Risk Assessment Of Ncz Bank

2253 Words10 Pages
NEW YORK INSTITUTE OF TECHNOLOGY
School of Engineering and Technology
Department of Computer Science

INCS-775: Data Center Security

ASSIGNMENT -1

RISK ASSESSMENT OF NCZ BANK

SUBMITTED BY: GIFTY SUSAN MANI ID: 1036284

Table of Contents

INTRODUCTION 3
PURPOSE 3
SCOPE OF THIS RISK ASSESSMENT 3
RISK ASSESSMENT APPROACH 4
THE PARTICIPANTS 4
TECHNIQUE USED 4
THE DEVELOPMENT AND DESCRIPTION OF RISK SCALE 5

SYSTEM CHARACTERIZATION 6
CHARACTERIZE THE SYSTEM 6
OUTLINE DIAGRAM 6

THREAT STATEMENT 7
TELECOM THREATS 7
MOBILE THREATS 8
WEB ATTACKS 9
INTERNAL THREATS 9
RISK ASSESSMENT 10
SUMMARY 14

I. Introduction

Purpose


Information is considered to be the main asset in financial
…show more content…
Finally, the control steps for fixing the risks and a customizable model were suggested to lower the impact of risks on the respective system.

Risk assessment inside risk management

II. Risk Assessment Approach


The Participants:
➢ Senior Management.
➢ System and Information Owners.
➢ Business and Functional Management.
➢ Chief Information Security Officer.
➢ IT Security Practitioners.
➢ Security Awareness Trainers.

The Technique Used: Risk Assessment approaches vary in different organizations. In this report, the OWASP approach has been followed for the Risk Assessment. The severity of the risk can be analyzed by following the below steps: ➢ Identifying the Risk (Threat or Vulnerability).
➢ Finding the Prevailing Control Measure.
➢ Determining the Likelihood.
➢ Analyzing the Impact of the risks.
➢ Estimating the Risk Level.
➢ Measures to Reduce the Risks.

Information Gathering Techniques:
The information relevant to the NCZ Banking System can be gathered using any of the techniques such as:
➢ Questionnaires: It includes drafting questionnaires concerning the operational and management controls based on the structure. These Questionnaires are distributed among the team members involved in the implementation of the Banking system.
➢ On-site Interviews: This approach helps to gather information about the environmental, structural, physical and operational characteristics
    Get Access