Risk Assessment for CONVXYZ
VerifiedAdded on 2023/01/19
|12
|3189
|82
AI Summary
This report aims to discuss the risk assessment of the conveyancing and estate service, CONVXYZ. The report includes the identification of assets, threats to the assets, vulnerabilities, risk register, and risk matrix.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: RISK ASSESSMENT
RISK ASSESSMENT
Name of student
Name of university
Author’s note:
RISK ASSESSMENT
Name of student
Name of university
Author’s note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
RISK ASSESSMENT
Table of Contents
Introduction..............................................................................................................................2
Risk assessment........................................................................................................................2
Assets of the organisation....................................................................................................2
Threat of the assets..............................................................................................................3
Threats to the primary assets...........................................................................................3
Threats to the secondary assets.......................................................................................4
Vulnerability of each asset....................................................................................................4
Risk register..........................................................................................................................7
Risk matrix............................................................................................................................8
Conclusion................................................................................................................................9
References..............................................................................................................................10
RISK ASSESSMENT
Table of Contents
Introduction..............................................................................................................................2
Risk assessment........................................................................................................................2
Assets of the organisation....................................................................................................2
Threat of the assets..............................................................................................................3
Threats to the primary assets...........................................................................................3
Threats to the secondary assets.......................................................................................4
Vulnerability of each asset....................................................................................................4
Risk register..........................................................................................................................7
Risk matrix............................................................................................................................8
Conclusion................................................................................................................................9
References..............................................................................................................................10
2
RISK ASSESSMENT
Introduction
This report aims to discuss the risk assessment of the conveyancing and estate service,
CONVXYZ. The risk assessment technique that has been utilised is the what-if analysis that is utilised
for identifying the hazards and the threats. There are several advantages of the What-if analysis such
as the better and informed decision making with the changing assumptions as well as the observing
and then estimating the results which would help in determining the outcome of the decisions. The
detailed risk assessment is provided in this report along with the owner specifications, identification
of the assets, one threat and one vulnerability of each of the asset, the likelihood level computation
is provided along with the impact table specification and the risk identification using the risk matrix
is offered in this report. Lastly, this report concludes with the appropriate conclusion for the report.
Risk assessment
Assets of the organisation
The assets of the organisation could be classified as the primary assets and the secondary
assets. The primary assets of the organisation could be the service or any information and the
secondary asset is the supporting element of the primary asset. The primary assets of the
organisation are the PCs, Switch, Web server, mail server, Router, and the Authentication server as
well as the human resources. The secondary assets are the Windows operating system, Website,
firewall, Staff database, Customer and property database, IP address and the VPN tunnel and the
information of the organisation. The primary assets could be classified as the assets which must be
imported initially for importing the other types of assets. The primary assets acts as default scope for
importing the other kinds of assets. The servers and the other hardware have been selected as the
primary assets because using these servers the various configuring could be done for enabling any
server to act as the base of the information. The secondary assets have been classified because
these assets of the organisation depends on the primary assets for functioning properly and
efficiently. For example, without the availability of the primary asset PC, the secondary assets
Windows operating system could not work. Hence, the PCs have been selected as the primary assets
and the operating system has been chosen as the secondary asset (Friedberg et al. 2015). The assets
that have been imported afterwards the primary assets are the secondary assets. The assets of the
organisation are the major drivers of the business and it helps in executing the business effectively.
RISK ASSESSMENT
Introduction
This report aims to discuss the risk assessment of the conveyancing and estate service,
CONVXYZ. The risk assessment technique that has been utilised is the what-if analysis that is utilised
for identifying the hazards and the threats. There are several advantages of the What-if analysis such
as the better and informed decision making with the changing assumptions as well as the observing
and then estimating the results which would help in determining the outcome of the decisions. The
detailed risk assessment is provided in this report along with the owner specifications, identification
of the assets, one threat and one vulnerability of each of the asset, the likelihood level computation
is provided along with the impact table specification and the risk identification using the risk matrix
is offered in this report. Lastly, this report concludes with the appropriate conclusion for the report.
Risk assessment
Assets of the organisation
The assets of the organisation could be classified as the primary assets and the secondary
assets. The primary assets of the organisation could be the service or any information and the
secondary asset is the supporting element of the primary asset. The primary assets of the
organisation are the PCs, Switch, Web server, mail server, Router, and the Authentication server as
well as the human resources. The secondary assets are the Windows operating system, Website,
firewall, Staff database, Customer and property database, IP address and the VPN tunnel and the
information of the organisation. The primary assets could be classified as the assets which must be
imported initially for importing the other types of assets. The primary assets acts as default scope for
importing the other kinds of assets. The servers and the other hardware have been selected as the
primary assets because using these servers the various configuring could be done for enabling any
server to act as the base of the information. The secondary assets have been classified because
these assets of the organisation depends on the primary assets for functioning properly and
efficiently. For example, without the availability of the primary asset PC, the secondary assets
Windows operating system could not work. Hence, the PCs have been selected as the primary assets
and the operating system has been chosen as the secondary asset (Friedberg et al. 2015). The assets
that have been imported afterwards the primary assets are the secondary assets. The assets of the
organisation are the major drivers of the business and it helps in executing the business effectively.
3
RISK ASSESSMENT
Threat of the assets
Threats to the primary assets
PCs: There are several threats that faced by the PCs of the organisation. The major threats
are the damage to the PC due to fire, internet worms, rootkit, browser hijacker, email virus, misuse
of the PC by the employees of the organisation (Kazim and Zhu 2015). These threats would affect the
PCs of the organisation directly that could lead to the permanent damage of the PC, which would
affect the organisation significantly (Fire, Goldschmidt and Elovici 2014).
Switch: Some of the threats that are faced by switch are the CDP manipulation. The CDP
packets have been enabled on all the interfaces default and these switches that allows the attacker
to perform an analysis of the packers and then gain the significant information regarding the
network device and then this information could be utilised by the attacker for executing the
vulnerability against this device platform (Rathore et al. 2017).
Web server: Any threat to the applications, operating system and the database or the
network would lead to the serious damage of the web servers (Bays et al .2015). The threat that are
faced by the web servers are the DOS attacks, website defacement, misconfiguration attacks,
directory traversal, and the phishing attack. Any attackers could cause the DOS attacks by
transmitting numerous packets of the service requests overwhelming the capability of the servicing
of the web server (Cobelo-García et al. 2015).
Mail server: Some of the threats faced by the email servers are the weak authentication
procedures, data leakage, DoS attacks, and the outdated installations (Taylor, Fritsch and Liederbach
2014). The weak authentication procedures could lead to the entry of any unauthorised used in the
network of the organisation and then cause any damage to the network of the organisation. The
major threat of the mail servers is the issue of the data leakage that could be caused by the
malicious users using the viruses or phishing (Jouini, Rabai and Aissa 2014).
Router: Some of the threats to the routers includes the password guessing, unauthorised
access, masquerading, session hijacking, ping of death attacks, session replay attacks, and the router
protocol attacks (Brewer 2014). These kinds of attacks could lead to the damage of the router and
make the network of the organisation damage for the significant time (Chen, Desmet and Huygens
2014).
Authentication server: With the proper credentials, the authorised users would be given
access in the network by the authentication servers and the unauthorised users would be blocked
from the network of the organisation (Puthal et al. 2017). Some of the threats to the authentication
RISK ASSESSMENT
Threat of the assets
Threats to the primary assets
PCs: There are several threats that faced by the PCs of the organisation. The major threats
are the damage to the PC due to fire, internet worms, rootkit, browser hijacker, email virus, misuse
of the PC by the employees of the organisation (Kazim and Zhu 2015). These threats would affect the
PCs of the organisation directly that could lead to the permanent damage of the PC, which would
affect the organisation significantly (Fire, Goldschmidt and Elovici 2014).
Switch: Some of the threats that are faced by switch are the CDP manipulation. The CDP
packets have been enabled on all the interfaces default and these switches that allows the attacker
to perform an analysis of the packers and then gain the significant information regarding the
network device and then this information could be utilised by the attacker for executing the
vulnerability against this device platform (Rathore et al. 2017).
Web server: Any threat to the applications, operating system and the database or the
network would lead to the serious damage of the web servers (Bays et al .2015). The threat that are
faced by the web servers are the DOS attacks, website defacement, misconfiguration attacks,
directory traversal, and the phishing attack. Any attackers could cause the DOS attacks by
transmitting numerous packets of the service requests overwhelming the capability of the servicing
of the web server (Cobelo-García et al. 2015).
Mail server: Some of the threats faced by the email servers are the weak authentication
procedures, data leakage, DoS attacks, and the outdated installations (Taylor, Fritsch and Liederbach
2014). The weak authentication procedures could lead to the entry of any unauthorised used in the
network of the organisation and then cause any damage to the network of the organisation. The
major threat of the mail servers is the issue of the data leakage that could be caused by the
malicious users using the viruses or phishing (Jouini, Rabai and Aissa 2014).
Router: Some of the threats to the routers includes the password guessing, unauthorised
access, masquerading, session hijacking, ping of death attacks, session replay attacks, and the router
protocol attacks (Brewer 2014). These kinds of attacks could lead to the damage of the router and
make the network of the organisation damage for the significant time (Chen, Desmet and Huygens
2014).
Authentication server: With the proper credentials, the authorised users would be given
access in the network by the authentication servers and the unauthorised users would be blocked
from the network of the organisation (Puthal et al. 2017). Some of the threats to the authentication
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
RISK ASSESSMENT
servers are the phishing emails, inject malicious code and the attack on the servers (Kuusijärvi et al.
2016)
Threats to the secondary assets
Windows operating system: Some of the threats to the windows operating system are the
phishing attacks, virus threats and the bugs in the operating system. These threats could be
significant for the business as it would damage all the workstations of the organisation and it would
cause the reduction in the productivity of the organisation (Hodo et al. 2016).
Website: Some of the threats could be the malware, ransomware threats, accidental file
deletion, phishing, employee sabotage, data breaches, and the DDoS attacks. These threats impact
significantly on the website and it could lead to the investment of the significant amount of capital
for restoring to the normal working conditions (Skrzewski 2014).
Firewall: There are several threats faced by the firewall of the organisation. Some of the
missed security patches, configuration mistakes, and threats are insider attacks, lack of deep packet
inspection, and the DDoS attacks. The firewall of the organisation helps in preventing the entry of
any unauthorised users in the network of the organisation.
Staff database: The staff database of the organisation maintains the details of the employees
of the organisation and this database is hosted on the servers of the organisation. Some of the
threats to the database of the organisation are the Malware, database injection attacks, storage
media exposure, manipulation of the vulnerable databases (Go and Lee 2014).
Customer and property database: Some of the databases of the organisation face the
serious threat of breaches and attacks that could make the organisation hamper.
IP address: The company owns the IP addresses for gaining the internet in the organisation.
Some of the threats to the IP address could be utilised by the malicious users for downloading the
illegal content using the identity of the organisation, track the location of the devices for executing
the large scale attacks, and then directly attack the network of the organisation. The malicious users
could gain the access to the network of the organisation using the IP address and then download the
illegal materials using the IP address (Puthal et al. 2016).
Vulnerability of each asset
Asset Manufacturer CVE
number
Vulnerability
PC Dell CVE-2009- The absolute computrace agent, as the distributed
RISK ASSESSMENT
servers are the phishing emails, inject malicious code and the attack on the servers (Kuusijärvi et al.
2016)
Threats to the secondary assets
Windows operating system: Some of the threats to the windows operating system are the
phishing attacks, virus threats and the bugs in the operating system. These threats could be
significant for the business as it would damage all the workstations of the organisation and it would
cause the reduction in the productivity of the organisation (Hodo et al. 2016).
Website: Some of the threats could be the malware, ransomware threats, accidental file
deletion, phishing, employee sabotage, data breaches, and the DDoS attacks. These threats impact
significantly on the website and it could lead to the investment of the significant amount of capital
for restoring to the normal working conditions (Skrzewski 2014).
Firewall: There are several threats faced by the firewall of the organisation. Some of the
missed security patches, configuration mistakes, and threats are insider attacks, lack of deep packet
inspection, and the DDoS attacks. The firewall of the organisation helps in preventing the entry of
any unauthorised users in the network of the organisation.
Staff database: The staff database of the organisation maintains the details of the employees
of the organisation and this database is hosted on the servers of the organisation. Some of the
threats to the database of the organisation are the Malware, database injection attacks, storage
media exposure, manipulation of the vulnerable databases (Go and Lee 2014).
Customer and property database: Some of the databases of the organisation face the
serious threat of breaches and attacks that could make the organisation hamper.
IP address: The company owns the IP addresses for gaining the internet in the organisation.
Some of the threats to the IP address could be utilised by the malicious users for downloading the
illegal content using the identity of the organisation, track the location of the devices for executing
the large scale attacks, and then directly attack the network of the organisation. The malicious users
could gain the access to the network of the organisation using the IP address and then download the
illegal materials using the IP address (Puthal et al. 2016).
Vulnerability of each asset
Asset Manufacturer CVE
number
Vulnerability
PC Dell CVE-2009- The absolute computrace agent, as the distributed
5
RISK ASSESSMENT
5152 on the specific Dell Inspiron system through 2009,
comprises the case disorder with the DCCU or the
Dell Client Configuration Utility that permits the
altering of the restricted local users regarding the
status of activation and deactivation of the
Computrace Agent to factory default using the file
crafted TaskResult.xml.
Switch cisco systems CVE-2019-
1750
The vulnerability associated with Easy Virtual
Switching System or the VSS of the Cisco IOS XE
software on the Catalyst 4500 series switches can
permit the adjacent, unauthenticated attacker in
causing the reloading of the switches. This
vulnerability is caused because of the imperfect
error handling while processing the packets of the
Cisco Discovery Protocol utilised with the Easy
VSS.
Router Cisco systems CVE-2019-
1710
The vulnerability associated with the sysadmin
virtual machine on the Cisco ASR 9000 Series
Aggregation Services Routers executing the IOS XR
64-bit software on Cisco might permit the
unauthorised remote attacker in accessing the
internal application that are executing on the
sysadmin VM.
Mail server kofax CVE-2018-
17288
The kofax Front Office Server version
4.1.1.11.0.5212 grieves from the vulnerabilities
that are the multiple authenticated stored XSS
through the (1) "Filename" field in
/Kofax/KFS/ThinClient/document/upload/ - (Thin
Client) or (2) "DeviceName" field in
/Kofax/KFS/Admin/DeviceService/device/ -
(Administration Console).
Web server Kofax CVE-2018-
17289
The XML external entity XXE vulnerability
associated with the Kofax Front Office Server
Administration Console of version 4.1.1.11.0.5212
RISK ASSESSMENT
5152 on the specific Dell Inspiron system through 2009,
comprises the case disorder with the DCCU or the
Dell Client Configuration Utility that permits the
altering of the restricted local users regarding the
status of activation and deactivation of the
Computrace Agent to factory default using the file
crafted TaskResult.xml.
Switch cisco systems CVE-2019-
1750
The vulnerability associated with Easy Virtual
Switching System or the VSS of the Cisco IOS XE
software on the Catalyst 4500 series switches can
permit the adjacent, unauthenticated attacker in
causing the reloading of the switches. This
vulnerability is caused because of the imperfect
error handling while processing the packets of the
Cisco Discovery Protocol utilised with the Easy
VSS.
Router Cisco systems CVE-2019-
1710
The vulnerability associated with the sysadmin
virtual machine on the Cisco ASR 9000 Series
Aggregation Services Routers executing the IOS XR
64-bit software on Cisco might permit the
unauthorised remote attacker in accessing the
internal application that are executing on the
sysadmin VM.
Mail server kofax CVE-2018-
17288
The kofax Front Office Server version
4.1.1.11.0.5212 grieves from the vulnerabilities
that are the multiple authenticated stored XSS
through the (1) "Filename" field in
/Kofax/KFS/ThinClient/document/upload/ - (Thin
Client) or (2) "DeviceName" field in
/Kofax/KFS/Admin/DeviceService/device/ -
(Administration Console).
Web server Kofax CVE-2018-
17289
The XML external entity XXE vulnerability
associated with the Kofax Front Office Server
Administration Console of version 4.1.1.11.0.5212
6
RISK ASSESSMENT
permits the remote authenticated users in reading
the arbitrary file through the crafted XML inside
the imported package configuration in the
Kofax/KFS/Admin/PackageService/package/upload
file parameter.
Authentication
server
Cisco CVE-2018-
17287
In the Kofax front Office Server Administration
console 4.1.1.11.0.5212, several fields like the
fields such as the passwords are obfuscated in
front end but cleartext value could be exfilterated
by the utilisation of the back-end feature of
download as it is demonstrated by the
mfp.password operation of downloadsettingvalue.
Operating
system
Microsoft CVE-2019-
0232
When executing on the Windows with the
enableCmdLineArguments enabled, CGI Servlet in
Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39
and 7.0.0 to 7.0.93 is majorly vulnerable to the
Remote Code Execution due to some bug in
manner the JRE passes commands the line
arguments to the Windows.
Firewall Cisco Asa
firepower
CVE-2018-
0240
Numerous vulnerabilities in Application Layer
Protocol Inspection feature of the Cisco Firepower
Threat Defense (FTD) Software and Cisco Adaptive
Security Appliance (ASA) Software could permit a
remote, unauthenticated attacker to activate the
reload of an pretentious device, leading in the
condition of the denial of service (DoS).
Website CVE-2019-
0678
An advancement of the privilege vulnerability
happens when the Microsoft Edge does not
efficiently enforces the cross-domain policies, that
can permit any attacker to contact the information
from any one domain and then inject it into any
other domain.
Staff database CVE-2019-
2547
Vulnerability in Java VM component of the Oracle
Database Server. The maintained versions that are
RISK ASSESSMENT
permits the remote authenticated users in reading
the arbitrary file through the crafted XML inside
the imported package configuration in the
Kofax/KFS/Admin/PackageService/package/upload
file parameter.
Authentication
server
Cisco CVE-2018-
17287
In the Kofax front Office Server Administration
console 4.1.1.11.0.5212, several fields like the
fields such as the passwords are obfuscated in
front end but cleartext value could be exfilterated
by the utilisation of the back-end feature of
download as it is demonstrated by the
mfp.password operation of downloadsettingvalue.
Operating
system
Microsoft CVE-2019-
0232
When executing on the Windows with the
enableCmdLineArguments enabled, CGI Servlet in
Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39
and 7.0.0 to 7.0.93 is majorly vulnerable to the
Remote Code Execution due to some bug in
manner the JRE passes commands the line
arguments to the Windows.
Firewall Cisco Asa
firepower
CVE-2018-
0240
Numerous vulnerabilities in Application Layer
Protocol Inspection feature of the Cisco Firepower
Threat Defense (FTD) Software and Cisco Adaptive
Security Appliance (ASA) Software could permit a
remote, unauthenticated attacker to activate the
reload of an pretentious device, leading in the
condition of the denial of service (DoS).
Website CVE-2019-
0678
An advancement of the privilege vulnerability
happens when the Microsoft Edge does not
efficiently enforces the cross-domain policies, that
can permit any attacker to contact the information
from any one domain and then inject it into any
other domain.
Staff database CVE-2019-
2547
Vulnerability in Java VM component of the Oracle
Database Server. The maintained versions that are
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
RISK ASSESSMENT
affected are 12.1.0.2, 12.2.0.1, 11.2.0.4, and the
18c. Effortlessly consumable vulnerability permits
the short privileged attacker having the privilege
of the Create Session, Create Procedure with the
network access through the several protocols for
compromising the Java VM.
Customer
database
CVE-2019-
2444
Vulnerability in Core RDBMS module of the Oracle
Database Server. Supported versions that are
affected are 18c and 12.2.0.1. The easily
exploitable vulnerability permits the short
privileged attacker having the privilege of the
Local Logon with logon to infrastructure where the
Core RDBMS executes for compromising the Core
RDBMS.
IP address CVE-2019-
0031
Particular DHCP packets of the IPv6 that are
expected by jdhcpd daemon would cause the issue
of the consumption of the memory resource in
occurring on the Junos OS device utilising the
jdhcpd daemon configured for responding to the
IPv6 requests.
Risk register
Sl. No. Risks Risk description Impact Probability Risk Owner
1 Expectations and
needs of the
workers
Synchronization
with the conditions
of the organization
and the demands
V H H HR and VP
2 Improper
positioning of the
workers
Job tasks for every
post
V H M VP’s
3 Work environment Facilities that
comprises of the
work
H H Facilities
management
4 Culture and customs Methods by which V H V L VP’s and
RISK ASSESSMENT
affected are 12.1.0.2, 12.2.0.1, 11.2.0.4, and the
18c. Effortlessly consumable vulnerability permits
the short privileged attacker having the privilege
of the Create Session, Create Procedure with the
network access through the several protocols for
compromising the Java VM.
Customer
database
CVE-2019-
2444
Vulnerability in Core RDBMS module of the Oracle
Database Server. Supported versions that are
affected are 18c and 12.2.0.1. The easily
exploitable vulnerability permits the short
privileged attacker having the privilege of the
Local Logon with logon to infrastructure where the
Core RDBMS executes for compromising the Core
RDBMS.
IP address CVE-2019-
0031
Particular DHCP packets of the IPv6 that are
expected by jdhcpd daemon would cause the issue
of the consumption of the memory resource in
occurring on the Junos OS device utilising the
jdhcpd daemon configured for responding to the
IPv6 requests.
Risk register
Sl. No. Risks Risk description Impact Probability Risk Owner
1 Expectations and
needs of the
workers
Synchronization
with the conditions
of the organization
and the demands
V H H HR and VP
2 Improper
positioning of the
workers
Job tasks for every
post
V H M VP’s
3 Work environment Facilities that
comprises of the
work
H H Facilities
management
4 Culture and customs Methods by which V H V L VP’s and
8
RISK ASSESSMENT
things are perceived
and done
president
5 Conditions of the
organization
Goals of the
organisation and
the leadership
H L HR and VP
8 Malfunctioning of
the servers
Damage the proper
working of the
organisation
V H V L IT department
6 Improper use of the
resources
Ineffective resource
management
M L HR
7 Malware attacks Theft of the data in
the database
H V L IT department
9 Improper
management
Less experienced
manager
H M Manager and
management
team
10 Lack in resources Less experienced
manager
L V L Resource
Manager
Risk matrix
Probability
V HH
3 1
M
9 2
L
6 5
V l
10 7 4, 8
RISK ASSESSMENT
things are perceived
and done
president
5 Conditions of the
organization
Goals of the
organisation and
the leadership
H L HR and VP
8 Malfunctioning of
the servers
Damage the proper
working of the
organisation
V H V L IT department
6 Improper use of the
resources
Ineffective resource
management
M L HR
7 Malware attacks Theft of the data in
the database
H V L IT department
9 Improper
management
Less experienced
manager
H M Manager and
management
team
10 Lack in resources Less experienced
manager
L V L Resource
Manager
Risk matrix
Probability
V HH
3 1
M
9 2
L
6 5
V l
10 7 4, 8
9
RISK ASSESSMENT
V L L M H V H
Impact
Conclusion
Therefore, it can be concluded that the organisation could face significant threats in the
network. The company is recommended to invest in the ISO 27001 standards. This standard is
international standard that is recognised worldwide for the management of the risks to security of the
information that could be held. The certification to the ISO 27001 standards permits the organisation
to ensure and prove to the clients and the other stakeholders that the management of the security is
done in extensive methods. The assets of the organisation could be classified as the primary assets and
the secondary assets. The primary assets of the organisation could be the service or any information
and the secondary asset is the supporting element of the primary asset. The primary assets of the
organisation are the PCs, Switch, Web server, mail server, Router, and the Authentication server as
well as the human resources. The secondary assets are the Windows operating system, Website,
firewall, Staff database, Customer and property database, IP address and the VPN tunnel and the
information of the organisation.
RISK ASSESSMENT
V L L M H V H
Impact
Conclusion
Therefore, it can be concluded that the organisation could face significant threats in the
network. The company is recommended to invest in the ISO 27001 standards. This standard is
international standard that is recognised worldwide for the management of the risks to security of the
information that could be held. The certification to the ISO 27001 standards permits the organisation
to ensure and prove to the clients and the other stakeholders that the management of the security is
done in extensive methods. The assets of the organisation could be classified as the primary assets and
the secondary assets. The primary assets of the organisation could be the service or any information
and the secondary asset is the supporting element of the primary asset. The primary assets of the
organisation are the PCs, Switch, Web server, mail server, Router, and the Authentication server as
well as the human resources. The secondary assets are the Windows operating system, Website,
firewall, Staff database, Customer and property database, IP address and the VPN tunnel and the
information of the organisation.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
RISK ASSESSMENT
References
Bays, L.R., Oliveira, R.R., Barcellos, M.P., Gaspary, L.P. and Madeira, E.R.M., 2015. Virtual network
security: threats, countermeasures, and challenges. Journal of Internet Services and
Applications, 6(1), p.1.
Brewer, R., 2014. Advanced persistent threats: minimising the damage. Network security, 2014(4),
pp.5-9.
Chen, P., Desmet, L. and Huygens, C., 2014, September. A study on advanced persistent threats.
In IFIP International Conference on Communications and Multimedia Security (pp. 63-72). Springer,
Berlin, Heidelberg.
Cobelo-García, A., Filella, M., Croot, P., Frazzoli, C., Du Laing, G., Ospina-Alvarez, N., Rauch, S.,
Salaun, P., Schäfer, J. and Zimmermann, S., 2015. COST action TD1407: network on technology-
critical elements (NOTICE)—from environmental processes to human health threats. Environmental
Science and Pollution Research, 22(19), pp.15188-15194.
Fire, M., Goldschmidt, R. and Elovici, Y., 2014. Online social networks: threats and solutions. IEEE
Communications Surveys & Tutorials, 16(4), pp.2019-2036.
Friedberg, I., Skopik, F., Settanni, G. and Fiedler, R., 2015. Combating advanced persistent threats:
From network event correlation to incident detection. Computers & Security, 48, pp.35-57.
Go, J.Y. and Lee, K.H., 2014. SNS disclosure of personal information in M2M environment threats and
countermeasures. Journal of the Korea Convergence Society, 5(1), pp.29-34.
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.L., Iorkyase, E., Tachtatzis, C. and Atkinson, R.,
2016, May. Threat analysis of IoT networks using artificial neural network intrusion detection
system. In 2016 International Symposium on Networks, Computers and Communications (ISNCC) (pp.
1-6). IEEE.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information
systems. Procedia Computer Science, 32, pp.489-496.
Kazim, M. and Zhu, S.Y., 2015. A survey on top security threats in cloud computing.
Kuusijärvi, J., Savola, R., Savolainen, P. and Evesti, A., 2016, December. Mitigating IoT security threats
with a trusted Network element. In 2016 11th International Conference for Internet Technology and
Secured Transactions (ICITST) (pp. 260-265). IEEE.
RISK ASSESSMENT
References
Bays, L.R., Oliveira, R.R., Barcellos, M.P., Gaspary, L.P. and Madeira, E.R.M., 2015. Virtual network
security: threats, countermeasures, and challenges. Journal of Internet Services and
Applications, 6(1), p.1.
Brewer, R., 2014. Advanced persistent threats: minimising the damage. Network security, 2014(4),
pp.5-9.
Chen, P., Desmet, L. and Huygens, C., 2014, September. A study on advanced persistent threats.
In IFIP International Conference on Communications and Multimedia Security (pp. 63-72). Springer,
Berlin, Heidelberg.
Cobelo-García, A., Filella, M., Croot, P., Frazzoli, C., Du Laing, G., Ospina-Alvarez, N., Rauch, S.,
Salaun, P., Schäfer, J. and Zimmermann, S., 2015. COST action TD1407: network on technology-
critical elements (NOTICE)—from environmental processes to human health threats. Environmental
Science and Pollution Research, 22(19), pp.15188-15194.
Fire, M., Goldschmidt, R. and Elovici, Y., 2014. Online social networks: threats and solutions. IEEE
Communications Surveys & Tutorials, 16(4), pp.2019-2036.
Friedberg, I., Skopik, F., Settanni, G. and Fiedler, R., 2015. Combating advanced persistent threats:
From network event correlation to incident detection. Computers & Security, 48, pp.35-57.
Go, J.Y. and Lee, K.H., 2014. SNS disclosure of personal information in M2M environment threats and
countermeasures. Journal of the Korea Convergence Society, 5(1), pp.29-34.
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.L., Iorkyase, E., Tachtatzis, C. and Atkinson, R.,
2016, May. Threat analysis of IoT networks using artificial neural network intrusion detection
system. In 2016 International Symposium on Networks, Computers and Communications (ISNCC) (pp.
1-6). IEEE.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information
systems. Procedia Computer Science, 32, pp.489-496.
Kazim, M. and Zhu, S.Y., 2015. A survey on top security threats in cloud computing.
Kuusijärvi, J., Savola, R., Savolainen, P. and Evesti, A., 2016, December. Mitigating IoT security threats
with a trusted Network element. In 2016 11th International Conference for Internet Technology and
Secured Transactions (ICITST) (pp. 260-265). IEEE.
11
RISK ASSESSMENT
Puthal, D., Mohanty, S.P., Nanda, P. and Choppali, U., 2017. Building security perimeters to protect
network systems against cyber threats [future directions]. IEEE Consumer Electronics Magazine, 6(4),
pp.24-27.
Puthal, D., Nepal, S., Ranjan, R. and Chen, J., 2016. Threats to networking cloud and edge
datacenters in the Internet of Things. IEEE Cloud Computing, 3(3), pp.64-71.
Rathore, S., Sharma, P.K., Loia, V., Jeong, Y.S. and Park, J.H., 2017. Social network security: Issues,
challenges, threats, and solutions. Information sciences, 421, pp.43-69.
Skrzewski, M., 2014, June. System network activity monitoring for malware threats detection.
In International Conference on Computer Networks (pp. 138-146). Springer, Cham.
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice Hall
Press.
RISK ASSESSMENT
Puthal, D., Mohanty, S.P., Nanda, P. and Choppali, U., 2017. Building security perimeters to protect
network systems against cyber threats [future directions]. IEEE Consumer Electronics Magazine, 6(4),
pp.24-27.
Puthal, D., Nepal, S., Ranjan, R. and Chen, J., 2016. Threats to networking cloud and edge
datacenters in the Internet of Things. IEEE Cloud Computing, 3(3), pp.64-71.
Rathore, S., Sharma, P.K., Loia, V., Jeong, Y.S. and Park, J.H., 2017. Social network security: Issues,
challenges, threats, and solutions. Information sciences, 421, pp.43-69.
Skrzewski, M., 2014, June. System network activity monitoring for malware threats detection.
In International Conference on Computer Networks (pp. 138-146). Springer, Cham.
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice Hall
Press.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.