Is3110 Project: Risk Management Plan

Lab #1 – Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT Infrastructure

The security ecosystems that are available in today’s IT environments are ill-equipped and are unable to

Defenselessness is a shortcoming in a framework or its outline that could be abused by a risk. Vulnerabilities are at times found in the conventions themselves, as on account of some security shortcomings in TCP/IP. Frequently, the vulnerabilities are in the working frameworks and applications. Composed security strategies may likewise be a wellspring of vulnerabilities. This is the situation when composed arrangements are excessively careless or are not sufficiently intensive in giving a particular approach or line of direct to organize overseers and

Regarding the four elements mentioned, “threat” deals with change, and when a person feels he/she has to make a change, unwillingly (Feist et al., 2013). An example the textbook gives is of a therapist working with a client, and trying to get the client to see things from a different perspective (Feist et al., 2013). The client may be hesitant to change; he/she has gotten comfortable with doing things a certain way which will make it harder for him/her to change.

Threats can come in many different forms, human and nonhuman. Some can cause harm, while others can cause no harm. “Advanced persistent threat attacks come from organized, well-financed, patient assailants” (Pfleeger et al., 2015, p. 15)

Further, Harris is clearly troubled by certain tactics taken by the NSA, such as when it has become aware of vulnerabilities in particular software or systems. On some occasions, the NSA has decided not to disclose those vulnerabilities or else it has encouraged firms not to cure them in order to permit the NSA to better identify the adversary and determine its goals. Harris also describes the tactic of injecting malware into an adversary’s computers and servers overseas, and shows that this tactic may have unforeseen

Thank you for responding to my discussion board post. You brought up an excellent point about using the proper tool for the job. In many case, depending upon the size of an organization and its information technology department, they may not properly use or implement the correct tools for the security task they want to complete or not utilize all of a systems or devices capabilities. This can also leave the devices that they implemented vulnerable.

Threats come in various forms but we must remember that threats are people not just malware.

Reports of computer security failures appear frequently in the daily new. Cite a reported failure that exemplified one (or more) of the principles listed in the chapter: easiest penetration, adequate protection, effectiveness, weakest link.

Zero Day Exploits where the assailant discovers a flaw ahead of the security community in raises the defense (Wadlow, 2009).

A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger.

In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information.

1. Data Breach: A data breach is an incident in which sensitive, protected or confidential

The creation of a threat model is a way for organizations to be able to

We have to keep our security framework much hardened and solid with the goal that the likelihood diminishes. Yet, in the event that we neglect to do as such there are solid shots that the danger will happen, Carol Dekkers, Dave Zubrow, and James McCurley (February, 2007).