Risk Management Report: CobWeb

Verified

Added on 2019/09/20

AI Summary

This report assesses the security risks faced by CobWeb, a leading cloud services provider in Europe. The analysis identifies key vulnerabilities, including physical break-ins, homepage hacking leading to data breaches, data loss due to employee negligence, and uncontrolled network access. A vulnerability assessment matrix ranks the risks associated with computer systems, storage, and the overall system. The report proposes several security control measures, such as implementing antivirus software, logical access control, and employee training in social engineering. It also suggests countermeasures to address specific threats, including changing system IP addresses, enforcing strong passwords, and improving employee training and discipline. Finally, the report presents a risk trend analysis and recommendations for immediate action to mitigate identified risks, emphasizing the need for proactive risk management to protect CobWeb's assets and reputation.

Running Head: Risk Management
Risk management
CobWeb

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Risk Management 1
Introduction
Cobweb is considered as a famous cloud services expert and also consider the largest hosted
exchange provider of the Europe. It was situated in 1996. In this paper, we will study the security
problems of the organization. This will help us in determining proper solution to avoid these
security problems. Its wide experience is empowering the different organizations to grow their
business with high-level flexibility by best-of-breed cloud technologies. It was the first
organization of the Europe dealing in the Microsoft Cloud Solution Provider program. It is
mainly dealing with Microsoft office 365, Microsoft Dynamics CRM, Email Encryption,
Professional consulting, Microsoft Enterprise Mobility Suite, and Email Archiving.
Security Problems of CobWeb
CobWeb is facing different types of security problem. Some of them are following:
 Physical break-ins: It brings greater risk to the physical security of the organization than
hackers. Due to the break-in employees of the organization leave the office and move on
to other competitor’s organization (Alhawari, 2012). On the other hand, physical break-
ins lost the important data which may fall into the wrong hands and can misuse by the
others.
 The homepage of the CobWeb was hacked recently: Hacking brings serious problems for
the working of the organization. The homepage of the organization is recently hacked due
to which sensitive information of the organization leaked. This will damage the credit
ratings of the organization from different consumer agencies (Whitman, 2013).
 Data loss due to large employee negligence: Loss of necessary data due to the employee
negligence brings serious problem in the success of the organization. In the absence of

Risk Management 2
necessary data, they cannot proceed further which will bring big monetary loss to the
organization.
 The network administrator of the organization complains that the organization permits
free access to anything on the network for everyone who asks for it: Due to this offer of
the organization, everyone can access to the website of the organization (Stoneburner,
2013). In such case hacking chances are more which ultimately influence the
performance of the organization in a negative context.
Vulnerability Assessment Matrix
Asset Threat Risk Control Rank
Computer System Hacking  Install firewall to
computer
 Delete emails from
different unknown
sources
 Change password
2
1
3
Storage Data Loss  Install protection
from anti-virus
 Update the
programs
 Regularly backup
1
3
2
System Virus attack  Install real-time
anti-spyware
protection
1
3

Risk Management 3
 Perform daily scan
activity
 Use of hardware-
based firewall
technology
2
Security control measures
Security in the Cobweb organization can also maintain by adopting following measures:
 Anti-Virus Software: It works as the policeman at the gate of the computer system. It
helps the management of the CabWeb in protecting their computers from different types
of incoming threats. It is the job of the antivirus software to keep up with the recent
threats which may cause heavy loss to the organization (Willcocks, 2013).
 Logical Access Control: Unauthorized acts can bring devastating effects on the
organization. It helps the organization in controlling its access measures for system,
information, processes, and programs. It controls the security with the help of
applications, operating systems, and security packages.
Risk Factor Asset Threat Pairing
ID# Status Subject Risk Submitted
Mitigation
Planned
Management
Review
2274 Mgmt Hacking 10 2016-04-26 2:44 NO YES

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Risk Management 4
ID# Status Subject Risk Submitted
Mitigation
Planned
Management
Review
Reviewed PM CDT
2276 Mgmt
Reviewed
Data Loss
10
2016-04-27 10:05
AM CDT
NO YES
2280 New Virus
attack
10
2016-04-28 6:22
PM CDT
NO NO
The assessment done using Simplerisk.it, a risk assessment software.
Countermeasures for controlling risk
All the above-mentioned security problems can resolve by the organization with the help of
below-mentioned provisions:
 To resolve the security problem due to the physical break-ins, the organization needs to
train its staff in the social engineering (Cavusoglu, 2015). This will give them knowledge
about the email or social networking sites with which they can stop the security attack on
the organization.
 To resolve the problems related to the hacking, the organization should change the IP
address of their systems, and this proves a significant tool for preventing hacking. In
addition, the organization should set a password and should keep it secret. This will
prevent unnecessary access to the server (Peltier, 2016).

Risk Management 5
 To prevent the data losses situations, the organization need to train its employees and
should take strict actions against the employees who are not behaving properly.
 Furthermore, the organization need not give the free access to its private things. This will
influence the performance of the organization negatively.
Recommendations
The risk assessment of the paired asset-threat led to the understanding that the actions need to be taken on
immediate basis to ensure that the threats are eliminated within the available time.
2016 Jan 2016
Oct
2016
Nov
2016
Apr
Opened Risks 1 2 3
Closed Risks 2 0 1
Risk Trend 19 19 77
Total Open Risks 488 507 584
The risk value obtained is the clear indication that the company need to take care of all the risks
appropriately and well within the time.

Risk Management 6
References
Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk
management framework for information technology project. International Journal of
Information Management, 32(1), 50-65.
Stoneburner, G., Goguen, A., & Feringa, A. (2013). Risk management guide for information
technology systems. NIST.
Willcocks, L. (2013). Information management: the evaluation of information systems
investments. Springer.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Cavusoglu, H., Cavusoglu, H., Son, J. Y., & Benbasat, I. (2015). Institutional pressures in
security management: Direct and indirect influences on organizational investment in information
security control resources. Information & Management, 52(4), 385-400.
Whitman, M. E., & Mattord, H. J. (2013). Management of information security. Nelson
Education.