Cybersecurity Risk Assessment Report - Vulnerabilities and Threats

Verified

Added on 2022/10/06

AI Summary

This report provides a comprehensive analysis of cybersecurity risk assessment, emphasizing its critical role in developing and managing cybersecurity programs. It identifies vulnerabilities and threats associated with information assets, particularly in the context of a university website. The report outlines a risk assessment process, including critical asset identification and the development of a ranking template. It explores various cyber threats, such as ransomware, social engineering, and denial-of-service attacks, and assesses their potential impact. The report also discusses the limitations of current risk assessment methods and provides recommendations for enhancing website security, including the use of encryption, data backups, and robust security protocols. This work is contributed by a student and available on Desklib, a platform offering AI-based study tools.

Running head: CYBER SECURITY
CYBER SECURITY
Name of the Student:
Name of the university:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CYBER SECURITY
Table of Contents
Significance of the risk assessment........................................................................................................2
Critical asset identification....................................................................................................................2
Template................................................................................................................................................3
Associated threat identification.............................................................................................................4
Landscape of the threat imposed on the website....................................................................................4
References.............................................................................................................................................6

2CYBER SECURITY
Significance of the risk assessment
There are several vulnerabilities associated with a particular procedure that enhances the
exposure of the system to possible risks and threats. Therefore, these risks are equipped with
potentials that facilitates the procedure to cause harm to the system, as a consequence these
vulnerabilities are malicious for the system. Risk assessment deals with this scenario of identifying
the possible risks that may creep into the system at any point of time, addressing them and providing
necessary resolutions that are in the line of alignment for combatting the same (Arachchilage and
Love 2014). Risk assessment associated with cyber-security is also no exception to this generalised
perception. Cyber-security risk assessment procedure successfully identifies the risk, critically
analyses them and finally evaluates the weightage of the associated risks.
Risk assessment that is in the line of alignment of cyber security, thoroughly identifies the
scenarios where the assets and liabilities of the system are exposed to get affected by the profound and
impacting cyber-attack. This is likely to bring about drastic alteration in the infrastructure of the
system incorporating the constituents like software and hardware components, database retaining the
student data and computer systems (Conteh and Schmick 2016). There are several challenges
associated with the impart of education to the team in regards to the risk mitigation techniques.
For the maintenance of proper balance within a system, it is very crucial to thoroughly
evaluate the anticipated risks and critically estimate the vulnerabilities that lead to the evolution of the
risks and at the same time adopting the necessary mitigation techniques that will be employed for the
purpose of mitigation of the same. For the accomplishment of this purpose it is very crucial to review
the operations and monitor the ambience of the educational institute, responsible for the detection of
the drastic changes that are witnessed within the structural framework of the organization in due
course of time.
Critical asset identification

3CYBER SECURITY
An asset of information is a singular entity that is equipped with potentials that essentially
facilitates it with the purpose of managing and organizing the body of knowledge. The management
of the asset of information is performed and executed in such a manner that it renders the provision
for protection, understanding and sharing (Shamala, Ahmad and Yusoff 2013). Critical asset provides
the platform that facilitates the risk assessment and the management of the information processes.
Information assets are the subset of the specified assets of the university providing financial assets
and other diversified categories of assets having physical aspects and properties.
This leads to the evocation of the necessity for the purpose of registering the information
related assets that helps in the management of the information assets and tracking the same
(Cartwright EDIFICE TECHNOLOGIES Inc 2014).. The critical importance of information asset lies
in the fact that information technology finds profound impact in the maintenance of database in an
educational institution fetching the purpose of maintaining the records of the students.
Information asset is also significant in the purpose of collecting a number of valuable
contracts (Cherdantseva et al. 2016).. This is also useful for the purpose of gathering agreements in
the line of alignment of the research and development. This procedure can be challenging at some
instances, however the significance and the positive impact of the information asset supersedes its
loopholes.
Template
Information Asset Rank Description
Information regarding teaching
and learning
2
Information of the student
detail
1
Information of the
management of several
facilities
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4CYBER SECURITY
Information regarding any
research
3
Information regarding strategy,
policy or rather governance
6
Information of the
management of finance
5
Engagement, development and
alumni
8
Information of strategic
intelligence as well as
reporting
7
Associated threat identification
The valuable and the crucial information associated with any educational organization is
subjected to the risk of getting hacked and tampered at any point of time owing to the vulnerabilities
embedded within the structural framework of the system (Love et al. 2014).. The five pioneer threats
that has been dominating in the field of security breach are attacks of ransomeware, social engineering
vulnerabilities, attacks imposed by the DoS and finally the service attack denials (Love et al. 2014)..
The stereotype policies associated with security and the deficit of the required policies contributed to
the above mentioned scenarios.
The chronology of the imposed threats on the system are summarised and documented in a
tabular format furnished below:
Security threats Rank depending upon the impact
Attacks associated with the denial of service 1
Ransom ware 2
Phishing activities 3

5CYBER SECURITY
Outdated policies of security 5
Lack of appropriate controls of security 4
Landscape of the threat imposed on the website
The category of website that is generally being utilized by the institute imparting education to
the professionals as well as the students, is of basic outline fetching the purpose of notifying the
students about the revision in the syllabus and also keeping the student updated about the date of the
examination. However, like the other websites, educational website also has certain vulnerabilities
integrated within its structural framework that facilitates the exposure of the website to the prevailing
risks and threats (Öğütçü, Testik and Chouseinoglou 2016). Hence, there is the possibility that the
website may get compromised at any point of time resulting in the breach of the necessary and crucial
information.
The particular citation in this scenario is the attack of the ransom ware. Ransom ware
propagates through the malicious attachments that have been sent to the official mails of the
organizations, and just a single click on the malicious attachment results in the compromise of the
website thereby results in the breach of the information of the organization (Peltier 2016).. For the
purpose of enduring the ransom ware attacks, proper and technical security protocols are required to
be imbibed within the structural frame work of the organization.
Owing to the propagation and dispersion of the ransom ware attack through the email, the
hackers are equipped with the capabilities to gain access over the password and the user id, and once
the log in credentials are accessible to them, they will be capable to control and manipulate the
information of the website (Conteh and Schmick 2016). The website will then be handed over to the
organization only in lieu of the huge lucrative amount of ransom, that are required to be paid in the
form of electronic bit coins. Similar contrasting features are also associated with the attacks imposed
by the DoS. However, the money demanded in the case of a DoS attack is pretty huge, which even
can be as high as five dollars. The mode of operation of the DoS attack is through the dark web.

6CYBER SECURITY
All these attacks owe their origin to the lack of proper mitigation techniques for the purpose
of enduring these malicious activities. Even, in some scenarios, after the successful hand over of the
demanded money to the hackers, the website is permanently tampered and the website credentials and
testimonials are then employed for the purpose of renovation of other websites satisfying the same
business requirements (Hartmann and Steup 2013). Hence, the organizations are always required to
maintain proper back up of the data and information. Apart from that, there needs to be the provision
for proper encrypting tools and coding that facilitates the proper safeguarding of the data and the
information.
The database employed for the purpose of storing the data needs to be properly shielded by
the proper encryption techniques and the size of the database should be such that there should be
sufficient storage for the preservation of the data (Öğütçü, Testik and Chouseinoglou 2016). This
proves to be beneficial in the cases where there is the breach of data of the organization, then in those
scenarios the compromised data can easily be fetched and accessed from the database through the
cloud operations.
References
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing threat
avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Cartwright, K., EDIFICE TECHNOLOGIES Inc, 2014. Systems and methods for capturing,
managing, sharing, and visualising asset information of an organization. U.S. Patent Application
14/270,196.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K., 2016. A
review of cyber security risk assessment methods for SCADA systems. Computers & security, 56,
pp.1-27.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and countermeasures to
prevent social engineering attacks. International Journal of Advanced Computer Research, 6(23),
p.31.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER SECURITY
Hartmann, K. and Steup, C., 2013, June. The vulnerability of UAVs to cyber attacks-An approach to
the risk assessment. In 2013 5th international conference on cyber conflict (CYCON 2013) (pp. 1-23).
IEEE.
Love, P.E., Matthews, J., Simpson, I., Hill, A. and Olatunji, O.A., 2014. A benefits realization
management building information modeling framework for asset owners. Automation in
construction, 37, pp.1-10.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information security
behavior and awareness. Computers & Security, 56, pp.83-93.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective
information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information
security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.
Shamala, P., Ahmad, R. and Yusoff, M., 2013. A conceptual framework of info structure for
information security risk assessment (ISRA). Journal of Information Security and Applications, 18(1),
pp.45-52.