logo

Risk management plan – single risk Company name: MyHealth.

   

Added on  2023-01-11

2 Pages432 Words40 Views
Risk management plan – single risk
Company name: MyHealth Completed by: Student name
Work area: Cybersecurity management Date completed: date
Hazard identification
DoS Attack: Denial of service (DoS) attacks are types of cyberattacks by which malicious actors aim render
devices and computer systems unusable for the intended users through interruptions of normal functioning of the
device.
Risk assessment
What harm could the
hazard cause?
DoS attacks are observed to affect multiple components of the company and
are known to frequently affect systems. They can bring the entire network to a
halt and even lead to freezing of computers.
What is the likelihood
of this happening
DoS attacks are known to be the most popular approach of infecting computer
systems and hence are the most likely to affect MyHealth two of the assets
already have vulnerabilities.
Existing control
measure
Immediate removal of suspicious files followed by full system scan with proven
anti malware solutions.
Consequence Damages to systems might already have occurred
Likelihood Less likely to fully recover once already infected
Outcome Paralysis of assets once infected
Control measures
Detective controls
The identification of traffic flow deviations that may signal the buildup of a
DDoS assault. Effectiveness is measured by your ability to recognize an attack
as early as possible, with instantaneous detection being the ultimate goal.
Divertive controls
Traffic is rerouted away from its target, either to be filtered or completely
discarded.
Filtering
DDoS traffic discarded, by identification of patterns that immediately
differentiate between genuine traffic and malicious clients. Responsiveness is
key factor behind being able to block the attack in time.
Analysis
Security logs are reviewed to gather information about the attack, both to
identify the offender(s) and to improve future resilience. The process’s
effectiveness relies on the existence of detailed security logs that can offer
granular visibility into the attack traffic.
Preferred control
measure
Filtering - if conducted correctly can recover the system.
Implementation
Associated activities Resources
required
Person(s)
responsible Sign off and date
Configuring firewall policies on the fly Cisco ASA 5505 CISO name CISO signature
Date: 31.03.2019
REVIEW
Scheduled review date: 1 / 04 / 2019
Are the control measures in place?
No
Are the controls eliminating/minimising the risk?
No

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Risk management plan – single risk Company name: MyHealth.
|2
|468
|50

Risk management plan – single risk Company name: MyHealth.
|1
|339
|66

Assignment on Risks and Risk Management
|11
|781
|13

Network Threats: Understanding Internal and External Threats
|4
|577
|75