Risk Assessment for CONVXYZ Organization
Added on 2023-01-23
12 Pages2947 Words68 Views
Running head: RISK ASSESMENT
RISK ASSESSMENT
Name of the Student
Name of the University
Author Note:
Table of Contents
RISK ASSESSMENT
Name of the Student
Name of the University
Author Note:
Table of Contents
1
Risk Assessment
Introduction:..........................................................................................................................1
Risk Assessment –...............................................................................................................1
Organizational Assets:...................................................................................................1
Threat Identification –........................................................................................................1
Identification of threats from primary assets:......................................................1
Router-.............................................................................................................................1
Authentication Server-...............................................................................................2
Switch-.............................................................................................................................2
Mail Server-....................................................................................................................2
Web Server-...................................................................................................................2
PCs-...................................................................................................................................2
Identification of threats from secondary assets:.................................................3
Operating System (Windows)-................................................................................3
Website-..........................................................................................................................3
Database-.......................................................................................................................3
Firewall-...........................................................................................................................3
Vulnerability of the Assets:..............................................................................................3
Risk Register:........................................................................................................................5
Risk Matrix:............................................................................................................................6
Conclusion:.............................................................................................................................6
Risk Assessment
Introduction:..........................................................................................................................1
Risk Assessment –...............................................................................................................1
Organizational Assets:...................................................................................................1
Threat Identification –........................................................................................................1
Identification of threats from primary assets:......................................................1
Router-.............................................................................................................................1
Authentication Server-...............................................................................................2
Switch-.............................................................................................................................2
Mail Server-....................................................................................................................2
Web Server-...................................................................................................................2
PCs-...................................................................................................................................2
Identification of threats from secondary assets:.................................................3
Operating System (Windows)-................................................................................3
Website-..........................................................................................................................3
Database-.......................................................................................................................3
Firewall-...........................................................................................................................3
Vulnerability of the Assets:..............................................................................................3
Risk Register:........................................................................................................................5
Risk Matrix:............................................................................................................................6
Conclusion:.............................................................................................................................6
2
Risk Assessment
Introduction:
The fundamental objective of this report is to elaborate the risk
assessment of the organization CONVXYZ. In order to identify the hazards and
threats of the mentioned organization this paper has utilized the what-if
technique for risk assessment. The purpose to utilize the what-if technique for
the assessment process in order to improve the decision making approach as it
has better scope to analyse the requirements as well as the business operation it
provides effective decision making results. Followed by this report it has also
covered a detail specification of primary and secondary assets, owner
specification along with that is has also included the identification of the
vulnerability and threats for each assets, computation level of likelihood. Apart
from the above aspects it has also covered the impact of the likelihood
computation on the risk assessment as well as it a detail elaboration of the risk
identification by utilizing the features of risk matrix which is also present in the
report. Finally, this paper will conclude with an appropriate conclusion by which it
will effectively mention its findings and it will also consist a recommendation for
the board of director which will help to reduce the business risks.
Risk Assessment –
Organizational Assets:
After successfully analysing the organizational aspects as well as followed
by several studies based on the organizational assets, it has classified the
organizational assets into two parts which includes the Primary Assets and
Secondary Assets. A primary asset of any organizations stands to represent any
important information or any services of the organization. Along with that a
secondary assets stands to represent the services of information which supports
the primary assets in between the organization. After investigating the
organizational assets it has been noticed that the organization CONVXYZ has the
primary assets which includes the Router, Authentication server, Switch, Mail
server, Web server and PCs. Followed by these primary assets the secondary
assets of this organization includes the operating systems (Windows), employ,
website, customer’s as well as database of asset, firewall to protect the server,
VPN, IP address and the organizational information. While discussing about the
primary and secondary assets of the organization, studies has revealed that the
primary assets are one of the most essential property or features of any
organization which invokes to import the other assets like secondary elements or
other elements into the business structure. The purpose behind the selection of
the above primary assets is the features of those hardware and servers which
will surely help the organization to incorporate several beneficial features into
the services of the organization. Apart from that the incorporation of secondary
assets has the purpose to support the features of the primary assets in order to
enhance their services. In order to support the above statement the selection of
the assets in this organization needs to be focused as it shows that the primary
asset PC will not work without the support of the secondary asset windows
operating system. Similarly the web servers are useless without the application
of website. Thus, from the above discussion it can be state that in between the
Risk Assessment
Introduction:
The fundamental objective of this report is to elaborate the risk
assessment of the organization CONVXYZ. In order to identify the hazards and
threats of the mentioned organization this paper has utilized the what-if
technique for risk assessment. The purpose to utilize the what-if technique for
the assessment process in order to improve the decision making approach as it
has better scope to analyse the requirements as well as the business operation it
provides effective decision making results. Followed by this report it has also
covered a detail specification of primary and secondary assets, owner
specification along with that is has also included the identification of the
vulnerability and threats for each assets, computation level of likelihood. Apart
from the above aspects it has also covered the impact of the likelihood
computation on the risk assessment as well as it a detail elaboration of the risk
identification by utilizing the features of risk matrix which is also present in the
report. Finally, this paper will conclude with an appropriate conclusion by which it
will effectively mention its findings and it will also consist a recommendation for
the board of director which will help to reduce the business risks.
Risk Assessment –
Organizational Assets:
After successfully analysing the organizational aspects as well as followed
by several studies based on the organizational assets, it has classified the
organizational assets into two parts which includes the Primary Assets and
Secondary Assets. A primary asset of any organizations stands to represent any
important information or any services of the organization. Along with that a
secondary assets stands to represent the services of information which supports
the primary assets in between the organization. After investigating the
organizational assets it has been noticed that the organization CONVXYZ has the
primary assets which includes the Router, Authentication server, Switch, Mail
server, Web server and PCs. Followed by these primary assets the secondary
assets of this organization includes the operating systems (Windows), employ,
website, customer’s as well as database of asset, firewall to protect the server,
VPN, IP address and the organizational information. While discussing about the
primary and secondary assets of the organization, studies has revealed that the
primary assets are one of the most essential property or features of any
organization which invokes to import the other assets like secondary elements or
other elements into the business structure. The purpose behind the selection of
the above primary assets is the features of those hardware and servers which
will surely help the organization to incorporate several beneficial features into
the services of the organization. Apart from that the incorporation of secondary
assets has the purpose to support the features of the primary assets in order to
enhance their services. In order to support the above statement the selection of
the assets in this organization needs to be focused as it shows that the primary
asset PC will not work without the support of the secondary asset windows
operating system. Similarly the web servers are useless without the application
of website. Thus, from the above discussion it can be state that in between the
3
Risk Assessment
organization CONVXYZ, all of the primary and secondary assets has a significant
purpose to enhance the business effectiveness by improving their services (Chen
et al., 2013).
Threat Identification –
Identification of threats from primary assets:
Router-
Threats present in the operations of router includes the aspects of
unauthorised access, password hacking, session hijacking, masquerading as well
as the threat of death attack. Along with these attacks the possibility to get the
threat from the router protocol attack and replay attack cannot be ignored. Due
to the above mentioned attacks the operations and working of the router can be
hampered for significant time or it might destroyed forever (Salas et al., 2014).
Authentication Server-
Threat present in the applications of the Authentication servers refers to
such types of attacks by which it can get access of the organizational activities
from an unauthorised user. From the analysis of the previous records it has been
noticed that the hackers initiated this attack by the phishing technique as well as
it opt to inject malicious programs in order to get the access. As the
authentication server opt to provide access to only the authorised server the
above mentioned threat has been introduced to penetrate the service of
Authentication server (Kiravuo et al., 2013).
Switch-
The main purpose of switch is to connect two or more network devices. In
other words switch is a bridge by which network devices are interconnected.
However, there are several advantage of switch there still some threats present
in the application of switch which includes the attacks of CDP manipulation which
enables the user to analyse the information of the organization in order to
perform illegal operations by the help of those information (Fonseca et al., 2014).
Mail Server-
Fundamental objective of the utilization of mail server is to provide
effective communication process to the organization by which the organization
can send or receive information from the stakeholders vie network. Thus, in
order to get access of the organizational information hackers are opt to hack the
mail server by utilizing the phishing virus which can the unauthorised access of
the organizational data. As weak authentication server can cause a damage in
the organizational security. Along with the attack of phishing the possibility of
getting hacked by the utilization of DoS attack, data leakage also cannot be
ignored (Nostro et al., 2014).
Web Server-
Apart from the above threats of the assets one of the most significant
threat present in the services of web server in the organizational field as in the
features of web server it has incorporated the organizational database,
Risk Assessment
organization CONVXYZ, all of the primary and secondary assets has a significant
purpose to enhance the business effectiveness by improving their services (Chen
et al., 2013).
Threat Identification –
Identification of threats from primary assets:
Router-
Threats present in the operations of router includes the aspects of
unauthorised access, password hacking, session hijacking, masquerading as well
as the threat of death attack. Along with these attacks the possibility to get the
threat from the router protocol attack and replay attack cannot be ignored. Due
to the above mentioned attacks the operations and working of the router can be
hampered for significant time or it might destroyed forever (Salas et al., 2014).
Authentication Server-
Threat present in the applications of the Authentication servers refers to
such types of attacks by which it can get access of the organizational activities
from an unauthorised user. From the analysis of the previous records it has been
noticed that the hackers initiated this attack by the phishing technique as well as
it opt to inject malicious programs in order to get the access. As the
authentication server opt to provide access to only the authorised server the
above mentioned threat has been introduced to penetrate the service of
Authentication server (Kiravuo et al., 2013).
Switch-
The main purpose of switch is to connect two or more network devices. In
other words switch is a bridge by which network devices are interconnected.
However, there are several advantage of switch there still some threats present
in the application of switch which includes the attacks of CDP manipulation which
enables the user to analyse the information of the organization in order to
perform illegal operations by the help of those information (Fonseca et al., 2014).
Mail Server-
Fundamental objective of the utilization of mail server is to provide
effective communication process to the organization by which the organization
can send or receive information from the stakeholders vie network. Thus, in
order to get access of the organizational information hackers are opt to hack the
mail server by utilizing the phishing virus which can the unauthorised access of
the organizational data. As weak authentication server can cause a damage in
the organizational security. Along with the attack of phishing the possibility of
getting hacked by the utilization of DoS attack, data leakage also cannot be
ignored (Nostro et al., 2014).
Web Server-
Apart from the above threats of the assets one of the most significant
threat present in the services of web server in the organizational field as in the
features of web server it has incorporated the organizational database,
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment for CONVXYZlg...
|12
|3189
|82
Information Security Management: Risk Assessment and Recommendationslg...
|11
|2902
|54
CONVXYZ Risk Assessmentlg...
|19
|3223
|38
Risk Assessment on Network of CONVXYZlg...
|16
|3227
|104
Risk Assessment on Network Infrastructure of CONVXYZlg...
|27
|3351
|91
Risk Assessment Report- Docslg...
|11
|1091
|30