The report summarizes the results of a risk assessment of Barratt & Associates' information systems. It identifies 11 vulnerabilities in areas such as outdated operating systems, lack of firewalls, remote access monitoring, and physical security. For each vulnerability, it outlines the potential threats they pose, including computer crime, system compromise, and data loss or corruption. It then provides a risk summary, assessing the impact various threats could have on the confidentiality, integrity and availability of Barratt's data and systems. The report concludes by recommending measures to address the identified risks, such as using latest IT platforms and implementing comprehensive security controls.

1. Risk Assessment Report
Information Systems Risk Assessment
Report
For
BARRATT & ASSOCIATES LIMITED
(B&A)
BY: Eugene Mukuka
Date: 13
th
November, 2015
i

2. Risk Assessment Report
TABLE OF CONTENT
INTRODUCTION…………………………………………………………………………………
……………….. 1
RISK CLASSIFICATIONS......................................................................................................1
VULNERABILITIES, THREATS, AND RISKS.........................................................................2
1.
ii

3. Risk Assessment Report
2. INTRODUCTION
Information Systems technology as a technology with the fastest rate of development
and application in all sectors of business, requires adequate protection to provide high
security. The aim of the risk analysis applied on an information system is to identify and
evaluate threats, vulnerabilities and risks associated with the system in place. IT assets
are exposed to risk of damage or loss. IT security involves protecting the hardware and
information stored electronically. That protection validates data integrity, availability and
confidentiality. Nowadays, there are many types of computer crimes; money theft 44%,
damage of software 16%, theft of information 16%, alteration of data 12%, theft of
services 10%, trespass 2% (Boran, 2003).
In this report I will look at the weaknesses/vulnerabilities of B&A Information System,
potential threats to it and its associated risks. As an agency specialized in debt
collection with over 300 employees at different offices in the UK; protecting its client and
the information that resides on its network is number one top priority.
3. RISK CLASSIFICATION
Risk Classifications
Risk Level Risk Description
High The loss of confidentiality, integrity, or availability could be expected to
have a severe or catastrophic adverse effect on B&A operations, its
Assets or on its employees.
Moderat
e
The loss of confidentiality, integrity, or availability could be expected to
have a serious adverse effect on B&A operations, its Assets or on its
employees.
1

4. Risk Assessment Report
Risk Level Risk Description
Low The loss of confidentiality, integrity, or availability could be expected to
have a limited adverse effect on B&A operations, its Assets or on its
employees.
4. VULNERABILITIES, THREATS AND RISK
Vulnerabilities, Threats, and Risks
2

5. Risk Assessment Report
Risk
No.
Vulnerability Threat
Risk of
Compromise
of
Risk Summary
1
No firewall
protection in B&A
system.
Computer crime
Malicious use
System compromise
Unauthorized use
Confidentiality
and integrity of
B&A data.
This system has no
firewall installed on
it this can result in
increasing the
likelihood of other
risks being
exploited
2
Use of outdated
OS and
unsupported
Platforms
Computer crime,
malicious use,
system compromise,
unauthorized access
Confidentiality
and integrity of
B&A data
Windows XP
running on most
B&A Laptops is
unsupported OS,
and Windows
Server 2003
support ended in
July 2015.
3

6. Risk Assessment Report
Risk
No.
Vulnerability Threat
Risk of
Compromise
of
Risk Summary
3
Remote access
to the system not
properly
monitored.
System compromise
Unauthorized
access
Confidentiality
and integrity of
B&A data.
Remote access to
system if not
monitored well,
especially that no
firewalls have been
put in place, may
lead to
unauthorized
access that could
result in
compromise of
confidentiality and
integrity of B&A
Financial data.
4
Hardware
Issues/
Equipment
Failure or loss of
portable devices
System Unavailable Inability to
access the
system.
Loss of portable
devises like USB &
stick or equipment
would result in the
entire system or
some portion of the
system being
unavailable.
4

7. Risk Assessment Report
Risk
No.
Vulnerability Threat
Risk of
Compromise
of
Risk Summary
5
Inadequate
Database
Support- CPU
Power Limit
malicious use,
system compromise,
unauthorized access
Confidentiality
and integrity of
corporate data,
inability to
access and
recover
corporate data.
Database failure
could result from
improper
representation of
financial information
for B&A clients.
6
Working away
from home
hackers, malicious
use, system
compromise,
unauthorized access
Confidentiality
and integrity of
corporate data
Loss of data on
portable devices
can result in serious
legal issues for B&A
ltd.
7
System
Compromise
hackers, malicious
use, unauthorized
access
Confidentiality
and integrity of
corporate data.
Compromise
system could result
in data theft, data
corruption,
application system
alteration or
disruption.
5

8. Risk Assessment Report
Risk
No.
Vulnerability Threat
Risk of
Compromise
of
Risk Summary
8
Poor Physical
Security- badge
readers.
hackers, malicious
use, system
compromise,
unauthorized access
Confidentiality
and integrity of
corporate data.
Poor physical
security could allow
personal access to
staff workstations or
Computer Center
assets which could
result in data theft,
data corruption,
application system
alteration or
disruption.
9
Functional
Lockout
System
unavailability
Inability to
access the
system.
The inability of staff
to access the
system
infrastructure or
applications could
result in the inability
to access the
system. This will
compromise the
integrity and
availability of
information
6

9. Risk Assessment Report
Risk
No.
Vulnerability Threat
Risk of
Compromise
of
Risk Summary
10
Environ-
Mental Issues
Loss of AC or
power.
Inability to
access the
system.
Environmental
issues could result
in the inability to
access and
maintain server
hardware.
11
Natural Disaster Hurricanes, floods,
and other weather
phenomenon.
Inability to
access the
system.
Natural disasters
could interrupt
power to B&A
Workstations and
make it impossible
for staff to support
the server
environment thus
disabling access to
web applications,
exchange servers,
oracle databases
and all the
accessible files of
B&A Ltd.
7

10. Risk Assessment Report
5. CONCLUSION
The above identified system risks my not be completely wiped out, but B & A Ltd can at
least minimize them by putting up stringent measures to address the risk. Any
organizations information system is vulnerable to different types of threats associate to
different types of risks. An enterprise firewall and intrusion-monitoring tools may be
sufficient to address possible compromise of some of the systems threats, while other
exposures may involve the business rules themselves, demanding a change to the core
logic of the organization. Use of latest IT/IS platform will help B&A Ltd to have a well
secure platform from its system providers, this will later give its clients confidence even
when submitting their information. All in all security controls should be in place.
6. REFFERENCES
Laban, M., Krnjet in, S., & Niko lic, B. (2007). Risk management and risk assessment in the
enterprise.
Symposium about Occupational Safety and Health, Novi Sad, pp. 44-57
Boran, S., (2003).IT security cook book. Boran Consulting.
Risk Management. (2006). Implementation principles and Inventories for Risk
Management/Risk Assess-ment methods and tools. Conducted by the Technical Department of
ENISA Section Risk Manage-ment, June 2006.
Carl Claunch, (2015). Managing risk after support for windows Server 2003 end,
ComputerWeekly.com
http://www.computerweekly.com/feature/Managing-risk-after-support-for-Windows-Server-
2003-ends accessed on 9/11/2015
Carl Claunch, (2015). Managing risk after support for windows server 2003 ends,
ComputerWeekly.com
8