| Vulnerabilities | Threats | Probability | Impact | Suggested Mitigation Steps |
|---|---|---|---|---|
| Physical | ||||
| Card access | Network Security | High | Access any physical location permitted by the card. | Practice having your card on you at all times. This ensures having your card will always be on you. |
| Access Roster | Confidentiality | Low | Bypass authentication | Double and triple check user on access roster. |
| Biometrics | Confidentiality | Low | Building, data, hardware access | Implement roper training. Not used enough |
| Video Monitoring | Environmental | Low | Surveillance of network | Monitor video cabling and monitor from an individual room |
| Lack of IT support/Staff | Availability | Medium | Preventive Maintenance over looked, no Separation of Duties | Maintain Separation of Duties, Security Audits |
| Attacks on Mobile devices | Integrity | High | Viruses, attack to network, data | Maintain policies per network/system requirements |
| Legacy Systems | Integrity | Low | Updates, patches, compatibility | Schedule Update maintain regular replacement program |
| Hardware failure | Physical | Low | Updates, patches, compatibility | Schedule Update maintain regular replacement program |
| Missed security patches | Network Security | Medium | Outdated Security | Keep update schedule, regular audits |
| Terminated Employee | Confidentiality IntegrityAvailability | High | Trade secrets | Implement confidential information use and protection policies, protocols for handling departing employees. |
| Wide Area Application Services | Availability | High | Cause a targeted device to reset. Attacks that result in a DoS condition. | Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected devices. |
| Buffer Overflow | Confidentiality IntegrityAvailability | Medium | Code execution, Denial of service | Buffer overflow protection |
| VoIP Technology | Confidentiality IntegrityAvailability | Medium | Tie up network so its unusable | Documented VoIP security policy, implement a defense-in-depth layered approach. |
| Lack of Physical Security | Physical | High | Unauthorized or covert access, and forcible attack. | CCTV coverageSecurity lightingSecurity guard |
| Unauthorized Access | Confidentiality | High | Viruses, missing data, computer vandalize | Access control security measures |
| Unauthorized Downloads | Availability | High | Viruses, Trojan’s, ect. | Block access to unauthorized/illegal software education and awareness |
| Theft of Equipment | Physical | Medium | Missing data, company loss, security secrets | Use physical security measures |
| Destruction of Equipment | Availability | Low | Missing data, company losses | Use physical security measures |
| Environmental Disaster | Environmental | Low | Missing data, company loss, Death | Can use a backup disaster recovery plan |
| Equipment Disposal | Environmental | Low | Environmental laws, fees, environment destruction | Ensure that all devices are whipped clean before disposal |
| Vulnerabilities | Threats | Probability | Impact | Suggested Mitigation Steps |
|---|---|---|---|---|
| Logical | ||||
| Group Policies | Network Security | High | Alter polices and turn on turned off setting and access | Monitor group polices on a bi-weekly basis. Make sure no modifications have been made. |
| Data Encryption | Confidentiality | Medium | Decrypt important secretive information | Decryption must be done correct. No acceptations. |
| Repository | Availability | Low | No means of back up data. | Always back all information and never overwrite backups. |
| Strong Passwords | Network Security | Medium | Able to access user/email accounts, computers, and servers. | Implement password security. |
| Permissions | Confidentiality | Low | Access specific files | Make sure sufficient but too much permissions are given. Need to know! |
| VPN | Network Security | Medium | Online attack of system, able to access system, accounts, email. | Deny LAN traffic but VPN. Strong passwords, Use of OTP (one time passwords) |
| DMZ | Confidentiality | High | Direct line to hacker or attack. Direct access to external network equipment | Dual firewalls, Subnets |
| Software Bugs and design faults | Integrity | Medium | Hackers can manipulate code, gain access. Send viruses, | Audit designs, testing system, software before releasing. Following strong testing policies. |
| Wifi Vulnerabilities | Network Security | High | Access to network, hackers backdoor vulnerable devices | Firewalls, strong passwords, Proxy servers |
| Lack of security policies | Network Security | High | Weaknesses in networks, preventive maintenance. | Strong policies, security audits. Separation of duties |
| Boot Sector Viruses | Availability | Medium | Inability to access hard driveand application failure` | Boot sector antivirus protector |
| Logic bomb | Availability | Medium | Delete or corrupt data | Anti-virus program |
| Unsecured Wireless Network | Confidentiality | High | Capture network data or attacks the computer | Create a Security PolicyConfigure for Secured Network AccessCreate Service Set Identifier (SSID) |
| Keystroke logging | Confidentiality | Medium | Identity theft, espionage, or data breach | Encryption installing “anti-key logging keystroke encryption software and other antivirus software |
| Packet Collisions | Confidentiality | Medium | loss of the data and require retransmission. | CSMA/CD (Carrier Sense Multiple Access/Collision Detection) on 802.3 networks |
| User errors | Data and System Integrity | High | Data corruption | Training to educate on how to deal with security threats |
| Firewall Security | Network Security | Medium | Loads of wrong packets coming in and out of the network, slow down network or many virus or Trojan’s | Enable rules and polices to block dangerous data from entering the network |
| Denial of Service | Availability | Medium | No one will be able to visit website or place orders, company loss of money (income) | Firewalls and active IPS |
| Antivirus | Network Security | High | Viruses through out companies equipment, Trojan’s | Install antivirus software and make sure up to date |
| Modification of Data | Integrity | High | Loss data, company losses | Encryption, strong access control |
guardUnauthorized AccessConfidentiality HighViruses, missing data, computer vandalize Access control security measuresUnauthorized DownloadsAvailability HighViruses, Trojan’s, ect. Block access to unauthorized/illegal software education and awarenessTheft of EquipmentPhysicalMedium Missing data, company loss, security secrets Use physical security measures Destruction of EquipmentAvailabilityLowMissing data, company losses Use physical security measures Environmental DisasterEnvironmentalLowMissing data, company loss, DeathCan use a backup disaster recovery planEquipment DisposalEnvironmental LowEnvironmental laws, fees, environment destruction Ensure that all devices are whipped clean before disposalVulnerabilitiesThreats ProbabilityImpactSuggested Mitigation Steps Logical Group PoliciesNetwork SecurityHighAlter polices and turn on turned off setting and accessMonitor group polices on a bi-weekly basis. Make sure no modifications have been made.Data Encryption ConfidentialityMediumDecrypt important secretive information
File Type:docx---More Text Follows---
Buy to view complete answer, price $45
Place an Order
Plagiarism Free!
Create an Account
Create an account at Top Tutor Online
- Allows you to track orders.
- Receive personal messages.
- Send messages to a tutor.
Post a Question/ Assignment
Post your specific assignment
- Tutors will be notified of your assignment.
- Review your question and include all the details.
- A payment Link will be sent to you.
Wait for your Answer!
Make payment and wait for your answer
- Make payment in accordance with the number of pages to be written.
- Wait for your Answer as a professional works on your paper.
- You will be notified when your Answer is ready.