This should be done for
preventing internal risks.
Installing, using and updating software’s of antivirus must be updated all the
machines. Antiviruses must be installed because they help in securing information
from getting hacked by viruses.
Physical access to all the computers must be controlled by the organization.
Network components should also be secured (Shapiro, 2016). This is very
important because the company has chances to be vulnerable to various internal
risks in case the employees are provided with the access to other computers.
All the employees should have their personal individual account. Thus would help
in preventing any sort of interference in documents that belongs to others’ or
systems.
Passwords should be strong enough and terms like date of births, names, phone
numbers, addresses and similar terms should not be included as passwords. The
employees should be given proper training on various ways by which they can set
strong passwords that would never be hacked by anyone (Busgang, Friedler &
Gilboa, 2018). They should also be suggested that passwords must be changed
and updated regularly. This would help in avoiding any kind of issues related to
security of data that is saved in the machines.
Conclusion
From the above report it can be concluded that various technical risks might take place in
numerous organizations. On the basis of the provided case study, various risks are detected
used to secure information saved in computers. This should be done for
preventing internal risks.
Installing, using and updating software’s of antivirus must be updated all the
machines. Antiviruses must be installed because they help in securing information
from getting hacked by viruses.
Physical access to all the computers must be controlled by the organization.
Network components should also be secured (Shapiro, 2016). This is very
important because the company has chances to be vulnerable to various internal
risks in case the employees are provided with the access to other computers.
All the employees should have their personal individual account. Thus would help
in preventing any sort of interference in documents that belongs to others’ or
systems.
Passwords should be strong enough and terms like date of births, names, phone
numbers, addresses and similar terms should not be included as passwords. The
employees should be given proper training on various ways by which they can set
strong passwords that would never be hacked by anyone (Busgang, Friedler &
Gilboa, 2018). They should also be suggested that passwords must be changed
and updated regularly. This would help in avoiding any kind of issues related to
security of data that is saved in the machines.
Conclusion
From the above report it can be concluded that various technical risks might take place in
numerous organizations. On the basis of the provided case study, various risks are detected
9RISK ANALYSIS
which can be faced by company. This report discusses regarding these threats and vulnerabilities
in details. This report further discusses regarding the recommendations that can be utilized by the
organization in order to prevent these threats and vulnerabilities. Various protection mechanisms
have also been discussed in details that would help the organization in preventing these threats in
future. At last various gaps are identifies that require attention as well. Technical analysis has
been done in the report as well.
which can be faced by company. This report discusses regarding these threats and vulnerabilities
in details. This report further discusses regarding the recommendations that can be utilized by the
organization in order to prevent these threats and vulnerabilities. Various protection mechanisms
have also been discussed in details that would help the organization in preventing these threats in
future. At last various gaps are identifies that require attention as well. Technical analysis has
been done in the report as well.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10RISK ANALYSIS
References
Abowd, J., Alvisi, L., Dwork,C., Kannan, S., Machanavajjhala, A., & Reiter, J. (2017). Privacy-
preserving data analysis for the federal statistical agencies. arXiv preprint
arXiv:1701.00752.
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
Busgang, A., Friedler, E., Gilboa, Y., & Gross, A. (2018). Quantitative Microbial Risk Analysis
for Various Bacterial Exposure Scenarios Involving Greywater Reuse for
Irrigation. Water, 10(4), 413.
Caton, B. P., Koop, A. L., Fowler, L., Newton, L., & Kohl, L. (2018). Quantitative Uncertainty
Analysis for a Weed Risk Assessment System. Risk Analysis.
Cheng, Y. D., He, J. D., & Hu, F. G. (2017). Quantitative risk analysis method of information
security-Combining fuzzy comprehensive analysis with information
entropy. Journal of Discrete Mathematical Sciences and Cryptography, 20(1),
149-165.
De, S. J., & Métayer, D. L. (2016). Privacy risk analysis. Synthesis Lectures on Information
Security, Privacy, & Trust, 8(3), 1-133.
Ferlisi,S., De Chiara, G., & Cascini, L. (2016). Quantitative risk analysis for hyperconcentrated
flows in Nocera Inferiore (southern Italy). Natural Hazards, 81(1), 89-115.
References
Abowd, J., Alvisi, L., Dwork,C., Kannan, S., Machanavajjhala, A., & Reiter, J. (2017). Privacy-
preserving data analysis for the federal statistical agencies. arXiv preprint
arXiv:1701.00752.
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
Busgang, A., Friedler, E., Gilboa, Y., & Gross, A. (2018). Quantitative Microbial Risk Analysis
for Various Bacterial Exposure Scenarios Involving Greywater Reuse for
Irrigation. Water, 10(4), 413.
Caton, B. P., Koop, A. L., Fowler, L., Newton, L., & Kohl, L. (2018). Quantitative Uncertainty
Analysis for a Weed Risk Assessment System. Risk Analysis.
Cheng, Y. D., He, J. D., & Hu, F. G. (2017). Quantitative risk analysis method of information
security-Combining fuzzy comprehensive analysis with information
entropy. Journal of Discrete Mathematical Sciences and Cryptography, 20(1),
149-165.
De, S. J., & Métayer, D. L. (2016). Privacy risk analysis. Synthesis Lectures on Information
Security, Privacy, & Trust, 8(3), 1-133.
Ferlisi,S., De Chiara, G., & Cascini, L. (2016). Quantitative risk analysis for hyperconcentrated
flows in Nocera Inferiore (southern Italy). Natural Hazards, 81(1), 89-115.
11RISK ANALYSIS
He, R., Li, X., Chen, G., Wang, Y., Jiang, S., & Zhi, C. (2018). A quantitative risk analysis
model considering uncertain information. Process Safety and Environmental
Protection, 118, 361-370.
Jacobsson, A., Boldt, M., & Carlsson, B. (2016). A risk analysis of a smart home automation
system. Future Generation Computer Systems, 56, 719-733.
Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on
the privacy paradox phenomenon. Computers & security, 64, 122-134.
Shapiro, S. S. (2016, May). Privacy risk analysis based on system control structures: Adapting
system-theoretic process analysis for privacy engineering. In Security and Privacy
Workshops (SPW), 2016 IEEE (pp. 17-24). IEEE.
Shapiro, S. S. (2017). Addressing Early Life Cycle Privacy Risk. In 2017 International
Workshop on Privacy Engineering-IWPE (Vol. 17).
He, R., Li, X., Chen, G., Wang, Y., Jiang, S., & Zhi, C. (2018). A quantitative risk analysis
model considering uncertain information. Process Safety and Environmental
Protection, 118, 361-370.
Jacobsson, A., Boldt, M., & Carlsson, B. (2016). A risk analysis of a smart home automation
system. Future Generation Computer Systems, 56, 719-733.
Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on
the privacy paradox phenomenon. Computers & security, 64, 122-134.
Shapiro, S. S. (2016, May). Privacy risk analysis based on system control structures: Adapting
system-theoretic process analysis for privacy engineering. In Security and Privacy
Workshops (SPW), 2016 IEEE (pp. 17-24). IEEE.
Shapiro, S. S. (2017). Addressing Early Life Cycle Privacy Risk. In 2017 International
Workshop on Privacy Engineering-IWPE (Vol. 17).
1 out of 12
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.