Unit4casestudy

.docx

School

Columbia Southern University *

*We aren’t endorsed by this school

Course

4320

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

6

Uploaded by briandjones127

Report
Running head: UNIT IV CASE STUDY 1 Unit IV Case Study Brian Jones Columbia Southern University
UNIT IV CASE STUDY 2 Unit IV Case Study – Likelihood of Occurrence and Impact Vulnerabilities are often viewed as a commonplace item in the process of doing business. Some of these vulnerabilities can be prevented or at least controlled and performing a risk assessment is a good way to identify these vulnerabilities. One challenging aspect of a risk assessment is addressing the likelihood of occurrence and the impact of the occurrence. Likelihood of occurrence is assessed by determining if a threat can exploit the vulnerability or set of vulnerabilities. These threats are divided into two subsets, adversarial and non-adversarial. Adversarial threats are those that are launched or initiated by an attacker. Non-adversarial threats are those which occur such as a natural disaster or unintentional human error. Given the fact that the threat will be successful in exploiting the vulnerability, the impact to the system or operations can then be calculated (Santos, 2019). Threat Sources Adversarial Threat As stated above, an adversarial threat is launched or initiated with the goal of intentionally causing harm or disruption. Most people would consider this to be classified as an attack. One issue facing most organizations or companies is the disgruntled employee. Often, these individuals feel slighted by their company, or may have been terminated for a variety of reasons. Unfortunately, they have access to the system and may use that access to attack. Non-adversarial Threat Non-adversarial threats can be viewed as a wild card when assessing vulnerabilities and the threats that can exploit them. They are unintentional actions or natural disasters. These threats are extremely hard to plan for and can literally happen with little to no warning. While
UNIT IV CASE STUDY 3 these threats may not be carried out with malicious intent, they can still cause major disruptions to operations. Discussion Adversarial Threat The threat, in this case, is unauthorized access to the system. The source of this threat is a disgruntled employee who has malicious intent toward the company or organization. The employee may feel slighted by the company or may have been terminated for any number of reasons. This threat is adversarial as the intention is to take revenge on the company. Governance would help mitigating this threat by having a clear process outlined as to the best way handle the removal of an employee’s credentials from the system, thereby eliminating the employee’s access to the system. The vulnerability in question is based upon how much data the employee had access to. If the employee had access to network settings or configuration, the damage that could be done could be catastrophic. As stated by Talamantes (n.d.),” A network engineer for oil and gas company EnerVest found out he was going to be fired and sabotaged the company’s systems by returning them to original factory settings.”. How successful the attack is depends on how fast the employee’s access is removed. One issue with this scenario is the missing communication between IT and human resources. An employee may have been terminated for some time before the IT department is notified to remove credentials and login information (Rayome, 2017). If the threat is successful, the damage done could be untold. The employee has at least a basic knowledge of the system and may have access to critical information. The resulting breach of data could lead to stiff penalties for the company if a law such as HIPAA is violated. At the very least, the attack could lead a loss of confidence in the company which will lead to loss of revenue.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help