CMGT 430 Week 3 Learning Team Ranking the Pairs

8 Oct No Comments
Vulnerabilities Threats Probability Impact Suggested Mitigation Steps
Card access Network Security High Access any physical location permitted by the card. Practice having your card on you at all times. This ensures having your card will always be on you.
Access Roster Confidentiality Low Bypass authentication Double and triple check user on access roster.
Biometrics Confidentiality Low Building, data, hardware access Implement roper training. Not used enough
Video Monitoring Environmental Low Surveillance of network Monitor video cabling and monitor from an individual room
Lack of IT support/Staff Availability Medium Preventive Maintenance over looked, no Separation of Duties Maintain Separation of Duties, Security Audits
Attacks on Mobile devices Integrity High Viruses, attack to network, data Maintain policies per network/system requirements
Legacy Systems Integrity Low Updates, patches, compatibility Schedule Update maintain regular replacement program
Hardware failure Physical Low Updates, patches, compatibility Schedule Update maintain regular replacement program
Missed security patches Network Security Medium Outdated Security Keep update schedule, regular audits
Terminated Employee Confidentiality IntegrityAvailability High Trade secrets Implement confidential information use and protection policies, protocols for handling departing employees.
Wide Area Application Services Availability High Cause a targeted device to reset. Attacks that result in a DoS condition. Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected devices.
Buffer Overflow Confidentiality IntegrityAvailability Medium Code execution, Denial of service Buffer overflow protection
VoIP Technology Confidentiality IntegrityAvailability Medium Tie up network so its unusable Documented VoIP security policy, implement a defense-in-depth layered approach. 
Lack of Physical Security Physical High Unauthorized or covert access, and forcible attack. CCTV coverageSecurity lightingSecurity guard
Unauthorized Access Confidentiality High Viruses, missing data, computer vandalize Access control security measures
Unauthorized Downloads Availability High Viruses, Trojan’s, ect. Block access to unauthorized/illegal software education and awareness
Theft of Equipment Physical Medium Missing data, company loss, security secrets Use physical security measures
Destruction of Equipment Availability Low Missing data, company losses Use physical security measures
Environmental Disaster Environmental Low Missing data, company loss, Death Can use a backup disaster recovery plan
Equipment Disposal Environmental Low Environmental laws, fees, environment destruction Ensure that all devices are whipped clean before disposal
Vulnerabilities Threats Probability Impact Suggested Mitigation Steps
Group Policies Network Security High Alter polices and turn on turned off setting and access Monitor group polices on a bi-weekly basis. Make sure no modifications have been made.
Data Encryption Confidentiality Medium Decrypt important secretive information Decryption must be done correct. No acceptations.
Repository Availability Low No means of back up data. Always back all information and never overwrite backups.
Strong Passwords Network Security Medium Able to access user/email accounts, computers, and servers. Implement password security.
Permissions Confidentiality Low Access specific files Make sure sufficient but too much permissions are given. Need to know!
VPN Network Security Medium Online attack of system, able to access system, accounts, email. Deny LAN traffic but VPN. Strong passwords, Use of OTP (one time passwords)
DMZ Confidentiality High Direct line to hacker or attack. Direct access to external network equipment Dual firewalls, Subnets
Software Bugs and design faults Integrity Medium Hackers can manipulate code, gain access. Send viruses, Audit designs, testing system, software before releasing. Following strong testing policies.
Wifi Vulnerabilities Network Security High Access to network, hackers backdoor vulnerable devices Firewalls, strong passwords, Proxy servers
Lack of security policies Network Security High Weaknesses in networks, preventive maintenance. Strong policies, security audits. Separation of duties
Boot Sector Viruses Availability Medium Inability to access hard driveand application failure` Boot sector antivirus protector
Logic bomb Availability Medium Delete or corrupt data Anti-virus program
Unsecured Wireless Network Confidentiality High Capture network data or attacks the computer Create a Security PolicyConfigure for Secured Network AccessCreate Service Set Identifier (SSID)
Keystroke logging Confidentiality Medium Identity theft, espionage, or data breach Encryption installing “anti-key logging keystroke encryption software and other antivirus software
Packet Collisions Confidentiality Medium loss of the data and require retransmission. CSMA/CD (Carrier Sense Multiple Access/Collision Detection) on 802.3 networks
User errors Data and System Integrity High Data corruption Training to educate on how to deal with security threats
Firewall Security Network Security Medium Loads of wrong packets coming in and out of the network, slow down network or many virus or Trojan’s Enable rules and polices to block dangerous data from entering the network
Denial of Service Availability Medium No one will be able to visit website or place orders, company loss of money (income) Firewalls and active IPS
Antivirus Network Security High Viruses through out companies equipment, Trojan’s Install antivirus software and make sure up to date
Modification of Data Integrity High Loss data, company losses Encryption, strong access control

Click following link to download this document

CMGT 430 Week 3 Learning Team Ranking the Pairs.docx