| Vulnerabilities | Threats | Probability | Impact | Suggested Mitigation Steps |
|---|---|---|---|---|
| Physical | ||||
| Card access | Network Security | High | Access any physical location permitted by the card. | Practice having your card on you at all times. This ensures having your card will always be on you. |
| Access Roster | Confidentiality | Low | Bypass authentication | Double and triple check user on access roster. |
| Biometrics | Confidentiality | Low | Building, data, hardware access | Implement roper training. Not used enough |
| Video Monitoring | Environmental | Low | Surveillance of network | Monitor video cabling and monitor from an individual room |
| Lack of IT support/Staff | Availability | Medium | Preventive Maintenance over looked, no Separation of Duties | Maintain Separation of Duties, Security Audits |
| Attacks on Mobile devices | Integrity | High | Viruses, attack to network, data | Maintain policies per network/system requirements |
| Legacy Systems | Integrity | Low | Updates, patches, compatibility | Schedule Update maintain regular replacement program |
| Hardware failure | Physical | Low | Updates, patches, compatibility | Schedule Update maintain regular replacement program |
| Missed security patches | Network Security | Medium | Outdated Security | Keep update schedule, regular audits |
| Terminated Employee | Confidentiality IntegrityAvailability | High | Trade secrets | Implement confidential information use and protection policies, protocols for handling departing employees. |
| Wide Area Application Services | Availability | High | Cause a targeted device to reset. Attacks that result in a DoS condition. | Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected devices. |
| Buffer Overflow | Confidentiality IntegrityAvailability | Medium | Code execution, Denial of service | Buffer overflow protection |
| VoIP Technology | Confidentiality IntegrityAvailability | Medium | Tie up network so its unusable | Documented VoIP security policy, implement a defense-in-depth layered approach. |
| Lack of Physical Security | Physical | High | Unauthorized or covert access, and forcible attack. | CCTV coverageSecurity lightingSecurity guard |
| Unauthorized Access | Confidentiality | High | Viruses, missing data, computer vandalize | Access control security measures |
| Unauthorized Downloads | Availability | High | Viruses, Trojan’s, ect. | Block access to unauthorized/illegal software education and awareness |
| Theft of Equipment | Physical | Medium | Missing data, company loss, security secrets | Use physical security measures |
| Destruction of Equipment | Availability | Low | Missing data, company losses | Use physical security measures |
| Environmental Disaster | Environmental | Low | Missing data, company loss, Death | Can use a backup disaster recovery plan |
| Equipment Disposal | Environmental | Low | Environmental laws, fees, environment destruction | Ensure that all devices are whipped clean before disposal |
| Vulnerabilities | Threats | Probability | Impact | Suggested Mitigation Steps |
|---|---|---|---|---|
| Logical | ||||
| Group Policies | Network Security | High | Alter polices and turn on turned off setting and access | Monitor group polices on a bi-weekly basis. Make sure no modifications have been made. |
| Data Encryption | Confidentiality | Medium | Decrypt important secretive information | Decryption must be done correct. No acceptations. |
| Repository | Availability | Low | No means of back up data. | Always back all information and never overwrite backups. |
| Strong Passwords | Network Security | Medium | Able to access user/email accounts, computers, and servers. | Implement password security. |
| Permissions | Confidentiality | Low | Access specific files | Make sure sufficient but too much permissions are given. Need to know! |
| VPN | Network Security | Medium | Online attack of system, able to access system, accounts, email. | Deny LAN traffic but VPN. Strong passwords, Use of OTP (one time passwords) |
| DMZ | Confidentiality | High | Direct line to hacker or attack. Direct access to external network equipment | Dual firewalls, Subnets |
| Software Bugs and design faults | Integrity | Medium | Hackers can manipulate code, gain access. Send viruses, | Audit designs, testing system, software before releasing. Following strong testing policies. |
| Wifi Vulnerabilities | Network Security | High | Access to network, hackers backdoor vulnerable devices | Firewalls, strong passwords, Proxy servers |
| Lack of security policies | Network Security | High | Weaknesses in networks, preventive maintenance. | Strong policies, security audits. Separation of duties |
| Boot Sector Viruses | Availability | Medium | Inability to access hard driveand application failure` | Boot sector antivirus protector |
| Logic bomb | Availability | Medium | Delete or corrupt data | Anti-virus program |
| Unsecured Wireless Network | Confidentiality | High | Capture network data or attacks the computer | Create a Security PolicyConfigure for Secured Network AccessCreate Service Set Identifier (SSID) |
| Keystroke logging | Confidentiality | Medium | Identity theft, espionage, or data breach | Encryption installing “anti-key logging keystroke encryption software and other antivirus software |
| Packet Collisions | Confidentiality | Medium | loss of the data and require retransmission. | CSMA/CD (Carrier Sense Multiple Access/Collision Detection) on 802.3 networks |
| User errors | Data and System Integrity | High | Data corruption | Training to educate on how to deal with security threats |
| Firewall Security | Network Security | Medium | Loads of wrong packets coming in and out of the network, slow down network or many virus or Trojan’s | Enable rules and polices to block dangerous data from entering the network |
| Denial of Service | Availability | Medium | No one will be able to visit website or place orders, company loss of money (income) | Firewalls and active IPS |
| Antivirus | Network Security | High | Viruses through out companies equipment, Trojan’s | Install antivirus software and make sure up to date |
| Modification of Data | Integrity | High | Loss data, company losses | Encryption, strong access control |
Click following link to download this document
CMGT 430 Week 3 Learning Team Ranking the Pairs.docx
Place an Order
Plagiarism Free!
Create an Account
Create an account at Top Tutor Online
- Allows you to track orders.
- Receive personal messages.
- Send messages to a tutor.
Post a Question/ Assignment
Post your specific assignment
- Tutors will be notified of your assignment.
- Review your question and include all the details.
- A payment Link will be sent to you.
Wait for your Answer!
Make payment and wait for your answer
- Make payment in accordance with the number of pages to be written.
- Wait for your Answer as a professional works on your paper.
- You will be notified when your Answer is ready.