Risk Assessment for CONVXYZ
Added on 2023-01-19
12 Pages3189 Words82 Views
Running head: RISK ASSESSMENT
RISK ASSESSMENT
Name of student
Name of university
Author’s note:
RISK ASSESSMENT
Name of student
Name of university
Author’s note:
1
RISK ASSESSMENT
Table of Contents
Introduction..............................................................................................................................2
Risk assessment........................................................................................................................2
Assets of the organisation....................................................................................................2
Threat of the assets..............................................................................................................3
Threats to the primary assets...........................................................................................3
Threats to the secondary assets.......................................................................................4
Vulnerability of each asset....................................................................................................4
Risk register..........................................................................................................................7
Risk matrix............................................................................................................................8
Conclusion................................................................................................................................9
References..............................................................................................................................10
RISK ASSESSMENT
Table of Contents
Introduction..............................................................................................................................2
Risk assessment........................................................................................................................2
Assets of the organisation....................................................................................................2
Threat of the assets..............................................................................................................3
Threats to the primary assets...........................................................................................3
Threats to the secondary assets.......................................................................................4
Vulnerability of each asset....................................................................................................4
Risk register..........................................................................................................................7
Risk matrix............................................................................................................................8
Conclusion................................................................................................................................9
References..............................................................................................................................10
2
RISK ASSESSMENT
Introduction
This report aims to discuss the risk assessment of the conveyancing and estate service,
CONVXYZ. The risk assessment technique that has been utilised is the what-if analysis that is utilised
for identifying the hazards and the threats. There are several advantages of the What-if analysis such
as the better and informed decision making with the changing assumptions as well as the observing
and then estimating the results which would help in determining the outcome of the decisions. The
detailed risk assessment is provided in this report along with the owner specifications, identification
of the assets, one threat and one vulnerability of each of the asset, the likelihood level computation
is provided along with the impact table specification and the risk identification using the risk matrix
is offered in this report. Lastly, this report concludes with the appropriate conclusion for the report.
Risk assessment
Assets of the organisation
The assets of the organisation could be classified as the primary assets and the secondary
assets. The primary assets of the organisation could be the service or any information and the
secondary asset is the supporting element of the primary asset. The primary assets of the
organisation are the PCs, Switch, Web server, mail server, Router, and the Authentication server as
well as the human resources. The secondary assets are the Windows operating system, Website,
firewall, Staff database, Customer and property database, IP address and the VPN tunnel and the
information of the organisation. The primary assets could be classified as the assets which must be
imported initially for importing the other types of assets. The primary assets acts as default scope for
importing the other kinds of assets. The servers and the other hardware have been selected as the
primary assets because using these servers the various configuring could be done for enabling any
server to act as the base of the information. The secondary assets have been classified because
these assets of the organisation depends on the primary assets for functioning properly and
efficiently. For example, without the availability of the primary asset PC, the secondary assets
Windows operating system could not work. Hence, the PCs have been selected as the primary assets
and the operating system has been chosen as the secondary asset (Friedberg et al. 2015). The assets
that have been imported afterwards the primary assets are the secondary assets. The assets of the
organisation are the major drivers of the business and it helps in executing the business effectively.
RISK ASSESSMENT
Introduction
This report aims to discuss the risk assessment of the conveyancing and estate service,
CONVXYZ. The risk assessment technique that has been utilised is the what-if analysis that is utilised
for identifying the hazards and the threats. There are several advantages of the What-if analysis such
as the better and informed decision making with the changing assumptions as well as the observing
and then estimating the results which would help in determining the outcome of the decisions. The
detailed risk assessment is provided in this report along with the owner specifications, identification
of the assets, one threat and one vulnerability of each of the asset, the likelihood level computation
is provided along with the impact table specification and the risk identification using the risk matrix
is offered in this report. Lastly, this report concludes with the appropriate conclusion for the report.
Risk assessment
Assets of the organisation
The assets of the organisation could be classified as the primary assets and the secondary
assets. The primary assets of the organisation could be the service or any information and the
secondary asset is the supporting element of the primary asset. The primary assets of the
organisation are the PCs, Switch, Web server, mail server, Router, and the Authentication server as
well as the human resources. The secondary assets are the Windows operating system, Website,
firewall, Staff database, Customer and property database, IP address and the VPN tunnel and the
information of the organisation. The primary assets could be classified as the assets which must be
imported initially for importing the other types of assets. The primary assets acts as default scope for
importing the other kinds of assets. The servers and the other hardware have been selected as the
primary assets because using these servers the various configuring could be done for enabling any
server to act as the base of the information. The secondary assets have been classified because
these assets of the organisation depends on the primary assets for functioning properly and
efficiently. For example, without the availability of the primary asset PC, the secondary assets
Windows operating system could not work. Hence, the PCs have been selected as the primary assets
and the operating system has been chosen as the secondary asset (Friedberg et al. 2015). The assets
that have been imported afterwards the primary assets are the secondary assets. The assets of the
organisation are the major drivers of the business and it helps in executing the business effectively.
3
RISK ASSESSMENT
Threat of the assets
Threats to the primary assets
PCs: There are several threats that faced by the PCs of the organisation. The major threats
are the damage to the PC due to fire, internet worms, rootkit, browser hijacker, email virus, misuse
of the PC by the employees of the organisation (Kazim and Zhu 2015). These threats would affect the
PCs of the organisation directly that could lead to the permanent damage of the PC, which would
affect the organisation significantly (Fire, Goldschmidt and Elovici 2014).
Switch: Some of the threats that are faced by switch are the CDP manipulation. The CDP
packets have been enabled on all the interfaces default and these switches that allows the attacker
to perform an analysis of the packers and then gain the significant information regarding the
network device and then this information could be utilised by the attacker for executing the
vulnerability against this device platform (Rathore et al. 2017).
Web server: Any threat to the applications, operating system and the database or the
network would lead to the serious damage of the web servers (Bays et al .2015). The threat that are
faced by the web servers are the DOS attacks, website defacement, misconfiguration attacks,
directory traversal, and the phishing attack. Any attackers could cause the DOS attacks by
transmitting numerous packets of the service requests overwhelming the capability of the servicing
of the web server (Cobelo-García et al. 2015).
Mail server: Some of the threats faced by the email servers are the weak authentication
procedures, data leakage, DoS attacks, and the outdated installations (Taylor, Fritsch and Liederbach
2014). The weak authentication procedures could lead to the entry of any unauthorised used in the
network of the organisation and then cause any damage to the network of the organisation. The
major threat of the mail servers is the issue of the data leakage that could be caused by the
malicious users using the viruses or phishing (Jouini, Rabai and Aissa 2014).
Router: Some of the threats to the routers includes the password guessing, unauthorised
access, masquerading, session hijacking, ping of death attacks, session replay attacks, and the router
protocol attacks (Brewer 2014). These kinds of attacks could lead to the damage of the router and
make the network of the organisation damage for the significant time (Chen, Desmet and Huygens
2014).
Authentication server: With the proper credentials, the authorised users would be given
access in the network by the authentication servers and the unauthorised users would be blocked
from the network of the organisation (Puthal et al. 2017). Some of the threats to the authentication
RISK ASSESSMENT
Threat of the assets
Threats to the primary assets
PCs: There are several threats that faced by the PCs of the organisation. The major threats
are the damage to the PC due to fire, internet worms, rootkit, browser hijacker, email virus, misuse
of the PC by the employees of the organisation (Kazim and Zhu 2015). These threats would affect the
PCs of the organisation directly that could lead to the permanent damage of the PC, which would
affect the organisation significantly (Fire, Goldschmidt and Elovici 2014).
Switch: Some of the threats that are faced by switch are the CDP manipulation. The CDP
packets have been enabled on all the interfaces default and these switches that allows the attacker
to perform an analysis of the packers and then gain the significant information regarding the
network device and then this information could be utilised by the attacker for executing the
vulnerability against this device platform (Rathore et al. 2017).
Web server: Any threat to the applications, operating system and the database or the
network would lead to the serious damage of the web servers (Bays et al .2015). The threat that are
faced by the web servers are the DOS attacks, website defacement, misconfiguration attacks,
directory traversal, and the phishing attack. Any attackers could cause the DOS attacks by
transmitting numerous packets of the service requests overwhelming the capability of the servicing
of the web server (Cobelo-García et al. 2015).
Mail server: Some of the threats faced by the email servers are the weak authentication
procedures, data leakage, DoS attacks, and the outdated installations (Taylor, Fritsch and Liederbach
2014). The weak authentication procedures could lead to the entry of any unauthorised used in the
network of the organisation and then cause any damage to the network of the organisation. The
major threat of the mail servers is the issue of the data leakage that could be caused by the
malicious users using the viruses or phishing (Jouini, Rabai and Aissa 2014).
Router: Some of the threats to the routers includes the password guessing, unauthorised
access, masquerading, session hijacking, ping of death attacks, session replay attacks, and the router
protocol attacks (Brewer 2014). These kinds of attacks could lead to the damage of the router and
make the network of the organisation damage for the significant time (Chen, Desmet and Huygens
2014).
Authentication server: With the proper credentials, the authorised users would be given
access in the network by the authentication servers and the unauthorised users would be blocked
from the network of the organisation (Puthal et al. 2017). Some of the threats to the authentication
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment for CONVXYZ Organizationlg...
|12
|2947
|68
Information Security Management: Risk Assessment and Recommendationslg...
|11
|2902
|54
Risk Assessment on Network Infrastructure of CONVXYZlg...
|27
|3351
|91
Cloud Architecture Risk Assignment PDFlg...
|15
|2969
|384
Cloud Architecture Risk Assessmentlg...
|19
|3285
|104
CONVXYZ Risk Assessmentlg...
|19
|3223
|38