Risk assessment report
-
Upload
eurry-eugenes -
Category
Technology
-
view
84 -
download
0
Transcript of Risk assessment report
Risk Assessment Report
Information Systems Risk Assessment Report
ForBARRATT & ASSOCIATES LIMITED
(B&A)
BY: Eugene Mukuka
Date: 13th November, 2015
i
Risk Assessment Report
TABLE OF CONTENTINTRODUCTION…………………………………………………………………………………
……………….. 1RISK CLASSIFICATION......................................................................................1VULNERABILITIES, RISKS AND THREATS..........................................................2CONCLUSION...................................................................................................6REFFERENCES………………………………………………………………………………………………………………..6
ii
Risk Assessment Report
1. INTRODUCTION
Information Systems technology as a technology with the fastest rate of development and application in all sectors of business, requires adequate protection to provide high security. The aim of the risk analysis applied on an information system is to identify and evaluate threats, vulnerabilities and risks associated with the system in place. IT assets are exposed to risk of damage or loss. IT security involves protecting the hardware and information stored electronically. That protection validates data integrity, availability and confidentiality. Nowadays, there are many types of computer crimes; money theft 44%, damage of software 16%, theft of information 16%, alteration of data 12%, theft of services 10%, trespass 2% (Boran, 2003).
In this report I will look at the weaknesses/vulnerabilities of B&A Information System, potential threats to it and its associated risks. As an agency specialized in debt collection with over 300 employees at different offices in the UK; protecting its client and the information that resides on its network is number one top priority.
2. RISK CLASSIFICATION
Risk Classifications
Risk Level
Risk Description
High The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on B&A operations, its Assets or on its employees.
Moderate
The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on B&A operations, its Assets or on its employees.
Low The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on B&A operations, its Assets or on its employees.
1
Risk Assessment Report
3. VULNERABILITIES, THREATS AND RISK
Vulnerabilities, Threats, and Risks
RiskNo. Vulnerability Threat
Risk of Compromise
ofRisk Summary
1
No firewall protection in B&A system.
Computer crime
Malicious use
System compromise
Unauthorized use
Confidentiality and integrity of B&A data.
This system has no firewall installed on it this can result in increasing the likelihood of other risks being exploited
2
Use of outdated OS and unsupported Platforms
Computer crime, malicious use, system compromise, unauthorized access
Confidentiality and integrity of B&A data
Windows XP running on most B&A Laptops is unsupported OS, and Windows Server 2003 support ended in July 2015.
2
Risk Assessment Report
RiskNo. Vulnerability Threat
Risk of Compromise
ofRisk Summary
3
Remote access to the system not properly monitored.
System compromise
Unauthorized access
Confidentiality and integrity of B&A data.
Remote access to system if not monitored well, especially that no firewalls have been put in place, may lead to unauthorized access that could result in compromise of confidentiality and integrity of B&A Financial data.
4
Hardware Issues/Equipment Failure or loss of portable devices
System Unavailable
Inability to access the system.
Loss of portable devises like USB & stick or equipment would result in the entire system or some portion of the system being unavailable.
5
Inadequate Database Support- CPU Power Limit
malicious use, system compromise, unauthorized access
Confidentiality and integrity of corporate data, inability to access and recover corporate data.
Database failure could result from improper representation of financial information for B&A clients.
3
Risk Assessment Report
RiskNo. Vulnerability Threat
Risk of Compromise
ofRisk Summary
6
Working away from home
hackers, malicious use, system compromise, unauthorized access
Confidentiality and integrity of corporate data
Loss of data on portable devices can result in serious legal issues for B&A ltd.
7
System Compromise
hackers, malicious use, unauthorized access
Confidentiality and integrity of corporate data.
Compromise system could result in data theft, data corruption, application system alteration or disruption.
8
Poor Physical Security- badge readers.
hackers, malicious use, system compromise, unauthorized access
Confidentiality and integrity of corporate data.
Poor physical security could allow personal access to staff workstations or Computer Center assets which could result in data theft, data corruption, application system alteration or disruption.
4
Risk Assessment Report
RiskNo. Vulnerability Threat
Risk of Compromise
ofRisk Summary
9
Functional Lockout
System unavailability
Inability to access the system.
The inability of staff to access the system infrastructure or applications could result in the inability to access the system. This will compromise the integrity and availability of information
10
Environ-Mental Issues
Loss of AC or power.
Inability to access the system.
Environmental issues could result in the inability to access and maintain server hardware.
11
Natural Disaster
Hurricanes, floods, and other weather phenomenon.
Inability to access the system.
Natural disasters could interrupt power to B&A Workstations and make it impossible for staff to support the server environment thus disabling access to web applications, exchange servers, oracle databases and all the accessible files of B&A Ltd.
5
Risk Assessment Report
6
Risk Assessment Report
4. CONCLUSION
The above identified system risks my not be completely wiped out, but B & A Ltd can at least minimize them by putting up stringent measures to address the risk. Any organizations information system is vulnerable to different types of threats associate to different types of risks. An enterprise firewall and intrusion-monitoring tools may be sufficient to address possible compromise of some of the systems threats, while other exposures may involve the business rules themselves, demanding a change to the core logic of the organization. Use of latest IT/IS platform will help B&A Ltd to have a well secure platform from its system providers, this will later give its clients confidence even when submitting their information. All in all security controls should be in place.
5. REFFERENCES
Laban, M., Krnjet in, S., & Niko lic, B. (2007). Risk management and risk assessment in the enterprise. Symposium about Occupational Safety and Health, Novi Sad, pp. 44-57
Boran, S., (2003).IT security cook book. Boran Consulting.
Risk Management. (2006). Implementation principles and Inventories for Risk Management/Risk Assess-ment methods and tools. Conducted by the Technical Department of ENISA Section Risk Manage-ment, June 2006.
Carl Claunch, (2015). Managing risk after support for windows Server 2003 end, ComputerWeekly.comhttp://www.computerweekly.com/feature/Managing-risk-after-support-for-Windows-Server-2003-ends accessed on 9/11/2015
Carl Claunch, (2015). Managing risk after support for windows server 2003 ends, ComputerWeekly.com
7