logo

Risk management plan – single risk Company name: MyHealth.

   

Added on  2023-01-17

2 Pages468 Words50 Views
Risk management plan – single risk
Company name: MyHealth Completed by: Student name
Work area: Cyber security management Date completed: date
Hazard identification
Hazard: wireless network security
Risk assessment
What harm could the
hazard cause?
Because of less security in wireless network, anyone can access all the assets of the
company and damage their data and information. Hackers can access the payment
details and patients information for personal uses. They can sale patient’s data and
information to anyone for their personal benefits. Wireless access points are situated in
an open area. Therefore, anyone can configure them and access the information.
What is the likelihood
of this happening
This threat is highly occurred in the company. It will happen because of less
information and knowledge of information assets.
Existing control
measure
Provide separate username and password to every staff member to access
wireless network.
All staff members are responsible for security of wireless network
Physical security is necessary for wireless access points
Wireless access points should have locks.
Consequence SLE= 1,000,000 X 50% = $500,000
Likelihood ALE= SLE X ARO = 500,000 X 0.5 = 250,000
Outcome Company will lose their data and information because of less security and unauthorized
access
Control measures
Detective controls Detect virus using antivirus in the system and remove them as soon as possible
Detect unauthorized access in the network using firewalls and block all that websites
Corrective controls Configure routers and switches to secure all the network and monitoring
Preventive Prevent whole network from unauthorized access of attackers using firewalls and IDS
Administrative Restrict all the sensitive areas, such as server room
Implementation
Associated activities Resources
required
Person(s)
responsible Sign off and date
Installing a firewall Firewall hardware
Chief information
security officer
(CISO)’s name
CISO signature and
date
Update all the antiviruses from new
definition Licence antivirus Respective person CISO signature and
date
Update all the operating systems from
windows 10 with latest patches Windows licence
Chief information
security officer
(CISO)’s name
CISO signature and
date
Configure routers and switches Router and
switches
Chief information
security officer
(CISO)’s name
CISO signature and
date
REVIEW
Scheduled review date: / /
Are the control measures in place?
Yes/no based on the student assumption

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Risk management plan – single risk Company name: MyHealth.
|1
|339
|66

Risk management plan – single risk Company name: MyHealth.
|2
|432
|40

Network Design Proposal for XYZ Retails
|15
|873
|395

Project on Network and Information Security
|103
|21907
|91

Computer and Network Security Content
|21
|1055
|20

Remote Network Access: Goals, Design, Security and Risks
|9
|1055
|234