NEW YORK INSTITUTE OF TECHNOLOGY
School of Engineering and Technology
Department of Computer Science
INCS-775: Data Center Security
ASSIGNMENT -1
RISK ASSESSMENT OF NCZ BANK
SUBMITTED BY: GIFTY SUSAN MANI ID: 1036284
Table of Contents
INTRODUCTION 3
PURPOSE 3
SCOPE OF THIS RISK ASSESSMENT 3
RISK ASSESSMENT APPROACH 4
THE PARTICIPANTS 4
TECHNIQUE USED 4
THE DEVELOPMENT AND DESCRIPTION OF RISK SCALE 5
SYSTEM CHARACTERIZATION 6
CHARACTERIZE THE SYSTEM 6
OUTLINE DIAGRAM 6
THREAT STATEMENT 7
TELECOM THREATS 7
MOBILE THREATS 8
WEB ATTACKS 9
INTERNAL THREATS 9
RISK ASSESSMENT 10
SUMMARY 14
I. Introduction
Purpose
Information is considered to be the main asset in financial
…show more content…
Finally, the control steps for fixing the risks and a customizable model were suggested to lower the impact of risks on the respective system.
Risk assessment inside risk management
II. Risk Assessment Approach
The Participants:
➢ Senior Management.
➢ System and Information Owners.
➢ Business and Functional Management.
➢ Chief Information Security Officer.
➢ IT Security Practitioners.
➢ Security Awareness Trainers.
The Technique Used: Risk Assessment approaches vary in different organizations. In this report, the OWASP approach has been followed for the Risk Assessment. The severity of the risk can be analyzed by following the below steps: ➢ Identifying the Risk (Threat or Vulnerability).
➢ Finding the Prevailing Control Measure.
➢ Determining the Likelihood.
➢ Analyzing the Impact of the risks.
➢ Estimating the Risk Level.
➢ Measures to Reduce the Risks.
Information Gathering Techniques:
The information relevant to the NCZ Banking System can be gathered using any of the techniques such as:
➢ Questionnaires: It includes drafting questionnaires concerning the operational and management controls based on the structure. These Questionnaires are distributed among the team members involved in the implementation of the Banking system.
➢ On-site Interviews: This approach helps to gather information about the environmental, structural, physical and operational characteristics
With these risks highlighted then reduction of risk, both positive and negative can be identified.
Usually, the most common risk management strategies can be subdivided into multi-stage approach in order to obtain a better impression of the underlying risks and thus to increase the probability of mitigating the firm’s risks properly and successfully. Also General Motors Corporation has developed various rules and guidelines to help manage minimize the risks associated with their business and investment operations.
The risk-management plan then starts by identifying each of these sources, their magnitude, their relation to the various design stages, and their possible effects on cost, schedule, quality, and performance. The next step is to look for modifications or alternatives that would permit risk reduction. The thoughtful selection of computer language or operating system may reduce some of the integration risks. If management decides to develop a new software package, contingency plans that cut expenses and development time at the cost of lower performance should be prepared. These plans are used in case the undesired event takes place. By preparing a contingency plan in advance, time is
Questionnaires are “a series of questions asked to individuals to obtain statistically useful information about a given topic” (Bryant, L, 2014). There are different types of questionnaires that include face to face, phone, post and online.
The analysis of risk assessment controls are an important aspect of a system, as they are used as a basis for identifying and selecting appropriate and cost-effective measures.
* Reduce the likelihood of failure by identifying risk events and dealing with them explicitly
From the risks identified, the most significant are shown in table 2.22 and I would use the following risk management strategies:
McBride Financial Services is a virtual organization at University of Phoenix that provides mortgage services for its members. McBride has as its stated goal to be a "preeminent provider of low cost mortgage services using state-of-the-art technology in the five state areas of Idaho, Montana, Wyoming, North Dakota, South Dakota." McBride provides serves for three primary groups of mortgage seekers: professionals purchasing a primary or secondary residence, retirees purchasing a primary or secondary residence, and families and/or individuals purchasing recreational properties.
For the small community bank, every action involves an amount of risk. A risk management program, which identifies, analyzes, treats, and monitors risks, is necessary for the bank’s operations. Mitigation strategies are implemented against potential losses or a bank failure. The executive in charge of developing and integrating the program is the Chief Risk Officer (CRO). The risk management program for the community bank addresses ten risks associated with Enterprise Risk Management (ERM) or traditional risk management processes, while attaining risk management goals.
Security of information is crucial in any organization regardless of the activities it undertakes. As such, in the event you are developing a project, key interest has to be taken concerning the threats or risks likely to take place. It is imperative to handle either tangible or intangible issues associated to security. For GFI to regain its reputation, it is important to comprehend the security issues that should be handled. The report will describe various security efforts aimed at making GFI more secure.
Although some risks can be predicted and prepared for pre-emptively, there are always random variables and unknown factors which make it hard to predict the outcomes with certain precision. While the preferable course of action is to prevent these risks from arising in the first place, it should be accepted that certain risks will always exist and will need to be corrected accordingly instead of ignoring the issue completely.
* Risk mitigation: The next major step in measuring level of risk was to determine the adverse impact resulting from successful exploitation of vulnerability. The adverse impact of a security event can be described in terms of loss or degradation of any, or a combination of any, of the following three security goals:
Next, you would decide on how to word the questions, then you establish how you want the flow of the survey and ensure the questionnaire meets with the original objectives.
Concept of risk, risk assessment, risk management and how uncertainty affects the process will be discussed.