Vulnerabilities | Threats | Probability | Impact | Suggested Mitigation Steps |
---|---|---|---|---|
Physical | ||||
Card access | Network Security | High | Access any physical location permitted by the card. | Practice having your card on you at all times. This ensures having your card will always be on you. |
Access Roster | Confidentiality | Low | Bypass authentication | Double and triple check user on access roster. |
Biometrics | Confidentiality | Low | Building, data, hardware access | Implement roper training. Not used enough |
Video Monitoring | Environmental | Low | Surveillance of network | Monitor video cabling and monitor from an individual room |
Lack of IT support/Staff | Availability | Medium | Preventive Maintenance over looked, no Separation of Duties | Maintain Separation of Duties, Security Audits |
Attacks on Mobile devices | Integrity | High | Viruses, attack to network, data | Maintain policies per network/system requirements |
Legacy Systems | Integrity | Low | Updates, patches, compatibility | Schedule Update maintain regular replacement program |
Hardware failure | Physical | Low | Updates, patches, compatibility | Schedule Update maintain regular replacement program |
Missed security patches | Network Security | Medium | Outdated Security | Keep update schedule, regular audits |
Terminated Employee | Confidentiality IntegrityAvailability | High | Trade secrets | Implement confidential information use and protection policies, protocols for handling departing employees. |
Wide Area Application Services | Availability | High | Cause a targeted device to reset. Attacks that result in a DoS condition. | Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected devices. |
Buffer Overflow | Confidentiality IntegrityAvailability | Medium | Code execution, Denial of service | Buffer overflow protection |
VoIP Technology | Confidentiality IntegrityAvailability | Medium | Tie up network so its unusable | Documented VoIP security policy, implement a defense-in-depth layered approach. |
Lack of Physical Security | Physical | High | Unauthorized or covert access, and forcible attack. | CCTV coverageSecurity lightingSecurity guard |
Unauthorized Access | Confidentiality | High | Viruses, missing data, computer vandalize | Access control security measures |
Unauthorized Downloads | Availability | High | Viruses, Trojan’s, ect. | Block access to unauthorized/illegal software education and awareness |
Theft of Equipment | Physical | Medium | Missing data, company loss, security secrets | Use physical security measures |
Destruction of Equipment | Availability | Low | Missing data, company losses | Use physical security measures |
Environmental Disaster | Environmental | Low | Missing data, company loss, Death | Can use a backup disaster recovery plan |
Equipment Disposal | Environmental | Low | Environmental laws, fees, environment destruction | Ensure that all devices are whipped clean before disposal |
Vulnerabilities | Threats | Probability | Impact | Suggested Mitigation Steps |
---|---|---|---|---|
Logical | ||||
Group Policies | Network Security | High | Alter polices and turn on turned off setting and access | Monitor group polices on a bi-weekly basis. Make sure no modifications have been made. |
Data Encryption | Confidentiality | Medium | Decrypt important secretive information | Decryption must be done correct. No acceptations. |
Repository | Availability | Low | No means of back up data. | Always back all information and never overwrite backups. |
Strong Passwords | Network Security | Medium | Able to access user/email accounts, computers, and servers. | Implement password security. |
Permissions | Confidentiality | Low | Access specific files | Make sure sufficient but too much permissions are given. Need to know! |
VPN | Network Security | Medium | Online attack of system, able to access system, accounts, email. | Deny LAN traffic but VPN. Strong passwords, Use of OTP (one time passwords) |
DMZ | Confidentiality | High | Direct line to hacker or attack. Direct access to external network equipment | Dual firewalls, Subnets |
Software Bugs and design faults | Integrity | Medium | Hackers can manipulate code, gain access. Send viruses, | Audit designs, testing system, software before releasing. Following strong testing policies. |
Wifi Vulnerabilities | Network Security | High | Access to network, hackers backdoor vulnerable devices | Firewalls, strong passwords, Proxy servers |
Lack of security policies | Network Security | High | Weaknesses in networks, preventive maintenance. | Strong policies, security audits. Separation of duties |
Boot Sector Viruses | Availability | Medium | Inability to access hard driveand application failure` | Boot sector antivirus protector |
Logic bomb | Availability | Medium | Delete or corrupt data | Anti-virus program |
Unsecured Wireless Network | Confidentiality | High | Capture network data or attacks the computer | Create a Security PolicyConfigure for Secured Network AccessCreate Service Set Identifier (SSID) |
Keystroke logging | Confidentiality | Medium | Identity theft, espionage, or data breach | Encryption installing “anti-key logging keystroke encryption software and other antivirus software |
Packet Collisions | Confidentiality | Medium | loss of the data and require retransmission. | CSMA/CD (Carrier Sense Multiple Access/Collision Detection) on 802.3 networks |
User errors | Data and System Integrity | High | Data corruption | Training to educate on how to deal with security threats |
Firewall Security | Network Security | Medium | Loads of wrong packets coming in and out of the network, slow down network or many virus or Trojan’s | Enable rules and polices to block dangerous data from entering the network |
Denial of Service | Availability | Medium | No one will be able to visit website or place orders, company loss of money (income) | Firewalls and active IPS |
Antivirus | Network Security | High | Viruses through out companies equipment, Trojan’s | Install antivirus software and make sure up to date |
Modification of Data | Integrity | High | Loss data, company losses | Encryption, strong access control |
Place an Order
Plagiarism Free!
Create an Account
Create an account at Top Tutor Online
- Allows you to track orders.
- Receive personal messages.
- Send messages to a tutor.
Post a Question/ Assignment
Post your specific assignment
- Tutors will be notified of your assignment.
- Review your question and include all the details.
- A payment Link will be sent to you.
Wait for your Answer!
Make payment and wait for your answer
- Make payment in accordance with the number of pages to be written.
- Wait for your Answer as a professional works on your paper.
- You will be notified when your Answer is ready.