Part – 1 - Risk Assessment
The first process in the risk management is Risk Assessment. Risk Assessment is used to determine the risk associated with the organization. The output of the risk assessment is helpful in identifying the controls for reducing or eliminating the risk .
Scenario
The system given to us is Enterprise Medco Records, known as Medco, which contains patient data. Medco is running 24 X 7 days. Physicians in case of emergency use it for treating patients with life threatening problem
The risk assessment is to be performed on this system and the steps are as follows
Step 1: System Characterization
System Characterization is the first step in the risk assessment process. In this step we analyze the system
…show more content…
2.1.2 Threats to Server 1 - Microsoft Exchange Server
The threats cause to Microsoft Exchange Server is human threats.
Microsoft Exchange Server has email security threats such spam and viruses.
The email threat is caused
• Not choosing suitable digital certificates. The digital certificates are important for secure Internet communications
• The client access servers should reside in a private network. The client server has access to directory and mailbox servers, which opens several ports for communication. The open port is a threat for security risks.
• Virus is one of the threat to the Microsoft Exchange Server.
2.1.2 Threats to Server 2 - Domain Controller
The sources of threats caused to Domain Controller are human threats.
The threats to domain controllers are
• Access to the security database.
• Copy the security database to be viewed and examined at a later stage.
• Accessing the security database and changing the rights, and giving unauthorized access.
2.1.3 Threats to Server 3 – Citrix Server
The source of threats caused to the Citrix Server is human threats.
The three threats caused to the Citrix Server for secure communication is eavesdropping, Misrouting and Data Manipulation.
• Eavesdropping: The messages that are transmitted over the network are read. Passing of sensitive information like a user id’s and password are a threat to security.
• Misrouting: The information that is transmitted can be
When planning a risk assessment and looking at possible risks, the decisions that are made for the benefit of the service user should be made after collecting all of the information available. Any reasons give should be able to be defended by looking at every angle that shows that it is in the best interest of the service user with as much risk being removed as possible.
3.4 summarise the types of risks that may be involved in assessment in own area of responsibility.
4.3: To carry out a risk assessment first of all you need to identify the hazards, then decide who might be harmed and how. Then evaluate the risks and decide on precaution and then record your findings and implement on them. After this is done review your assessment and update if necessary.
The purpose of a risk assessment (RA) is to identify the entire organization’s risks and quantify the
Risks assessments will identify any hazards and/or dangers and who might be harmed and how this may happen, allow the risks to be evaluated and check if the precautions are
Clear procedures for risk assessment (e.g. the regular checking of equipment for damage and to make sure it is safe)
LAN- sub network that is made up of a group of clients plus servers which are under the control of one central security.
The analysis of risk assessment controls are an important aspect of a system, as they are used as a basis for identifying and selecting appropriate and cost-effective measures.
The Risk assessment will be a vital part of the whole security plan which is a document which basically covers the whole
For the System Development, I define it as a medium level of risk assessment. The company did design, develop and implement new systems for a certain time or logical reason. However, the new system testing is not as well as we think. As the result, the new system does no perform well as we expected. Even though the company have involve the internal audit department for the new system development, and the set them as part of the new project team to review the new project, which the team members are all been voting. They have a good process of development of new systems, but the new systems do not perform well. It will still result in a small probability of risk assessment. In general, I set a medium level of risk assessment to let the company consider about this issue.
Risk evaluation method is used to report and plan the method that’s had to design a
Proper survey and the complete scenario is taken into consideration about risks in the organization which enables the proper risk assessment. Potential of each threat or risk is evaluated and graded in order to reduce the impact of the risks or reduced the probability of its occurrence.
3). Configure the windows advanced firewall to restrict the TCP/UDP ports which are not used by the clients and servers by using GPO.
Risk assessments are very important as they form an integral part of a good system secure especially in business systems such as Border Master. This can achieve secure system by five steps. Firstly, risks assessment help to identify which may be at risk (information, goods, staff, customers, etc.). Secondly, system is taking reasonable steps to prevent that harm. Thirdly, risks assessment Evaluate the risks. For example if the risk occurs, they will help to expect what is the level of the risk on the system and what is treatment need. Then, they are record significant findings. In other word, if risk occurs, this record is helpful to review because it has exaptation solution can be implemented quickly. Finally, risk assessment is regularly reviewed if any risk occur or new functional adding.