Risk Assessment Report: Security Analysis for Microsoft Company

Verified

Added on 2020/02/24

AI Summary

This report, prepared by a risk consultant, provides a detailed analysis of risk assessment within Microsoft. It begins by outlining the purpose of risk assessment, emphasizing its importance in safeguarding assets, ensuring secure environments, and protecting customer data from various threats. The report then defines the risk scope, identifying critical areas such as data leakage, malware attacks, weak passwords, malicious access, outdated operating systems, and user vulnerabilities. The report highlights the Microsoft Security Assessment Tool as the primary methodology, focusing on identifying, assessing, and mitigating risks through a structured approach that aligns with company policies and standards. The conclusion stresses the necessity for Microsoft to remain vigilant about security risks, emphasizing the importance of proactive risk assessment and immediate action to prevent potential breaches and protect the company's reputation and assets. References to supporting literature are included.

Running head: RISK CONSULTANT
Risk Consultant
Name of the Student
Name of the University
Author’s note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1RISK CONSULTANT
Table of Contents
Introduction................................................................................................................................3
1. Description of the purpose of a risk assessment, risk scope and identify critical areas for an
assessment..................................................................................................................................3
1.1. The purpose of a risk assessment....................................................................................3
1.2. Risk scope and identification of critical areas.................................................................3
2. Selection of proper risk assessment methodology.................................................................4
Conclusion..................................................................................................................................5
References..................................................................................................................................6
Introduction
All the organisations must adopt the risk assessment procedures in their premises and
Microsoft being a Fortune 500 is no exception and being a security consultant of the

2RISK CONSULTANT
company it is his responsibility to analyse the risks’ scope, the purpose of risk assessment and
selection of risk assessment methodologies and the report will showcase those.
1. Description of the purpose of a risk assessment, risk scope and identify
critical areas for an assessment.
1.1. The purpose of a risk assessment
The risk assessment is performed in Microsoft for the following benefits
i. Risk assessment saves important assets like time income and property of both the company
and the customers (Leslie et al., 2016).
ii. To develop secure surroundings for all the company staffs and the customers so that they
can get hassle free service from Microsoft.
iii. It also saves the customers assets to be précised personal information from being hacked
off.
iv. It saves the company from all kind of security breaches like hacking of source code,
hacking of services like Windows, Microsoft Azure and many others. If these get hacked,
then they will face heavy loss and lose reputation.
1.2. Risk scope and identification of critical areas
The risk scope includes the following-
i. Leaking of accidental data: Sensitive data of the company can be accessed by
unauthorised users.
ii. Malware attack: Microsoft’s database can be hacked by various malware like
Trojans, ransomware, worms and viruses attack.

3RISK CONSULTANT
iii. The passwords given by customers are weak: There is a possibility their data can
get hacked and the Microsoft will have to take the blame (Haimes, 2015).
iv. Malicious access: The intruders can grant malicious access to any one’s personal
device resulting in exposing personal information.
v. Outdated OS: The Windows OS must be regularly updated otherwise it may result
in security breaches.
vi. Unskilled users: The users are not fully used to Windows and other Microsoft
software that is why the intruders or attackers can take advantage.
2. Selection of proper risk assessment methodology
Microsoft has their individual risk and security assessment tools to secure their system
and company. The Microsoft Security Assessment Tool analyse the threats and risks
associated with people, procedures and the techniques and technology. All the analysis is
done following the rules, regulations, standards and policies of the company. After all the
analysis is done, a report is prepared where the risks can be measured and compared and can
provide solutions for mitigating the risks (Bahr, 2014). The Microsoft Security Assessment
Tool focuses on five categories of the risk assessment- identification of the risks associated
that may cause threat to the organization, the organisations and the individuals who may get
harmed, assessing the risks and then taking action accordingly, preparing a report to keep
hold of the record and finally reviewing of the risk assessments (Alfonsi et al., 2013).
Conclusion
It can be concluded from the above discourse Microsoft being a tech giant must be
aware of all the security risks and threats and so they must maintain the security
methodologies, the report highlighted all the security and risk scopes, the necessity of risk

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4RISK CONSULTANT
assessment in details. Microsoft being a renowned fortune 500 company must be aware of the
risks all the time and so, they should focus on the assassination of the risks and then taking
immediate actions, otherwise, any kind of security breach will cost them too much.
References
Alfonsi, A., Rabiti, C., Mandelli, D., Cogliati, J., & Kinoshita, R. (2013, May). Raven as a
tool for dynamic probabilistic risk assessment: Software overview. In Proceeding of
M&C2013 International Topical Meeting on Mathematics and Computation.
Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach.
CRC Press.

5RISK CONSULTANT
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Leslie, W. D., Majumdar, S. R., Lix, L. M., Josse, R. G., Johansson, H., Oden, A., ... &
Kanis, J. A. (2016). Direct comparison of FRAXR and a simplified fracture risk
assessment tool in routine clinical practice: a registry-based cohort
study. Osteoporosis International, 27(9), 2689-2695.