Chat with us, powered by LiveChat Create a company risk assessment matrix fo | Wridemy

25 Aug Create a company risk assessment matrix fo

Posted at 08:53h in Computer Science by

 

Following the example found here, create a company risk assessment matrix for your present or previous employer.

H2a_Risk_assessment_Matrix.xlsx

Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.

Vulnerability

WEIGHT: N/A=Not Applicable 1=Very Low 2=Low 3=Medium 4=High 5=Very High
VULNERABILITY WEIGHT RATIONALE
1 Inadequate Security Policy 2
2 Inadequate Training 2 Training is offered
3 Inadequate System Administration 2 Certified administrator with backup person assigned
4 Inadequate User Account Management 2 ISSO appointed
5 Inadequate Personnel Management 3
6 Incomplete Contingency Plan 1 Contingency Plan in place
7 Disclosure of Data 4
8 Modification of Data 5
9 Unlimited Access to Data 2 One root account
10 Objects Not Cleared Before Reuse 1
11 Inadequate Warning Banners 1
12 Use of Replayable I&A 2 Password encrypted, only one session permitted
13 Password Vulnerability to Cracking 5 Much effort but a lot to gain
14 Sharing of ID or Passwords 2 No concurrent sessios; Rules of Behavior in place
15 Session Timeout on Server 2 Cookies time out after 20 minutes
16 Concurrent Logon Sessions Permitted 2
17 Inadequate Audit Log 1
18 Inadequate Audit Analysis 3 Relying on human analysis
19 Data Transmissions in the Clear 5 SSL
20 Susceptibility to Line Tapping 5 SSL
21 Inconsistent Physical Perimeter Definition 2
22 Inadequate CM – Development 2
23 Inadequate CM – Operations / Maintenance 2
24 Facility Unavailability 3 Limited physical access
25 Data Unavailability 1 Availability of data is relatively low.
26 System / Component Unavailability 3
27 Unstable / Insufficient Communication Medium 4 Outages occur
28 Inadequate / Missing Documents 1 COOP in place
29 Failure to Achieve and Maintain Accreditation N/A
30 Inadequate Protection of Web Server 5
N/A
1
2
3
4
5

&"Courier,Regular"&14SENSITIVE // FOR OFFICIAL USE ONLY &"Times New Roman,Bold"&E&F

Page &P of &N &"Courier,Regular"&12SENSITIVE // FOR OFFICIAL USE ONLY &D

Threats

WEIGHT: N/A=Not Applicable 1=Very Low 2=Low 3=Medium 4=High 5=Very High
T H R E A T WEIGHT RATIONALE
Deception
1 False Denial of Origin 2
2 False Denial of Receipt 2
3 Falsification 4
4 Insertion 3
5 Malicious Logic-Masquerade 3
6 Masquerade 2
7 Repudiation 2
8 Substitution 4
Disruption
9 Hardware or Software Error-System 1
10 Hardware or Software Error-Data 1
11 Human Error 3
12 Environmental Failure 3
13 Incapacitation 1
14 Interference 4
15 Malicious Logic-Corruption 2
16 Malicious Logic- Disabling 3
17 Natural Catastrophe 1
18 Overload 4
19 Physical Destruction 1
20 Tampering-Corruption 5
Usurpation
21 Malicious Logic-Misuse 5
22 Misappropriation 5
23 Misuse 5
24 Tampering-Misuse 5
25 Theft of Data 4
26 Theft of Service 4
27 Violation of Permissions 2
Disclosure
28 Cryptanalysis 2
29 Eavesdropping 5
30 Exposure 3
31 Hardware or Software Error-System Failure 1
32 Human Error-Unintentional 2
33 Inference 5
34 Interception 5
35 Intrusion 5
36 Penetration 2
37 Reverse Engineering 2
38 Scavenging 2
39 Theft 1
40 Traffic Analysis 3
41 Trespass 3
42 Wiretapping 4
N/A
1
2
3
4
5

&"Courier,Regular"&12SENSITIVE // FOR OFFICIAL USE ONLY&"Arial,Bold"&14&E &F

Page &P of &N &"Courier,Regular"&12SENSITIVE // FOR OFFICIAL USE ONLY &D

Risk Computation

Vulnerabilities Inadequate Security Policy Inadequate Training Inadequate System Administration Inadequate User Account Management Inadequate Personnel Management Incomplete Contingency Plan Disclosure of Data Modification of Data Unlimited Access to Data Objects Not Cleared Before Reuse Inadequate Warning Banners Use of Replayable I&A Password Vulnerability to Cracking Sharing of ID or Passwords Session Timeout on Server Concurrent Logon Sessions Permitted Inadequate Audit Log Inadequate Audit Analysis Data Transmissions in the Clear Susceptibility to Line Tapping Inconsistent Physical Perimeter Inadequate CM – Development Inadequate CM – Operations Facility Unavailability Data Unavailability System / Component Unavailability Unstable / Insufficient Communication Inadequate / Missing Documents Failure to Achieve and Maintain Accreditation Inadequate Protection of Web Server
Threats Wts. 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 N/A 5 Risk Total for Threat Percent of Total Risk
Deception
False Denial of Origin 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
False Denial of Receipt 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Falsification 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Insertion 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Malicious Logic 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Masquerade 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Repudiation 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Substitution 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Disruption
Hardware or Software Error-System 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Hardware or Software Error-Data 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Human Error 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Environmental Failure 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Incapacitation 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Interference 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Malicious Logic-Corruption 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Malicious Logic- Disabling 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Natural Catastrophe 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Overload 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Physical Destruction 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Tampering 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Usurpation
Malicious Logic-Misuse 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Misappropriation 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Misuse 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Tampering-Misuse 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Theft of Data 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Theft of Service 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Violation of Permissions 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Disclosure
Cryptanalysis 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Eavesdropping 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Exposure 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Hardware or Software Error-System Failure 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Human Error-Unintentional 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Inference 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Interception 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Intrusion 5 10 10 10 10 15 5 20 25 10 5 5 10 25 10 10 10 5 15 25 25 10 10 10 15 5 15 20 5 25 375 4%
Penetration 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Reverse Engineering 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Scavenging 2 4 4 4 4 6 2 8 10 4 2 2 4 10 4 4 4 2 6 10 10 4 4 4 6 2 6 8 2 10 150 2%
Theft 1 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 5 75 1%
Traffic Analysis 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Trespass 3 6 6 6 6 9 3 12 15 6 3 3 6 15 6 6 6 3 9 15 15 6 6 6 9 3 9 12 3 15 225 2%
Wiretapping 4 8 8 8 8 12 4 16 20 8 4 4 8 20 8 8 8 4 12 20 20 8 8 8 12 4 12 16 4 20 300 3%
Risk Total for Vulnerability 252 252 252 252 378 126 504 630 252 126 126 252 630 252 252 252 126 378 630 630 252 252 252 378 126 378 504 126 0 630 9450 100%
Percent of Total Risk 3% 3% 3% 3% 4% 1% 5% 7% 3% 1% 1% 3% 7% 3% 3% 3% 1% 4% 7% 7% 3% 3% 3% 4% 1% 4% 5% 1% 7% 9450 100%
RISK RATING VERY HIGH LOWEST RANK OF VULNERABILITIES AND THREATS TO FLAG: 9
VULNERABILITY 378 4%
THREAT 375 4% 1 2 3 4 5 6 7 8 9 10
MAXIMUM 25
RISK TOTALS 18900
TOTAL RISKS 1015
LOW 1015
MEDIUM 4060
HIGH 9135
VERY HIGH 16240

&"Courier,Regular"&14SENSITIVE – FOR OFFICIAL USE ONLY&"Arial,Bold"&E &F

Page &P of &N &"Courier,Regular"&12SENSITIVE // FOR OFFICIAL USE ONLY &D

Risk Computation Exploited

</

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Wridemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Related Tags

Academic APA Writing College Course Discussion Management English Finance General Graduate History Information Justify Literature MLA


Vulnerabilities Inadequate Security Policy Inadequate Training Inadequate System Administration Inadequate User Account Management Inadequate Personnel Management Incomplete Contingency Plan Disclosure of Data Modification of Data Unlimited Access to Data Objects Not Cleared Before Reuse Inadequate Warning Banners Use of Replayable I&A Password Vulnerability to Cracking Sharing of ID or Passwords Session Timeout on Server Concurrent Logon Sessions Permitted Inadequate Audit Log Inadequate Audit Analysis Data Transmissions in the Clear Susceptibility to Line Tapping Inconsistent Physical Perimeter Inadequate CM – Development Inadequate CM – Operations Facility Unavailability Data Unavailability System / Component Unavailability Unstable / Insufficient Communication Inadequate / Missing Documents Failure to Achieve and Maintain Accreditation Inadequate Protection of Web Server
Threats Wts. 2 2 2 2 3 1 4 5 2 1 1 2 5 2 2 2 1 3 5 5 2 2 2 3 1 3 4 1 N/A 5 Risk Total for Threat Percent of Total Risk
Deception
False Denial of Origin 2 4 4 8 0%
False Denial of Receipt 2 4 4 8 0%
Falsification 4 8 20 4 32 2%
Insertion 3 6 15 3 24 1%
Malicious Logic-Masquerade 3 6 6 6 6 6 3 15 48 2%
Masquerade 2 4 6 4 14 1%
Repudiation 2 4 4 8 0%
Substitution 4 8 8 20 4 40 2%
Disruption