Security Assessment: Risk Assessment and Security Vulnerabilities in XYZ Organisation

Verified

Added on 2023/04/26

AI Summary

In this assessment we will discuss about organisation  security and below are the summaries point:- The report discusses the risk assessment of XYZ organisation and identifies several security vulnerabilities, threats, and gaps in its infrastructure. The vulnerabilities include improper system configuration, insecure/exposed ports, poor anti-virus implementation, weak password implementation, and lack of appropriate security policies. The threats to the infrastructure include spam, DDoS attacks, and web application attacks. The report also evaluates the implications of these vulnerabilities and threats on SMB data protection for intellectual property. Finally, appropriate business strategies for ensuring business sustainability, availability, and reliability are provided.  

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY ASSESSMENT
SECURITY ASSESSMENT
Name of student
Name of university
Author’s note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
SECURITY ASSESSMENT
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Vulnerabilities, threats, and gaps in infrastructure of XYZ organisation..................2
Implications of the security threats and vulnerabilities..............................................4
Business strategies for ensuring sustainability, reliability, and availability..............6
Conclusion......................................................................................................................7
References......................................................................................................................9

2
SECURITY ASSESSMENT
Introduction
This report aims to discuss the risk assessment of an organisation. The chosen
organisation is the XYZ organisation where there are several security vulnerabilities and the
security assessment is provided for the organisation. The evaluation of the vulnerabilities,
threats and the gaps on the infrastructure of the organisation for identifying the suitable
security measures and reducing the impact of the risk on the business process is done briefly
in this report. The evaluation of the implications as this implies to the SMB data protection
for the intellectual property is provided in this report. The appropriate business strategies for
ensuring the business sustainability, availability, and reliability is provided in this report.
Discussion
Vulnerabilities, threats, and gaps in infrastructure of XYZ organisation
The malicious users are always trying to sneak in the networks and then creates
significant problems and it impact the organisation infrastructure extensively. Commonly,
the aspect of system vulnerability is the flaw or the weakness in design or the implementation
of the information system that includes the procedures of security and the controls of security
linked with the system, which could be unintentionally or intentionally exploited for
adversely affecting the assets or operations of the organisation using the loss of
confidentiality, availability or the integrity (Fragkiadakis, Tragos & Askoxylakis, 2013).
Some of the common vulnerabilities of the infrastructure of the company are:
1. Improper system configuration.
2. Insecure/exposed Ports
3. Indiscriminate enabling of services
4. 8. Easy access to information.
5. Poor anti-virus implementation.

3
SECURITY ASSESSMENT
6. Poor firewall deployment.
7. Week password implementation.
8. Application backdoors.
9. Downloading of files and applications from sites that are not trusted.
10. Lack of appropriate security policies.
11. Unsecure applications/programs as a result of poor programming practices.
Some of the common security threats to the infrastructure of the organisation are:
Spam: several organisations in the present world are facing this security threat and it
leads to the theft of all the data of the organisation. The malicious users of inject several spam
emails in the server of the company and when the users open these emails then sometimes
viruses are downloaded in the systems.
DDoS attacks: The servers of any organisation is the primary target in these attacks.
These attacks are intended to damage the network of the company or disrupt the regular
working of the network (Fragkiadakis, Tragos & Askoxylakis, 2013).. With the leveraging of
the web, the NTP and the DNS servers, the strength and the size of the DDoS attack can be
amplified. While the conventional PC based botnets cannot be replaced by the servers, the
increased capacity of computing and the bandwidth enables these attackers to execute the
destructive attacks.
Web application attacks: The cyber criminals launches the web attacks like the cross-
site request forgery (CSRF), SQL injection, and cross-site scripting (XSS) and tried to break
in the applications and then steal the data for achieving profit. Moreover, the attackers targets
the vulnerable web servers and then install the malicious code for transforming these attacks
for the sources of DDoS attacks.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
SECURITY ASSESSMENT
DNS infrastructure: The attackers exploits the DNS servers for amplifying the DDoS
attacks. In the reflection attacks, the attackers spoof all the IP address of the real target of
attack. The queries are sent for instructing the DNS server to comprehensively query several
DNS servers or for sending huge responses to all the victim. This leads to the drowning of
powerful DNS servers using the DNS traffic.
SSL induced blind spots: As the use of the applications supporting the SSL encryption
is increasing in the recent times, the blind spots are increasing exponentially. The
management of the 1028 to 2048 bit SSL keys has increased the burden on the security
devices due to the fact that the 2048 bit certificated requires the 6.3 times increased
processing powering for decrypting (Fragkiadakis, Tragos & Askoxylakis, 2013)..
Implications of the security threats and vulnerabilities
The viruses, worms and Trojan horses can destroy the network infrastructure of any
organisation and it can also cause the security breaches on the data of the organisation. All
these kinds of security and threat risk could extensively impair the operations of the business,
usage of the network and the performance of the computer systems in the organisation by
infecting the computers of the organisations. Some of the implications of the cyber attacks on
the network infrastructure of the organisation are:
Capacity: Every software program that are being executed in any computer requires
significant storage to execute like the computer memory, bandwidth of the network, CPU
processing power, and hard disk storage. All the security threats to the computer means the
threat to the capacity of the computer system. And if the storage of any computer is hampered
then it could mean that the performance of the computer is significantly affected. The threats
to the computer or the network infrastructure places extra load on the network of the
organisation and then consumes extra memory, resources of the network or the processor as

5
SECURITY ASSESSMENT
they are performing any task, monitoring the keystrokes, finding any secure private
information and probably transmit the data to any central location. Additionally, the threat
rising due to the virus or the worms could mean that the attacker is trying to launch any attack
to the computer or the network.
Data harvesting: The harvesting of the data is commonly problematic in the modern
corporate setting as several distinct legal requirements exist for mandating the protection of
the information of the client in several industries. Some of the legislature requirements in the
US consists of the Gramm-Leach-Bliley Act (GLBA), Children’s Online Privacy Protection
Acts (COPPA), the Federal Educational Rights Protection Act (FERPA), and the Health
Insurance Portability and Accountability Act (HIPAA) and a vast assortment of several other
privacy and the laws of the information control. The violations of any provisions, even if it
has been caused due to the data harvesting by the spyware could impact heavy penalties for
both the individual users and the owners and the members of the board of the company. The
users might not be associated regarding the programs of the data harvesting when the
distribution of their own personal data is being done without the consent of the people, then
these kinds of the data can be utilised by several scammers for draining the bank accounts of
the people, impersonate or even execute the crimes of the identity theft. The research that is
conducted by the business, business whose business processes are under the protected
mandates of the network or included in the protection of the trade secrets or any other valued
information might be stolen from the business servers and it could be used for damaging the
business or might be sold to any third party.
Security of the computers: The security risks like the spyware could perform several
actions that are done without the knowledge of the users. Due to this, these programs could
impact the systems significantly as it might cause the security breaches. These system might
be installed in the network of the organisation without the knowledge of the organisation.

6
SECURITY ASSESSMENT
These attacks combined with the viral threats, utilities of automated computer profiling and
several other tools that are employed by the hacker could impact the network of the
organisation significantly.
Business strategies for ensuring sustainability, reliability, and availability
In the present world, the business requires appropriate policies and procedures for
ensuring the sustainability, reliability and availability. Some of the strategies that could be
used by the XYZ organisation are:
Performing an extensive stakeholder analysis: An extensive analysis is required for
ensuring the proper identification of all the associated parties who are might be directly or
indirectly affected by the operations of the business (Pearce, Zeadally and Hunt, 2013). This
provides the insight about the issues, information requirements and the concerns of all the
stakeholders regarding all the activities of sustainable development of the organisation. The
existence of any company is directly related to the global environment and with the
community where it has been based. For executing the activities the company must maintain
the respect for the human integrity and also strive towards the protection of the global
environment.
Establishing policies and objectives for sustainable development: This is the major
objective that is required to be established by the organisation for ensuring the operations of
the business working under certain rules and procedures. This includes the common values
that are expected from the employees for the sustainable development of the business. For the
establishment of the objectives of the sustainable development, management would require to
define the suitable levels of the aggregation. Post the establishment of the objectives of the
sustainability, the management must compare the competitive and the financial strategies

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
SECURITY ASSESSMENT
against all these targets. In several areas, the strategies of the business would be consistent
with providing of the sustainability and the reliability objectives.
Designing and executing of any implementation plan: This phase is essential for the
company because it provides a valuable idea regarding the objectives of the company and the
requirements for achieving the objectives of the sustainable development (Pearce, Zeadally
and Hunt, 2013). The translation of the policies of sustainability would take the company
significant effort and it would affect the entire organisation. This includes the changes in the
culture of the corporate and the attitudes of the employees, defining of the responsibilities
and the accountability along with the establishment of the structures of the organisation,
reporting system of the information and the operational practices.
Development of the measures and the performance standards: The implementation of
the measures for sustainability and the production of the accurate performance reports needs
suitable methods of performance measuring. The management control and the external
reporting relies on availability of the necessary information regarding the operations of the
company (Pearce, Zeadally and Hunt, 2013). This is essential for allowing the management
for assessing the performance against any internal and external standards of performance by
utilising the suitable measures of performance. The information system would require
extensive reviewing for allowing the providing of the required reports to the management.
Preparing of the reports: The next stage includes the development of the worthy and
extensive reports for the stakeholders and the internal management that outlines the
sustainability objectives of the company and then measures the objectives with any
competitors and apply suitable changes in the business processes for ensuring proper
reliability and the availability of information in the business.

8
SECURITY ASSESSMENT
Conclusion
Therefore, the conclusion can be drawn that the organisations in the present world are
facing the threat of cyber attacks on the infrastructure of the companies. The organisation
XYZ should implement appropriate security measures for ensuring protection from the cyber
attacks. The malicious users are always trying to sneak in the networks and then creates
significant problems and it impact the organisation infrastructure extensively. Commonly,
the aspect of system vulnerability is the flaw or the weakness in design or the implementation
of the information system. The viruses, worms and Trojan horses can destroy the network
infrastructure of any organisation and it can also cause the security breaches on the data of
the organisation. All these kinds of security and threat risk could extensively impair the
operations of the business, usage of the network and the performance of the computer
systems in the organisation. Some of the common threats to the network of the organisation
are the DDoS attacks, SQL injection that damages the network of the organisation.

9
SECURITY ASSESSMENT
References
Fragkiadakis, A. G., Tragos, E. Z., & Askoxylakis, I. G. (2013). A survey on security threats
and detection techniques in cognitive radio networks. IEEE Communications Surveys
& Tutorials, 15(1), 428-445.
Pearce, M., Zeadally, S. and Hunt, R., 2013. Virtualization: Issues, security threats, and
solutions. ACM Computing Surveys (CSUR), 45(2), p.17.