SlideShare a Scribd company logo

Risk Assessment In this assignment, you will perform a qualitat.docx

Download as DOCX, PDF
S
SUBHI7

Risk Assessment In this assignment, you will perform a qualitative risk assessment, using a template that has been provided below. Your last assignment in the course will be to take one of these risks and develop a section for your Incident Response Plan or Disaster Recovery Plan that address that risk. 1. You will work on a risk assessment using one of the agencies as assigned, below: Organization Link to Audit Reports Office of Personnel Management (OPM) https://www.opm.gov/our-inspector-general/reports/2016/federal-information-security-modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf https://www.opm.gov/our-inspector-general/reports/2015/federal-information-security-modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15-011.pdf https://www.opm.gov/our-inspector-general/reports/2016/federal-information-security-modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf You will read through the report and look for findings and recommendations from the GAO’s audit of the agency’s security practices. Your job will be to develop a risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below: Threat Origination Category Type Identifier Threats launched purposefully P Threats created by unintentional human or machine errors U Threats caused by environmental agents or disruptions E Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category. Some threat types are more likely to occur than others. The following table takes threat types into consideration to help determine the likelihood that vulnerability could be exploited. The threat table shown in Table 2-2 is designed to offer typical threats to information systems and these threats have been considered for the organization. Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are. ID Threat Name Type ID Description Typical Impact to Data or System Confidentiality Integrity Availability T-1 Alteration U, P, E Alteration of data, files, or records. Modification T-2 Audit Compromise P An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event. Also applies to a purposeful act by an Administrator to mask unauthorized activity. Modification or Destruction Unavailable Accurate Records T-3 Bomb P An intentional explosion. Modification or Destruction Denial of Service T-4 Communications Failure U, E Cut of f ...

Education
1 of 19
Risk Assessment In this assignment, you will perform a qualitative risk assessment, using a template that has been provided below. Your last assignment in the course will be to take one of these risks and develop a section for your Incident Response Plan or Disaster Recovery Plan that address that risk. 1. You will work on a risk assessment using one of the agencies as assigned, below: Organization Link to Audit Reports Office of Personnel Management (OPM) https://www.opm.gov/our-inspector- general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf https://www.opm.gov/our-inspector- general/reports/2015/federal-information-security- modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15- 011.pdf https://www.opm.gov/our-inspector- general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf You will read through the report and look for findings and recommendations from the GAO’s audit of the agency’s security practices. Your job will be to develop a risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below: Threat Origination Category Type Identifier Threats launched purposefully P Threats created by unintentional human or machine errors U Threats caused by environmental agents or disruptions
E Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category. Some threat types are more likely to occur than others. The following table takes threat types into consideration to help determine the likelihood that vulnerability could be exploited. The threat table shown in Table 2-2 is designed to offer typical threats to information systems and these threats have been considered for the organization. Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are. ID Threat Name Type ID Description Typical Impact to Data or System Confidentiality Integrity Availability T-1 Alteration U, P, E Alteration of data, files, or records. Modification T-2
Audit Compromise P An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event. Also applies to a purposeful act by an Administrator to mask unauthorized activity. Modification or Destruction Unavailable Accurate Records T-3 Bomb P An intentional explosion. Modification or Destruction Denial of Service T-4 Communications Failure U, E Cut of fiber optic lines, trees falling on telephone lines. Denial of Service T-5 Compromising Emanations P Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information. Disclosure T-6 Cyber Brute Force P
Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities. Disclosure Modification or Destruction Denial of Service T-7 Data Disclosure P, U An attacker uses techniques that could result in the disclosure of sensitive information by exploiting weaknesses in the design or configuration. Also used in instances where misconfiguration or the lack of a security control can lead to the unintentional disclosure of data. Disclosure T-8 Data Entry Error U Human inattention, lack of knowledge, and failure to cross- check system activities could contribute to errors becoming integrated and ingrained in automated systems. Modification T-9 Denial of Service P An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems. Denial of Service T-10
Distributed Denial of Service Attack P An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems. Denial of Service T-11 Earthquake E Seismic activity can damage the information system or its facility. Please refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF08- 1128_v1.1.pdf . Destruction Denial of Service T-12 Electromagnetic Interference E, P Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra- high frequency (UHF) communications devices (jamming) or sun spots. Denial of Service T-13 Espionage P The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information . Disclosure Modification
T-14 Fire E, P Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires. Destruction Denial of Service T-15 Floods E Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation should be considered. Destruction Denial of Service T-16 Fraud P Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system. Disclosure Modification or Destruction Unavailable Accurate Records T-17 Hardware or Equipment Failure E Hardware or equipment may fail due to a variety of reasons. Denial of Service T-18 Hardware Tampering P
An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides. Modification Denial of Service T-19 Hurricane E A category 1, 2, 3, 4, or 5 land falling hurricane could impact the facilities that house the information systems. Destruction Denial of Service T-20 Malicious Software P Software that damages a system such a virus, Trojan, or worm. Modification or Destruction Denial of Service T-21 Phishing Attack P Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source. Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information. Disclosure Modification or Destruction Denial of Service T-22
Power Interruptions E Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout). Denial of Service T-23 Procedural Error U An error in procedures could result in unintended consequences. This is also used where there is a lack of defined procedures that introduces an element of risk. Disclosure Modification or Destruction Denial of Service T-24 Procedural Violations P Violations of standard procedures. Disclosure Modification or Destruction Denial of Service T-25 Resource Exhaustion U An errant (buggy) process may create a situation that exhausts critical resources preventing access to services. Denial of Service T-26 Sabotage P Underhand interference with work.
Modification or Destruction Denial of Service T-27 Scavenging P Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data. Disclosure T-28 Severe Weather E Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornados, or snowfall. Destruction Denial of Service T-29 Social Engineering P An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities. Disclosure T-30 Software Tampering P Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions. Modification or Destruction
T-31 Terrorist P An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations. Modification or Destruction Denial of Service T-32 Theft P An adversary could steal elements of the hardware. Denial of Service T-33 Time and State P An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state). Disclosure Modification Denial of Service T-34 Transportation Accidents E Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo should be determined when considering the probability of local transportation accidents.
Destruction Denial of Service T-35 Unauthorized Facility Access P An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability. Disclosure Modification or Destruction Denial of Service T-36 Unauthorized Systems Access P An unauthorized user accesses a system or data. Disclosure Modification or Destruction Analyze Risk The risk analysis for each vulnerability consists of assessing security controls to determine the likelihood that vulnerability could be exploited and the potential impact should the vulnerability be exploited. Essentially, risk is proportional to both likelihood of exploitation and possible impact. The following sections provide a brief description of each component used to determine the risk. Likelihood This risk analysis process is based on qualitative risk analysis. In qualitative risk analysis the impact of exploiting a threat is measured in relative terms. When a system is easy to exploit, it has a High likelihood that a threat could exploit the vulnerability. Likelihood definitions for the exploitation of vulnerabilities are found in the following table. Likelihood
Description Low There is little to no chance that a threat could exploit vulnerability and cause loss to the system or its data. Medium There is a Medium chance that a threat could exploit vulnerability and cause loss to the system or its data. High There is a High chance that a threat could exploit vulnerability and cause loss to the system or its data. Impact Impact refers to the magnitude of potential harm that could be caused to the system (or its data) by successful exploitation. Definitions for the impact resulting from the exploitation of a vulnerability are described in the following table. Since exploitation has not yet occurred, these values are perceived values. If the exploitation of vulnerability can cause significant loss to a system (or its data) then the impact of the exploit is considered to be High. Impact Description Low If vulnerabilities are exploited by threats, little to no loss to the system, networks, or data would occur. Medium If vulnerabilities are exploited by threats, Medium loss to the system, networks, and data would occur. High If vulnerabilities are exploited by threats, significant loss to the system, networks, and data would occur. Risk Level
The risk level for the finding is the intersection of the likelihood value and impact value as depicted the table depicted below. The combination of High likelihood and High impact creates the highest risk exposure. The risk exposure matrix shown in the table below presents the same likelihood and impact severity ratings as those found in NIST SP 800-30 Risk Management Guide for Information Technology Systems. Impact Likelihood High Medium Low High High Medium Low Medium Medium Medium Low Low Low Low LowRisk Assessment Results This section documents the technical and non-technical security risks to the system. Complete the following risk assessment table, ensuring that you have addressed at least 15 risks. You will be graded on your ability to demonstrate knowledge that the risks are relevant to the company you have identified, as well as that the security controls are appropriate to the controlling the risks you have identified. The following provides a brief description of the information
documented in each column: · Identifier: Provides a unique number used for referencing each vulnerability in the form of R#-Security Control ID. · Source: Indicates the source where the vulnerability was identified (e.g., System Security Plan or Audit.) · Threat: Indicates the applicable threat type from the table of threats.. · Risk Description: Provides a brief description of the risk. · Business Impact: Provides a brief description of the impact to the organization if the risk is realized. · Recommended Corrective Action: Provides a brief description of the corrective action(s) recommended for mitigating the risks associated with the finding. · Likelihood: Provides the likelihood of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Impact: Provides the impact of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Risk Level: Provides the risk level (high, Medium, low) for the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. You will complete and submit the following completed table for grading. Organization/Agency Selected: Organization/Agency Mission: Identifier Source
Threat ID Risk Description Business Impact Recommended Corrective Action Likelihood Impact Risk Level R-01. Audit T-1, T-8, T-23, T-24, T-36 Notification is not performed when account changes are made. The lack of notification allows unauthorized changes to individuals who elevate permissions and group membership to occur without detection. Enable auditing of all activities performed under privileged accounts in GPOs and develop a process to allow these events to be reviewed by an individual who does not have Administrative privileges. Medium Medium Medium R-02. R-03.
R-04. R-05. R-06. R-07.
R-08. R-09. R-010. R-011.
R-012. R-013. R-014. R-015.
Risk Assessment In this assignment, you will perform a qualitat.docx

Recommended

Information and Communication technology
Information and Communication technologyInformation and Communication technology
Information and Communication technologyJamesRoyBacolinaDuga
 
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxRunning head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxtodd521
 
Substation Cyber Security
Substation Cyber SecuritySubstation Cyber Security
Substation Cyber SecuritySchneider Electric
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
introduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdfintroduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdfPrabaKaran649935
 
ke-1.pptx
ke-1.pptxke-1.pptx
ke-1.pptxAhmadNaswin
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
4 Questions only Question 6. I have answered part of the.docx
4 Questions only Question 6. I have answered part of the.docx4 Questions only Question 6. I have answered part of the.docx
4 Questions only Question 6. I have answered part of the.docxtamicawaysmith
 

Recommended

Information and Communication technology
Information and Communication technologyInformation and Communication technology
Information and Communication technologyJamesRoyBacolinaDuga
 
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxRunning head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxtodd521
 
Substation Cyber Security
Substation Cyber SecuritySubstation Cyber Security
Substation Cyber SecuritySchneider Electric
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
introduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdfintroduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdfPrabaKaran649935
 
ke-1.pptx
ke-1.pptxke-1.pptx
ke-1.pptxAhmadNaswin
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
4 Questions only Question 6. I have answered part of the.docx
4 Questions only Question 6. I have answered part of the.docx4 Questions only Question 6. I have answered part of the.docx
4 Questions only Question 6. I have answered part of the.docxtamicawaysmith
 
Risk Assessment documentation templates are located within this se.docx
Risk Assessment documentation templates are located within this se.docxRisk Assessment documentation templates are located within this se.docx
Risk Assessment documentation templates are located within this se.docxSUBHI7
 
150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_finalTerry Young
 
150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_finalTerry Young
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docx
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docxThreat Mitigation WorksheetForm # TM01Page ____ of _____.docx
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docxherthalearmont
 
Sheet1Asset IDCommon potential points of failure and known vulnera.docx
Sheet1Asset IDCommon potential points of failure and known vulnera.docxSheet1Asset IDCommon potential points of failure and known vulnera.docx
Sheet1Asset IDCommon potential points of failure and known vulnera.docxbagotjesusa
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docxtamicawaysmith
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paperImaging Network Technology, LLC
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptxams1ams11
 
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
PBL PROJECT - B2- (54,56,50,40) (2) (1).pptPBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
PBL PROJECT - B2- (54,56,50,40) (2) (1).pptItzsonya
 
1. Written assignmentscommunication must demonstrate professional.docx
1. Written assignmentscommunication must demonstrate professional.docx1. Written assignmentscommunication must demonstrate professional.docx
1. Written assignmentscommunication must demonstrate professional.docxpaynetawnya
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI
 
Need for security
Need for securityNeed for security
Need for securityUniversity of Central Punjab
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber securityThames Global Consultants
 
1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docx1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docxstilliegeorgiana
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.pptIbrahimAl22
 
The material for this moduleweek has led us from Europe, through fi.docx
The material for this moduleweek has led us from Europe, through fi.docxThe material for this moduleweek has led us from Europe, through fi.docx
The material for this moduleweek has led us from Europe, through fi.docxSUBHI7
 
The media informs many viewers of deviance and crime, victims of cri.docx
The media informs many viewers of deviance and crime, victims of cri.docxThe media informs many viewers of deviance and crime, victims of cri.docx
The media informs many viewers of deviance and crime, victims of cri.docxSUBHI7
 

More Related Content

Similar to Risk Assessment In this assignment, you will perform a qualitat.docx

Risk Assessment documentation templates are located within this se.docx
Risk Assessment documentation templates are located within this se.docxRisk Assessment documentation templates are located within this se.docx
Risk Assessment documentation templates are located within this se.docxSUBHI7
 
150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_finalTerry Young
 
150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_finalTerry Young
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docx
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docxThreat Mitigation WorksheetForm # TM01Page ____ of _____.docx
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docxherthalearmont
 
Sheet1Asset IDCommon potential points of failure and known vulnera.docx
Sheet1Asset IDCommon potential points of failure and known vulnera.docxSheet1Asset IDCommon potential points of failure and known vulnera.docx
Sheet1Asset IDCommon potential points of failure and known vulnera.docxbagotjesusa
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docxtamicawaysmith
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptxams1ams11
 
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
PBL PROJECT - B2- (54,56,50,40) (2) (1).pptPBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
PBL PROJECT - B2- (54,56,50,40) (2) (1).pptItzsonya
 
1. Written assignmentscommunication must demonstrate professional.docx
1. Written assignmentscommunication must demonstrate professional.docx1. Written assignmentscommunication must demonstrate professional.docx
1. Written assignmentscommunication must demonstrate professional.docxpaynetawnya
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docx1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docxstilliegeorgiana
 

Similar to Risk Assessment In this assignment, you will perform a qualitat.docx (20)

Risk Assessment documentation templates are located within this se.docx
Risk Assessment documentation templates are located within this se.docxRisk Assessment documentation templates are located within this se.docx
Risk Assessment documentation templates are located within this se.docx
 
150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final
 
150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final150 0046-001 cost-lte_outages_industryinsights_final
150 0046-001 cost-lte_outages_industryinsights_final
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
 
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docx
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docxThreat Mitigation WorksheetForm # TM01Page ____ of _____.docx
Threat Mitigation WorksheetForm # TM01Page ____ of _____.docx
 
Sheet1Asset IDCommon potential points of failure and known vulnera.docx
Sheet1Asset IDCommon potential points of failure and known vulnera.docxSheet1Asset IDCommon potential points of failure and known vulnera.docx
Sheet1Asset IDCommon potential points of failure and known vulnera.docx
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
 
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
PBL PROJECT - B2- (54,56,50,40) (2) (1).pptPBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
 
1. Written assignmentscommunication must demonstrate professional.docx
1. Written assignmentscommunication must demonstrate professional.docx1. Written assignmentscommunication must demonstrate professional.docx
1. Written assignmentscommunication must demonstrate professional.docx
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
 
Need for security
Need for securityNeed for security
Need for security
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber security
 
1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docx1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docx
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
 

More from SUBHI7

The material for this moduleweek has led us from Europe, through fi.docx
The material for this moduleweek has led us from Europe, through fi.docxThe material for this moduleweek has led us from Europe, through fi.docx
The material for this moduleweek has led us from Europe, through fi.docxSUBHI7
 
The media informs many viewers of deviance and crime, victims of cri.docx
The media informs many viewers of deviance and crime, victims of cri.docxThe media informs many viewers of deviance and crime, victims of cri.docx
The media informs many viewers of deviance and crime, victims of cri.docxSUBHI7
 
The midterm is already late.  I would like to submit ASAP.Illust.docx
The midterm is already late.  I would like to submit ASAP.Illust.docxThe midterm is already late.  I would like to submit ASAP.Illust.docx
The midterm is already late.  I would like to submit ASAP.Illust.docxSUBHI7
 
The major assignment for this week is to compose a 900-word essay co.docx
The major assignment for this week is to compose a 900-word essay co.docxThe major assignment for this week is to compose a 900-word essay co.docx
The major assignment for this week is to compose a 900-word essay co.docxSUBHI7
 
The minimum length for this assignment is 1,200 wordsMust use APA .docx
The minimum length for this assignment is 1,200 wordsMust use APA .docxThe minimum length for this assignment is 1,200 wordsMust use APA .docx
The minimum length for this assignment is 1,200 wordsMust use APA .docxSUBHI7
 
The Military•Select three characteristics of the early America.docx
The Military•Select three characteristics of the early America.docxThe Military•Select three characteristics of the early America.docx
The Military•Select three characteristics of the early America.docxSUBHI7
 
The minimum length for this assignment is 2,000 wordsDiscoveries.docx
The minimum length for this assignment is 2,000 wordsDiscoveries.docxThe minimum length for this assignment is 2,000 wordsDiscoveries.docx
The minimum length for this assignment is 2,000 wordsDiscoveries.docxSUBHI7
 
The Mini Project Task Instructions Read about validity and reliab.docx
The Mini Project Task Instructions Read about validity and reliab.docxThe Mini Project Task Instructions Read about validity and reliab.docx
The Mini Project Task Instructions Read about validity and reliab.docxSUBHI7
 
The Mexican ceramics folk-art firm signs a contract for the Mexican .docx
The Mexican ceramics folk-art firm signs a contract for the Mexican .docxThe Mexican ceramics folk-art firm signs a contract for the Mexican .docx
The Mexican ceramics folk-art firm signs a contract for the Mexican .docxSUBHI7
 
The maximum size of the Layer 2 frame has become a source of ineffic.docx
The maximum size of the Layer 2 frame has become a source of ineffic.docxThe maximum size of the Layer 2 frame has become a source of ineffic.docx
The maximum size of the Layer 2 frame has become a source of ineffic.docxSUBHI7
 
The menu structure for Holiday Travel Vehicles existing character-b.docx
The menu structure for Holiday Travel Vehicles existing character-b.docxThe menu structure for Holiday Travel Vehicles existing character-b.docx
The menu structure for Holiday Travel Vehicles existing character-b.docxSUBHI7
 
The marks are the actual grades which I got in the exam. So, if .docx
The marks are the actual grades which I got in the exam. So, if .docxThe marks are the actual grades which I got in the exam. So, if .docx
The marks are the actual grades which I got in the exam. So, if .docxSUBHI7
 
the main discussion will be Schwarzenegger and fitness,talk about ho.docx
the main discussion will be Schwarzenegger and fitness,talk about ho.docxthe main discussion will be Schwarzenegger and fitness,talk about ho.docx
the main discussion will be Schwarzenegger and fitness,talk about ho.docxSUBHI7
 
The minimum length for this assignment is 1,500 words. Cellular .docx
The minimum length for this assignment is 1,500 words. Cellular .docxThe minimum length for this assignment is 1,500 words. Cellular .docx
The minimum length for this assignment is 1,500 words. Cellular .docxSUBHI7
 
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docx
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docxThe Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docx
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docxSUBHI7
 
The main characters in Tay Garnetts film The Postman Always Rings.docx
The main characters in Tay Garnetts film The Postman Always Rings.docxThe main characters in Tay Garnetts film The Postman Always Rings.docx
The main characters in Tay Garnetts film The Postman Always Rings.docxSUBHI7
 
The minimum length for this assignment is 2,000 words and MUST inclu.docx
The minimum length for this assignment is 2,000 words and MUST inclu.docxThe minimum length for this assignment is 2,000 words and MUST inclu.docx
The minimum length for this assignment is 2,000 words and MUST inclu.docxSUBHI7
 
The mafia is a well organized enterprise that deals with drugs, pros.docx
The mafia is a well organized enterprise that deals with drugs, pros.docxThe mafia is a well organized enterprise that deals with drugs, pros.docx
The mafia is a well organized enterprise that deals with drugs, pros.docxSUBHI7
 
The minimum length for this assignment is 1,500 words. Be sure to ch.docx
The minimum length for this assignment is 1,500 words. Be sure to ch.docxThe minimum length for this assignment is 1,500 words. Be sure to ch.docx
The minimum length for this assignment is 1,500 words. Be sure to ch.docxSUBHI7
 
The madrigal was a very popular musical genre in the Renaissance. Ex.docx
The madrigal was a very popular musical genre in the Renaissance. Ex.docxThe madrigal was a very popular musical genre in the Renaissance. Ex.docx
The madrigal was a very popular musical genre in the Renaissance. Ex.docxSUBHI7
 

More from SUBHI7 (20)

The material for this moduleweek has led us from Europe, through fi.docx
The material for this moduleweek has led us from Europe, through fi.docxThe material for this moduleweek has led us from Europe, through fi.docx
The material for this moduleweek has led us from Europe, through fi.docx
 
The media informs many viewers of deviance and crime, victims of cri.docx
The media informs many viewers of deviance and crime, victims of cri.docxThe media informs many viewers of deviance and crime, victims of cri.docx
The media informs many viewers of deviance and crime, victims of cri.docx
 
The midterm is already late.  I would like to submit ASAP.Illust.docx
The midterm is already late.  I would like to submit ASAP.Illust.docxThe midterm is already late.  I would like to submit ASAP.Illust.docx
The midterm is already late.  I would like to submit ASAP.Illust.docx
 
The major assignment for this week is to compose a 900-word essay co.docx
The major assignment for this week is to compose a 900-word essay co.docxThe major assignment for this week is to compose a 900-word essay co.docx
The major assignment for this week is to compose a 900-word essay co.docx
 
The minimum length for this assignment is 1,200 wordsMust use APA .docx
The minimum length for this assignment is 1,200 wordsMust use APA .docxThe minimum length for this assignment is 1,200 wordsMust use APA .docx
The minimum length for this assignment is 1,200 wordsMust use APA .docx
 
The Military•Select three characteristics of the early America.docx
The Military•Select three characteristics of the early America.docxThe Military•Select three characteristics of the early America.docx
The Military•Select three characteristics of the early America.docx
 
The minimum length for this assignment is 2,000 wordsDiscoveries.docx
The minimum length for this assignment is 2,000 wordsDiscoveries.docxThe minimum length for this assignment is 2,000 wordsDiscoveries.docx
The minimum length for this assignment is 2,000 wordsDiscoveries.docx
 
The Mini Project Task Instructions Read about validity and reliab.docx
The Mini Project Task Instructions Read about validity and reliab.docxThe Mini Project Task Instructions Read about validity and reliab.docx
The Mini Project Task Instructions Read about validity and reliab.docx
 
The Mexican ceramics folk-art firm signs a contract for the Mexican .docx
The Mexican ceramics folk-art firm signs a contract for the Mexican .docxThe Mexican ceramics folk-art firm signs a contract for the Mexican .docx
The Mexican ceramics folk-art firm signs a contract for the Mexican .docx
 
The maximum size of the Layer 2 frame has become a source of ineffic.docx
The maximum size of the Layer 2 frame has become a source of ineffic.docxThe maximum size of the Layer 2 frame has become a source of ineffic.docx
The maximum size of the Layer 2 frame has become a source of ineffic.docx
 
The menu structure for Holiday Travel Vehicles existing character-b.docx
The menu structure for Holiday Travel Vehicles existing character-b.docxThe menu structure for Holiday Travel Vehicles existing character-b.docx
The menu structure for Holiday Travel Vehicles existing character-b.docx
 
The marks are the actual grades which I got in the exam. So, if .docx
The marks are the actual grades which I got in the exam. So, if .docxThe marks are the actual grades which I got in the exam. So, if .docx
The marks are the actual grades which I got in the exam. So, if .docx
 
the main discussion will be Schwarzenegger and fitness,talk about ho.docx
the main discussion will be Schwarzenegger and fitness,talk about ho.docxthe main discussion will be Schwarzenegger and fitness,talk about ho.docx
the main discussion will be Schwarzenegger and fitness,talk about ho.docx
 
The minimum length for this assignment is 1,500 words. Cellular .docx
The minimum length for this assignment is 1,500 words. Cellular .docxThe minimum length for this assignment is 1,500 words. Cellular .docx
The minimum length for this assignment is 1,500 words. Cellular .docx
 
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docx
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docxThe Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docx
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docx
 
The main characters in Tay Garnetts film The Postman Always Rings.docx
The main characters in Tay Garnetts film The Postman Always Rings.docxThe main characters in Tay Garnetts film The Postman Always Rings.docx
The main characters in Tay Garnetts film The Postman Always Rings.docx
 
The minimum length for this assignment is 2,000 words and MUST inclu.docx
The minimum length for this assignment is 2,000 words and MUST inclu.docxThe minimum length for this assignment is 2,000 words and MUST inclu.docx
The minimum length for this assignment is 2,000 words and MUST inclu.docx
 
The mafia is a well organized enterprise that deals with drugs, pros.docx
The mafia is a well organized enterprise that deals with drugs, pros.docxThe mafia is a well organized enterprise that deals with drugs, pros.docx
The mafia is a well organized enterprise that deals with drugs, pros.docx
 
The minimum length for this assignment is 1,500 words. Be sure to ch.docx
The minimum length for this assignment is 1,500 words. Be sure to ch.docxThe minimum length for this assignment is 1,500 words. Be sure to ch.docx
The minimum length for this assignment is 1,500 words. Be sure to ch.docx
 
The madrigal was a very popular musical genre in the Renaissance. Ex.docx
The madrigal was a very popular musical genre in the Renaissance. Ex.docxThe madrigal was a very popular musical genre in the Renaissance. Ex.docx
The madrigal was a very popular musical genre in the Renaissance. Ex.docx
 

Recently uploaded

General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 

Recently uploaded (20)

General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Risk Assessment In this assignment, you will perform a qualitat.docx

  • 1. Risk Assessment In this assignment, you will perform a qualitative risk assessment, using a template that has been provided below. Your last assignment in the course will be to take one of these risks and develop a section for your Incident Response Plan or Disaster Recovery Plan that address that risk. 1. You will work on a risk assessment using one of the agencies as assigned, below: Organization Link to Audit Reports Office of Personnel Management (OPM) https://www.opm.gov/our-inspector- general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf https://www.opm.gov/our-inspector- general/reports/2015/federal-information-security- modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15- 011.pdf https://www.opm.gov/our-inspector- general/reports/2016/federal-information-security- modernization-act-audit-fiscal-year-2016-4a-ci-00-16-039.pdf You will read through the report and look for findings and recommendations from the GAO’s audit of the agency’s security practices. Your job will be to develop a risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below: Threat Origination Category Type Identifier Threats launched purposefully P Threats created by unintentional human or machine errors U Threats caused by environmental agents or disruptions
  • 2. E Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category. Some threat types are more likely to occur than others. The following table takes threat types into consideration to help determine the likelihood that vulnerability could be exploited. The threat table shown in Table 2-2 is designed to offer typical threats to information systems and these threats have been considered for the organization. Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are. ID Threat Name Type ID Description Typical Impact to Data or System Confidentiality Integrity Availability T-1 Alteration U, P, E Alteration of data, files, or records. Modification T-2
  • 3. Audit Compromise P An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event. Also applies to a purposeful act by an Administrator to mask unauthorized activity. Modification or Destruction Unavailable Accurate Records T-3 Bomb P An intentional explosion. Modification or Destruction Denial of Service T-4 Communications Failure U, E Cut of fiber optic lines, trees falling on telephone lines. Denial of Service T-5 Compromising Emanations P Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information. Disclosure T-6 Cyber Brute Force P
  • 4. Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities. Disclosure Modification or Destruction Denial of Service T-7 Data Disclosure P, U An attacker uses techniques that could result in the disclosure of sensitive information by exploiting weaknesses in the design or configuration. Also used in instances where misconfiguration or the lack of a security control can lead to the unintentional disclosure of data. Disclosure T-8 Data Entry Error U Human inattention, lack of knowledge, and failure to cross- check system activities could contribute to errors becoming integrated and ingrained in automated systems. Modification T-9 Denial of Service P An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems. Denial of Service T-10
  • 5. Distributed Denial of Service Attack P An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems. Denial of Service T-11 Earthquake E Seismic activity can damage the information system or its facility. Please refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF08- 1128_v1.1.pdf . Destruction Denial of Service T-12 Electromagnetic Interference E, P Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra- high frequency (UHF) communications devices (jamming) or sun spots. Denial of Service T-13 Espionage P The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information . Disclosure Modification
  • 6. T-14 Fire E, P Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires. Destruction Denial of Service T-15 Floods E Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation should be considered. Destruction Denial of Service T-16 Fraud P Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system. Disclosure Modification or Destruction Unavailable Accurate Records T-17 Hardware or Equipment Failure E Hardware or equipment may fail due to a variety of reasons. Denial of Service T-18 Hardware Tampering P
  • 7. An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides. Modification Denial of Service T-19 Hurricane E A category 1, 2, 3, 4, or 5 land falling hurricane could impact the facilities that house the information systems. Destruction Denial of Service T-20 Malicious Software P Software that damages a system such a virus, Trojan, or worm. Modification or Destruction Denial of Service T-21 Phishing Attack P Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source. Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information. Disclosure Modification or Destruction Denial of Service T-22
  • 8. Power Interruptions E Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout). Denial of Service T-23 Procedural Error U An error in procedures could result in unintended consequences. This is also used where there is a lack of defined procedures that introduces an element of risk. Disclosure Modification or Destruction Denial of Service T-24 Procedural Violations P Violations of standard procedures. Disclosure Modification or Destruction Denial of Service T-25 Resource Exhaustion U An errant (buggy) process may create a situation that exhausts critical resources preventing access to services. Denial of Service T-26 Sabotage P Underhand interference with work.
  • 9. Modification or Destruction Denial of Service T-27 Scavenging P Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data. Disclosure T-28 Severe Weather E Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornados, or snowfall. Destruction Denial of Service T-29 Social Engineering P An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities. Disclosure T-30 Software Tampering P Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions. Modification or Destruction
  • 10. T-31 Terrorist P An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations. Modification or Destruction Denial of Service T-32 Theft P An adversary could steal elements of the hardware. Denial of Service T-33 Time and State P An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state). Disclosure Modification Denial of Service T-34 Transportation Accidents E Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo should be determined when considering the probability of local transportation accidents.
  • 11. Destruction Denial of Service T-35 Unauthorized Facility Access P An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability. Disclosure Modification or Destruction Denial of Service T-36 Unauthorized Systems Access P An unauthorized user accesses a system or data. Disclosure Modification or Destruction Analyze Risk The risk analysis for each vulnerability consists of assessing security controls to determine the likelihood that vulnerability could be exploited and the potential impact should the vulnerability be exploited. Essentially, risk is proportional to both likelihood of exploitation and possible impact. The following sections provide a brief description of each component used to determine the risk. Likelihood This risk analysis process is based on qualitative risk analysis. In qualitative risk analysis the impact of exploiting a threat is measured in relative terms. When a system is easy to exploit, it has a High likelihood that a threat could exploit the vulnerability. Likelihood definitions for the exploitation of vulnerabilities are found in the following table. Likelihood
  • 12. Description Low There is little to no chance that a threat could exploit vulnerability and cause loss to the system or its data. Medium There is a Medium chance that a threat could exploit vulnerability and cause loss to the system or its data. High There is a High chance that a threat could exploit vulnerability and cause loss to the system or its data. Impact Impact refers to the magnitude of potential harm that could be caused to the system (or its data) by successful exploitation. Definitions for the impact resulting from the exploitation of a vulnerability are described in the following table. Since exploitation has not yet occurred, these values are perceived values. If the exploitation of vulnerability can cause significant loss to a system (or its data) then the impact of the exploit is considered to be High. Impact Description Low If vulnerabilities are exploited by threats, little to no loss to the system, networks, or data would occur. Medium If vulnerabilities are exploited by threats, Medium loss to the system, networks, and data would occur. High If vulnerabilities are exploited by threats, significant loss to the system, networks, and data would occur. Risk Level
  • 13. The risk level for the finding is the intersection of the likelihood value and impact value as depicted the table depicted below. The combination of High likelihood and High impact creates the highest risk exposure. The risk exposure matrix shown in the table below presents the same likelihood and impact severity ratings as those found in NIST SP 800-30 Risk Management Guide for Information Technology Systems. Impact Likelihood High Medium Low High High Medium Low Medium Medium Medium Low Low Low Low LowRisk Assessment Results This section documents the technical and non-technical security risks to the system. Complete the following risk assessment table, ensuring that you have addressed at least 15 risks. You will be graded on your ability to demonstrate knowledge that the risks are relevant to the company you have identified, as well as that the security controls are appropriate to the controlling the risks you have identified. The following provides a brief description of the information
  • 14. documented in each column: · Identifier: Provides a unique number used for referencing each vulnerability in the form of R#-Security Control ID. · Source: Indicates the source where the vulnerability was identified (e.g., System Security Plan or Audit.) · Threat: Indicates the applicable threat type from the table of threats.. · Risk Description: Provides a brief description of the risk. · Business Impact: Provides a brief description of the impact to the organization if the risk is realized. · Recommended Corrective Action: Provides a brief description of the corrective action(s) recommended for mitigating the risks associated with the finding. · Likelihood: Provides the likelihood of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Impact: Provides the impact of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. · Risk Level: Provides the risk level (high, Medium, low) for the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. You will complete and submit the following completed table for grading. Organization/Agency Selected: Organization/Agency Mission: Identifier Source
  • 15. Threat ID Risk Description Business Impact Recommended Corrective Action Likelihood Impact Risk Level R-01. Audit T-1, T-8, T-23, T-24, T-36 Notification is not performed when account changes are made. The lack of notification allows unauthorized changes to individuals who elevate permissions and group membership to occur without detection. Enable auditing of all activities performed under privileged accounts in GPOs and develop a process to allow these events to be reviewed by an individual who does not have Administrative privileges. Medium Medium Medium R-02. R-03.