SlideShare a Scribd company logo

1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx

Download as DOCX, PDF
H
hyacinthshackley2629

1.    Title IT Security Risk Assessment 2.    Introduction You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations. A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats. In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive review of the agency’s information security controls and identified numerous issues. The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations. This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action. Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to-date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive level manner that convincingly justifies the need to invest in IT security improvements. This learning demonstration is designed to strengthen these essential knowledge, skills, and abilities needed by IT professionals. 3.    Steps to Completion Your instructor will form the teams. Each member is expected to contribute to the team agreementwhich documents the members’ contact information and sets goals and expectations for the team. 1) Review the Setting and Situation The primary mission of the Bureau of Research and Intelligence (BRI) is to provide multipl.

Education
1 of 11
1. Title IT Security Risk Assessment 2. Introduction You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations. A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats. In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive review of the agency’s information security controls and identified numerous issues. The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations. This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an
organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action. Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to- date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive level manner that convincingly justifies the need to invest in IT security improvements. This learning demonstration is designed to strengthen these essential knowledge, skills, and abilities needed by IT professionals. 3. Steps to Completion Your instructor will form the teams. Each member is expected to contribute to the team agreementwhich documents the members’ contact information and sets goals and expectations for the team. 1) Review the Setting and Situation The primary mission of the Bureau of Research and Intelligence (BRI) is to provide multiple-source intelligence to American diplomats. It must ensure that intelligence activities are consistent with U.S. foreign policy and kept totally confidential. BRI has intelligence analysts who understand U.S. foreign policy concerns as well as the type of information needed by diplomats. The agency is in a dynamic environment in which events affecting foreign policy occur every day. Also, technology is rapidly changing and therefore new types of security opportunities and threats are emerging which may impact the
agency. Due to Congressional budget restrictions, BRI is forced to be selective in the type of security measures that it will implement. Prioritization of proposed security programs and controls based on a sound risk assessment procedure is necessary for this environment. The following incidents involving BRI’s systems occurred and reported in the New York Times and other media outlets: · BRI’s network had been compromised by nation-state- sponsored attackers and that attacks are still continuing. It is believed that the attackers accessed the intelligence data used to support U.S. diplomats. · The chief of the bureau used his personal e-mail system for both official business purposes and for his own individual use. · A software defect in BRI’s human resource system – a web application – improperly allowed users to view the personal information of all BRI employees including social security numbers, birthdates, addresses, and bank account numbers (for direct deposit of their paychecks). After the breach, evidence was accidently destroyed so there was no determination of the cause of the incident or of its attackers. · A teleworker brought home a laptop containing classified intelligence information. It was stolen during a burglary and never recovered. · A disgruntled employee of a contractor for BRI disclosed classified documents through the media. He provided the media with, among other things, confidential correspondence between U.S. diplomats and the President that were very revealing. · Malware had infected all of the computers in several foreign embassies causing public embarrassment, security risks for
personnel and financial losses to individuals, businesses and government agencies including foreign entities. These reports prompted the U.S. Government Accountability Office to conduct a comprehensive review of BRI’s information security posture. Using standards and guidance provided by the National Institute of Standards and Technology and other parties, they had the following findings: Identification and Authentication Controls · Controls over the length of passwords for certain network infrastructure devices were set to less than eight characters. • User account passwords had no expiration dates. • Passwords are the sole means for authentication. Authorization Controls · BRI allowed users to have excessive privileges to the intelligence databases. Specifically, BRI did not appropriately limit the ability of users to enter commands using the user interface. As a result, users could access or change the intelligence data. · BRI did not appropriately configure Oracle databases running on a server that supported multiple applications. The agency configured multiple databases operating on a server to run under one account. As a result, any administrator with access to the account would have access to all of these databases; potentially exceeding his/her job duties. · At least twenty user accounts were active on an application’s database, although they had been requested for removal in BRI’s access request and approval system. Data Security · BRI does not use any type of data encryption for data-at-rest but protects data-in-transit using VPN. · A division data manager can independently control all key aspects of the processing of confidential data collected through intelligence activities.
· One employee was able to derive classified information by “aggregating” unclassified databases. System Security · Wireless systems use the Wired Equivalent Privacy (WEP) standard for ensuring secure transmission of data. · The agency permitted the “Bring Your Own Device” (BYOD) concept and therefore users can utilize their personal mobile devices to connect to the agency network freely. · In the event of a network failure due to hacking, the data center manager has his recovery plan but has not shared it with anyone in or out of the center. He was not aware of any requirement to report incidents outside of the agency. · There has never been any testing of the security controls in the agency. · Processes for the servers have not been documented, but in the minds of the system managers. · Patching of key databases and system components has not been a priority. Patching systems have either been late or not performed at all. Managers explained that it takes time and effort to test patches on its applications. · Scanning devices connected to the network for possible security vulnerabilities are done only when the devices are returned to inventory for future use. · System developers involved with financial systems are allowed to develop code and access production code. Physical Security · An unauthorized personnel was observed “tailgating” or closely following an official employee while entering a secure
data center. · The monthly review process at a data center failed to identify a BI employee who had separated from BRI and did not result in the removal of her access privileges. She was still able to access restricted areas for at least three months after her separation. End User Security · Users even in restricted areas are allowed to use social media such as Facebook. The argument used is that is part of the public outreach efforts of the agency. · Users receive a 5-minute briefing on security as part of their orientation session that occurs typically on their first day of work. There is no other mention of security during the course of employment. · Users are allowed to use public clouds such as Dropbox, Box, and Google Drive to store their data. · BRI has not performed continual background investigations on employees who operate its intelligence applications (one investigation is conducted upon initial employment). · There is no policy regarding the handling of classified information. 2) Examine Background Resources This learning demonstration focuses on theNational Institute of Standards and Technology's (NIST) “Guide for Conducting Risk Assessments” (http://csrc.nist.gov/publications/nistpubs/800-30- rev1/sp800_30_r1.pdf). See Pg. 23 to view the description of the risk management process.
Throughout this learning activity, feel free to use other references such as: Other NIST publications (http://csrc.nist.gov/publications/PubsSPs.html), SANS Reading Room (http://www.sans.org/reading-room/), US-CERT (https://www.us-cert.gov/security-publications), CSO Magazine (http://www.csoonline.com/), Information Security Magazine (http://www.infosecurity- magazine.com/white-papers/), Homeland Security News Wire (http://www.homelandsecuritynewswire.com/topics/cybersecurit y) Other useful references on security risk management include: https://books.google.com/books?id=cW1ytnWjObYC&printsec= frontcover&dq=security+risk+management&hl=en&sa=X&ei=_ 1JFVdGIJsKkgwSG4IGgCA&ved=0CDEQ6AEwAA#v=onepage &q=security%20risk%20management&f=false https://books.google.com/books?id=FJFCrP8vVZcC&printsec=f rontcover&dq=security+risk+management&hl=en&sa=X&ei=_1 JFVdGIJsKkgwSG4IGgCA&ved=0CD4Q6AEwAg#v=onepage& q=security%20risk%20management&f=false 3) Prepare the Risk Assessment Plan Using the NIST report as your guide, address the following items: · Purpose of the assessment, · Scope of the assessment, · Assumptions and constraints, and · Selected risk model and analytical approach to be used. Document your above analysis in the “Interim Risk Assessment Planning Report.” (An interim report will be consolidated to a final deliverable in a later step.) All interim reports should be at least 500 words long and include at least five references for each report. These reports
will eventually be presented to management for their review. 4) Conduct the Assessment Again, use the NIST report to address the following: 1) Identify threat sources and events 2) Identify vulnerabilities and predisposing conditions 3) Determine likelihood of occurrence 4) Determine magnitude of impact 5) Determine risk You are free to make assumptions but be sure to state them in your findings. In determining risk, include the assessment tables reflect BRI’s risk levels. Refer to Appendix I. on risk determination in Special Publication 800-30. Document your analysis from this step in the “Interim Risk Assessment Findings Report.” 5) Identify Needed Controls and Programs Research security controls needed to close the security gaps in BRI. Be sure to include a description of the following programs and others needed for securing BRI: · Security Awareness and Training Program (i.e., communications to employees regarding security) · Privacy Protection Program · Business Continuity/Disaster Recovery Program You should justify the need for the corporation to invest in your recommendations. Document your findings and recommendations from this step in the “Interim Security Recommendations Report.” 6) Communicate the Overall Findings and Recommendations Integrate of your earlier interim reports into a final management report. Be sure to address: · Summary of the Current Security Situation at BRI (from Step 1) · Risk Assessment Methodology (from Step 2) · Risk Assessment Plan (from Step 3) · Risk Assessment Findings (from Step 4)
· Security Recommendations Report (from Step 5) · Conclusions Also provide a presentation to management. The presentation should consist of 15-20 slides. It should include audio narration (directions are found at: https://support.office.com/en- au/article/Add-narration-to-a-presentation-0b9502c6-5f6c-40ae- b1e7-e47d8741161c). The narration should also be captured in the slide notes. As an alternate method of delivery, you can create a video using YouTube Capture (https://www.youtube.com/capture) or a similar tool. Document your contribution to the team effort. Also prepare a peer evaluation report. 4. Deliverables 1) Interim Risk Assessment Planning Report 2) Interim Risk Assessment Findings Report 3) Interim Security Recommendations Report 4) Final presentation One member of your team is to submit the work in the assignment area of the classroom. Title the files using this protocol: TeamName_G-2_AssignmentName_Date. Large files may be zipped. Individually, submit these items to your assignment area: · Contribution to the Team Effort (Word document) · Completed Peer Evaluation form Title your two files using this protocol: · Lastname_FirstInitial_G-2_Contribution_Date · Lastname_FirstInitial_G-2_PeerEvaluation_Date 5. Rubrics Criteria Weight (%) Score (0-100) Totals (Wt x Score)
Identify and prevent threats and vulnerabilities associated with information systems 55 Communicate to employees an awareness of security issues related to IT systems 10 Evaluate organizational information systems to insure they protect the privacy of users and of customers 10 Determine requirements for business continuity/disaster recovery plans and backup procedures 10 Exhibit communication skills 5 Illustrate critical thinking 5 Demonstrate inclusiveness in a team setting. 5 Total 100
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx

Recommended

1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docxcroysierkathey
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docxblondellchancy
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docxstandfordabbot
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 

Recommended

1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docxcroysierkathey
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docxblondellchancy
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docxstandfordabbot
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureThilak Pathirage -Senior IT Gov and Risk Consultant
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxSingle Point of Contact
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Your company nameYour nameInstruction Page1. O.docx
Your company nameYour nameInstruction Page1. O.docxYour company nameYour nameInstruction Page1. O.docx
Your company nameYour nameInstruction Page1. O.docxhyacinthshackley2629
 
Your Company NameYour Company NameBudget Proposalfor[ent.docx
Your Company NameYour Company NameBudget Proposalfor[ent.docxYour Company NameYour Company NameBudget Proposalfor[ent.docx
Your Company NameYour Company NameBudget Proposalfor[ent.docxhyacinthshackley2629
 

More Related Content

Similar to 1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx

Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxSingle Point of Contact
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 

Similar to 1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx (20)

Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptx
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 

More from hyacinthshackley2629

Your company nameYour nameInstruction Page1. O.docx
Your company nameYour nameInstruction Page1. O.docxYour company nameYour nameInstruction Page1. O.docx
Your company nameYour nameInstruction Page1. O.docxhyacinthshackley2629
 
Your Company NameYour Company NameBudget Proposalfor[ent.docx
Your Company NameYour Company NameBudget Proposalfor[ent.docxYour Company NameYour Company NameBudget Proposalfor[ent.docx
Your Company NameYour Company NameBudget Proposalfor[ent.docxhyacinthshackley2629
 
Your company recently reviewed the results of a penetration test.docx
Your company recently reviewed the results of a penetration test.docxYour company recently reviewed the results of a penetration test.docx
Your company recently reviewed the results of a penetration test.docxhyacinthshackley2629
 
Your company wants to explore moving much of their data and info.docx
Your company wants to explore moving much of their data and info.docxYour company wants to explore moving much of their data and info.docx
Your company wants to explore moving much of their data and info.docxhyacinthshackley2629
 
Your company plans to establish MNE manufacturing operations in Sout.docx
Your company plans to establish MNE manufacturing operations in Sout.docxYour company plans to establish MNE manufacturing operations in Sout.docx
Your company plans to establish MNE manufacturing operations in Sout.docxhyacinthshackley2629
 
Your company just purchased a Dell server MD1420 DAS to use to store.docx
Your company just purchased a Dell server MD1420 DAS to use to store.docxYour company just purchased a Dell server MD1420 DAS to use to store.docx
Your company just purchased a Dell server MD1420 DAS to use to store.docxhyacinthshackley2629
 
your company is moving to a new HRpayroll system that is sponsored .docx
your company is moving to a new HRpayroll system that is sponsored .docxyour company is moving to a new HRpayroll system that is sponsored .docx
your company is moving to a new HRpayroll system that is sponsored .docxhyacinthshackley2629
 
Your company is considering the implementation of a technology s.docx
Your company is considering the implementation of a technology s.docxYour company is considering the implementation of a technology s.docx
Your company is considering the implementation of a technology s.docxhyacinthshackley2629
 
Your company is a security service contractor that consults with bus.docx
Your company is a security service contractor that consults with bus.docxYour company is a security service contractor that consults with bus.docx
Your company is a security service contractor that consults with bus.docxhyacinthshackley2629
 
Your company has just sent you to a Project Management Conference on.docx
Your company has just sent you to a Project Management Conference on.docxYour company has just sent you to a Project Management Conference on.docx
Your company has just sent you to a Project Management Conference on.docxhyacinthshackley2629
 
Your company has designed an information system for a library.  The .docx
Your company has designed an information system for a library.  The .docxYour company has designed an information system for a library.  The .docx
Your company has designed an information system for a library.  The .docxhyacinthshackley2629
 
Your company has had embedded HR generalists in business units for t.docx
Your company has had embedded HR generalists in business units for t.docxYour company has had embedded HR generalists in business units for t.docx
Your company has had embedded HR generalists in business units for t.docxhyacinthshackley2629
 
Your company You are a new Supply Chain Analyst with the ACME.docx
Your company You are a new Supply Chain Analyst with the ACME.docxYour company You are a new Supply Chain Analyst with the ACME.docx
Your company You are a new Supply Chain Analyst with the ACME.docxhyacinthshackley2629
 
Your company has asked that you create a survey to collect data .docx
Your company has asked that you create a survey to collect data .docxYour company has asked that you create a survey to collect data .docx
Your company has asked that you create a survey to collect data .docxhyacinthshackley2629
 
Your Communications PlanDescriptionA.What is your .docx
Your Communications PlanDescriptionA.What is your .docxYour Communications PlanDescriptionA.What is your .docx
Your Communications PlanDescriptionA.What is your .docxhyacinthshackley2629
 
Your community includes people from diverse backgrounds. Answer .docx
Your community includes people from diverse backgrounds. Answer .docxYour community includes people from diverse backgrounds. Answer .docx
Your community includes people from diverse backgrounds. Answer .docxhyacinthshackley2629
 
Your Communications Plan Please respond to the following.docx
Your Communications Plan Please respond to the following.docxYour Communications Plan Please respond to the following.docx
Your Communications Plan Please respond to the following.docxhyacinthshackley2629
 
Your Communication InvestigationFor your mission after reading y.docx
Your Communication InvestigationFor your mission after reading y.docxYour Communication InvestigationFor your mission after reading y.docx
Your Communication InvestigationFor your mission after reading y.docxhyacinthshackley2629
 
Your Communications PlanFirst step Choose a topic. Revi.docx
Your Communications PlanFirst step Choose a topic. Revi.docxYour Communications PlanFirst step Choose a topic. Revi.docx
Your Communications PlanFirst step Choose a topic. Revi.docxhyacinthshackley2629
 
Your coffee franchise cleared for business in both countries (Mexico.docx
Your coffee franchise cleared for business in both countries (Mexico.docxYour coffee franchise cleared for business in both countries (Mexico.docx
Your coffee franchise cleared for business in both countries (Mexico.docxhyacinthshackley2629
 

More from hyacinthshackley2629 (20)

Your company nameYour nameInstruction Page1. O.docx
Your company nameYour nameInstruction Page1. O.docxYour company nameYour nameInstruction Page1. O.docx
Your company nameYour nameInstruction Page1. O.docx
 
Your Company NameYour Company NameBudget Proposalfor[ent.docx
Your Company NameYour Company NameBudget Proposalfor[ent.docxYour Company NameYour Company NameBudget Proposalfor[ent.docx
Your Company NameYour Company NameBudget Proposalfor[ent.docx
 
Your company recently reviewed the results of a penetration test.docx
Your company recently reviewed the results of a penetration test.docxYour company recently reviewed the results of a penetration test.docx
Your company recently reviewed the results of a penetration test.docx
 
Your company wants to explore moving much of their data and info.docx
Your company wants to explore moving much of their data and info.docxYour company wants to explore moving much of their data and info.docx
Your company wants to explore moving much of their data and info.docx
 
Your company plans to establish MNE manufacturing operations in Sout.docx
Your company plans to establish MNE manufacturing operations in Sout.docxYour company plans to establish MNE manufacturing operations in Sout.docx
Your company plans to establish MNE manufacturing operations in Sout.docx
 
Your company just purchased a Dell server MD1420 DAS to use to store.docx
Your company just purchased a Dell server MD1420 DAS to use to store.docxYour company just purchased a Dell server MD1420 DAS to use to store.docx
Your company just purchased a Dell server MD1420 DAS to use to store.docx
 
your company is moving to a new HRpayroll system that is sponsored .docx
your company is moving to a new HRpayroll system that is sponsored .docxyour company is moving to a new HRpayroll system that is sponsored .docx
your company is moving to a new HRpayroll system that is sponsored .docx
 
Your company is considering the implementation of a technology s.docx
Your company is considering the implementation of a technology s.docxYour company is considering the implementation of a technology s.docx
Your company is considering the implementation of a technology s.docx
 
Your company is a security service contractor that consults with bus.docx
Your company is a security service contractor that consults with bus.docxYour company is a security service contractor that consults with bus.docx
Your company is a security service contractor that consults with bus.docx
 
Your company has just sent you to a Project Management Conference on.docx
Your company has just sent you to a Project Management Conference on.docxYour company has just sent you to a Project Management Conference on.docx
Your company has just sent you to a Project Management Conference on.docx
 
Your company has designed an information system for a library.  The .docx
Your company has designed an information system for a library.  The .docxYour company has designed an information system for a library.  The .docx
Your company has designed an information system for a library.  The .docx
 
Your company has had embedded HR generalists in business units for t.docx
Your company has had embedded HR generalists in business units for t.docxYour company has had embedded HR generalists in business units for t.docx
Your company has had embedded HR generalists in business units for t.docx
 
Your company You are a new Supply Chain Analyst with the ACME.docx
Your company You are a new Supply Chain Analyst with the ACME.docxYour company You are a new Supply Chain Analyst with the ACME.docx
Your company You are a new Supply Chain Analyst with the ACME.docx
 
Your company has asked that you create a survey to collect data .docx
Your company has asked that you create a survey to collect data .docxYour company has asked that you create a survey to collect data .docx
Your company has asked that you create a survey to collect data .docx
 
Your Communications PlanDescriptionA.What is your .docx
Your Communications PlanDescriptionA.What is your .docxYour Communications PlanDescriptionA.What is your .docx
Your Communications PlanDescriptionA.What is your .docx
 
Your community includes people from diverse backgrounds. Answer .docx
Your community includes people from diverse backgrounds. Answer .docxYour community includes people from diverse backgrounds. Answer .docx
Your community includes people from diverse backgrounds. Answer .docx
 
Your Communications Plan Please respond to the following.docx
Your Communications Plan Please respond to the following.docxYour Communications Plan Please respond to the following.docx
Your Communications Plan Please respond to the following.docx
 
Your Communication InvestigationFor your mission after reading y.docx
Your Communication InvestigationFor your mission after reading y.docxYour Communication InvestigationFor your mission after reading y.docx
Your Communication InvestigationFor your mission after reading y.docx
 
Your Communications PlanFirst step Choose a topic. Revi.docx
Your Communications PlanFirst step Choose a topic. Revi.docxYour Communications PlanFirst step Choose a topic. Revi.docx
Your Communications PlanFirst step Choose a topic. Revi.docx
 
Your coffee franchise cleared for business in both countries (Mexico.docx
Your coffee franchise cleared for business in both countries (Mexico.docxYour coffee franchise cleared for business in both countries (Mexico.docx
Your coffee franchise cleared for business in both countries (Mexico.docx
 

Recently uploaded

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 

Recently uploaded (20)

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 

1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx

  • 1. 1. Title IT Security Risk Assessment 2. Introduction You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations. A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats. In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive review of the agency’s information security controls and identified numerous issues. The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations. This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an
  • 2. organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action. Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to- date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive level manner that convincingly justifies the need to invest in IT security improvements. This learning demonstration is designed to strengthen these essential knowledge, skills, and abilities needed by IT professionals. 3. Steps to Completion Your instructor will form the teams. Each member is expected to contribute to the team agreementwhich documents the members’ contact information and sets goals and expectations for the team. 1) Review the Setting and Situation The primary mission of the Bureau of Research and Intelligence (BRI) is to provide multiple-source intelligence to American diplomats. It must ensure that intelligence activities are consistent with U.S. foreign policy and kept totally confidential. BRI has intelligence analysts who understand U.S. foreign policy concerns as well as the type of information needed by diplomats. The agency is in a dynamic environment in which events affecting foreign policy occur every day. Also, technology is rapidly changing and therefore new types of security opportunities and threats are emerging which may impact the
  • 3. agency. Due to Congressional budget restrictions, BRI is forced to be selective in the type of security measures that it will implement. Prioritization of proposed security programs and controls based on a sound risk assessment procedure is necessary for this environment. The following incidents involving BRI’s systems occurred and reported in the New York Times and other media outlets: · BRI’s network had been compromised by nation-state- sponsored attackers and that attacks are still continuing. It is believed that the attackers accessed the intelligence data used to support U.S. diplomats. · The chief of the bureau used his personal e-mail system for both official business purposes and for his own individual use. · A software defect in BRI’s human resource system – a web application – improperly allowed users to view the personal information of all BRI employees including social security numbers, birthdates, addresses, and bank account numbers (for direct deposit of their paychecks). After the breach, evidence was accidently destroyed so there was no determination of the cause of the incident or of its attackers. · A teleworker brought home a laptop containing classified intelligence information. It was stolen during a burglary and never recovered. · A disgruntled employee of a contractor for BRI disclosed classified documents through the media. He provided the media with, among other things, confidential correspondence between U.S. diplomats and the President that were very revealing. · Malware had infected all of the computers in several foreign embassies causing public embarrassment, security risks for
  • 4. personnel and financial losses to individuals, businesses and government agencies including foreign entities. These reports prompted the U.S. Government Accountability Office to conduct a comprehensive review of BRI’s information security posture. Using standards and guidance provided by the National Institute of Standards and Technology and other parties, they had the following findings: Identification and Authentication Controls · Controls over the length of passwords for certain network infrastructure devices were set to less than eight characters. • User account passwords had no expiration dates. • Passwords are the sole means for authentication. Authorization Controls · BRI allowed users to have excessive privileges to the intelligence databases. Specifically, BRI did not appropriately limit the ability of users to enter commands using the user interface. As a result, users could access or change the intelligence data. · BRI did not appropriately configure Oracle databases running on a server that supported multiple applications. The agency configured multiple databases operating on a server to run under one account. As a result, any administrator with access to the account would have access to all of these databases; potentially exceeding his/her job duties. · At least twenty user accounts were active on an application’s database, although they had been requested for removal in BRI’s access request and approval system. Data Security · BRI does not use any type of data encryption for data-at-rest but protects data-in-transit using VPN. · A division data manager can independently control all key aspects of the processing of confidential data collected through intelligence activities.
  • 5. · One employee was able to derive classified information by “aggregating” unclassified databases. System Security · Wireless systems use the Wired Equivalent Privacy (WEP) standard for ensuring secure transmission of data. · The agency permitted the “Bring Your Own Device” (BYOD) concept and therefore users can utilize their personal mobile devices to connect to the agency network freely. · In the event of a network failure due to hacking, the data center manager has his recovery plan but has not shared it with anyone in or out of the center. He was not aware of any requirement to report incidents outside of the agency. · There has never been any testing of the security controls in the agency. · Processes for the servers have not been documented, but in the minds of the system managers. · Patching of key databases and system components has not been a priority. Patching systems have either been late or not performed at all. Managers explained that it takes time and effort to test patches on its applications. · Scanning devices connected to the network for possible security vulnerabilities are done only when the devices are returned to inventory for future use. · System developers involved with financial systems are allowed to develop code and access production code. Physical Security · An unauthorized personnel was observed “tailgating” or closely following an official employee while entering a secure
  • 6. data center. · The monthly review process at a data center failed to identify a BI employee who had separated from BRI and did not result in the removal of her access privileges. She was still able to access restricted areas for at least three months after her separation. End User Security · Users even in restricted areas are allowed to use social media such as Facebook. The argument used is that is part of the public outreach efforts of the agency. · Users receive a 5-minute briefing on security as part of their orientation session that occurs typically on their first day of work. There is no other mention of security during the course of employment. · Users are allowed to use public clouds such as Dropbox, Box, and Google Drive to store their data. · BRI has not performed continual background investigations on employees who operate its intelligence applications (one investigation is conducted upon initial employment). · There is no policy regarding the handling of classified information. 2) Examine Background Resources This learning demonstration focuses on theNational Institute of Standards and Technology's (NIST) “Guide for Conducting Risk Assessments” (http://csrc.nist.gov/publications/nistpubs/800-30- rev1/sp800_30_r1.pdf). See Pg. 23 to view the description of the risk management process.
  • 7. Throughout this learning activity, feel free to use other references such as: Other NIST publications (http://csrc.nist.gov/publications/PubsSPs.html), SANS Reading Room (http://www.sans.org/reading-room/), US-CERT (https://www.us-cert.gov/security-publications), CSO Magazine (http://www.csoonline.com/), Information Security Magazine (http://www.infosecurity- magazine.com/white-papers/), Homeland Security News Wire (http://www.homelandsecuritynewswire.com/topics/cybersecurit y) Other useful references on security risk management include: https://books.google.com/books?id=cW1ytnWjObYC&printsec= frontcover&dq=security+risk+management&hl=en&sa=X&ei=_ 1JFVdGIJsKkgwSG4IGgCA&ved=0CDEQ6AEwAA#v=onepage &q=security%20risk%20management&f=false https://books.google.com/books?id=FJFCrP8vVZcC&printsec=f rontcover&dq=security+risk+management&hl=en&sa=X&ei=_1 JFVdGIJsKkgwSG4IGgCA&ved=0CD4Q6AEwAg#v=onepage& q=security%20risk%20management&f=false 3) Prepare the Risk Assessment Plan Using the NIST report as your guide, address the following items: · Purpose of the assessment, · Scope of the assessment, · Assumptions and constraints, and · Selected risk model and analytical approach to be used. Document your above analysis in the “Interim Risk Assessment Planning Report.” (An interim report will be consolidated to a final deliverable in a later step.) All interim reports should be at least 500 words long and include at least five references for each report. These reports
  • 8. will eventually be presented to management for their review. 4) Conduct the Assessment Again, use the NIST report to address the following: 1) Identify threat sources and events 2) Identify vulnerabilities and predisposing conditions 3) Determine likelihood of occurrence 4) Determine magnitude of impact 5) Determine risk You are free to make assumptions but be sure to state them in your findings. In determining risk, include the assessment tables reflect BRI’s risk levels. Refer to Appendix I. on risk determination in Special Publication 800-30. Document your analysis from this step in the “Interim Risk Assessment Findings Report.” 5) Identify Needed Controls and Programs Research security controls needed to close the security gaps in BRI. Be sure to include a description of the following programs and others needed for securing BRI: · Security Awareness and Training Program (i.e., communications to employees regarding security) · Privacy Protection Program · Business Continuity/Disaster Recovery Program You should justify the need for the corporation to invest in your recommendations. Document your findings and recommendations from this step in the “Interim Security Recommendations Report.” 6) Communicate the Overall Findings and Recommendations Integrate of your earlier interim reports into a final management report. Be sure to address: · Summary of the Current Security Situation at BRI (from Step 1) · Risk Assessment Methodology (from Step 2) · Risk Assessment Plan (from Step 3) · Risk Assessment Findings (from Step 4)
  • 9. · Security Recommendations Report (from Step 5) · Conclusions Also provide a presentation to management. The presentation should consist of 15-20 slides. It should include audio narration (directions are found at: https://support.office.com/en- au/article/Add-narration-to-a-presentation-0b9502c6-5f6c-40ae- b1e7-e47d8741161c). The narration should also be captured in the slide notes. As an alternate method of delivery, you can create a video using YouTube Capture (https://www.youtube.com/capture) or a similar tool. Document your contribution to the team effort. Also prepare a peer evaluation report. 4. Deliverables 1) Interim Risk Assessment Planning Report 2) Interim Risk Assessment Findings Report 3) Interim Security Recommendations Report 4) Final presentation One member of your team is to submit the work in the assignment area of the classroom. Title the files using this protocol: TeamName_G-2_AssignmentName_Date. Large files may be zipped. Individually, submit these items to your assignment area: · Contribution to the Team Effort (Word document) · Completed Peer Evaluation form Title your two files using this protocol: · Lastname_FirstInitial_G-2_Contribution_Date · Lastname_FirstInitial_G-2_PeerEvaluation_Date 5. Rubrics Criteria Weight (%) Score (0-100) Totals (Wt x Score)
  • 10. Identify and prevent threats and vulnerabilities associated with information systems 55 Communicate to employees an awareness of security issues related to IT systems 10 Evaluate organizational information systems to insure they protect the privacy of users and of customers 10 Determine requirements for business continuity/disaster recovery plans and backup procedures 10 Exhibit communication skills 5 Illustrate critical thinking 5 Demonstrate inclusiveness in a team setting. 5 Total 100