For this assignment, you will need to perform a qualitative analysis on the below scenario. Please write your response in a spreadsheet.
Qualitative Analysis
For this part of the assignment, you can use the work you performed for last week. Take those 7 risks and arrange them into a spreadsheet. Perform a probability assessment and write about the impact of the risk for each of the 7, based on the geographical location of last week’s assignment. Use the following format in the attached word document:
Category |
Probability (0.0-1.0) |
Impact (0-100) |
Risk Level (P x I) |
Description |
|||||
Zombies |
.02 |
90 |
1.8 |
Zombie Apocalypse causes wide spread panic and physical security threats to staff, property and business operations. |
|||||
|
1
Running Head:Enterprise Risk Management
Worst Case Scenario 2
With the rise of technology, risks continue to be a significant concern in many firms. Each of the domains in an IT infrastructure experience security threats that alter the functionality of the organization. The paper provides an analysis of prospective threats faced by Afrotech, a technology company I worked for in the summer of 2017. There is two division of the threats; realm and fringe possible threats.
Realm threats
Firstly, is the destruction of data in the user domain. Typically, users destroy data in the application or delete all the information. In other cases, when the user inserts the data. Spoofing, pharming, and pishing of the user can lead to the destruction of files. In case the threat occurs, there is a loss of information (Vasileiadis, 2017). Loss of data has an impact on the organization. Enhancement of the user domain prevents the loss of data on the domain.
Unauthorized access leads to loss of information in a workstation domain. Typically, many users are accessing a workplace domain that increases hackers (Vasileiadis, 2017. A significant number of users on the workstation increase chances of hackers accessing the system. In case of the happening, the organization or individuals could risk losing information to unlawful persons. Loss of data is a violation of personal or organizational information. Improvement of authentication protocols lowers unauthorized access to information.
There is the destruction of programs on the network through a malware in a LAN domain. Typically, peer computers in the firm are connected to a trusted server within the local area in the network. The server receives and sends information to other computers in the network within the network. Malware on the peer or the server computers can lead to the destruction of programs in all machines. Consequently, the organization spends a substantial expanse of resources in replacement of the programs. Regular updating of the system lowers malware attacks.
SQL injection and corruption of data through attacks on the application Storage Domain. SQL injection can occur through the retrieving of data, subverting logic, or interference with the standard interface of the query (Vasileiadis, 2017). Typically, the injection of SQL leads to an attack of information on the database. Corruption of the information on the database leads to loss of information of high relevance to the organization. The organization can consider the validation of inputs to prevent injections.
Hacking information on VPN tunneling in remote access Domain and VPN tunneling occurs when information is passed from a person to another via insecure mediums such as the Internet (Stevens et al., 2017). The Internet is the most common method of sharing information that employees within the organization. The organization can use safer ways of sharing information.
Fringe threats
A denial-of-service attack (DoS) on WAN Domain. The computers in the organization are also connected on long distances using the domain, and the semi-private line is introducing a threat. Although not common, a DoS attack, computers flood the system with TCP and UDP packets (Stevens et al., 2017). The attack affects how the organization runs by denying some peer computers access to the network (Stevens et al., 2017). Denial of some machines from accessing the information leads to a healthy flow of information in the system. The management can foster on increasing the bandwidth prevents DoS attacks.
Virus and Trojans inflict damage on the network on the LAN-WAN domain. Although Afrotech invests heavily in the installation of the LAN-WAN domain, small errors lead to the formation of open firewalls on the network that allow viruses and network worms (Stevens et al., 2017). Viruses quickly access these open ports that lead to an attack on the network. Damage of the network would cost the organization a large amount of money to repair. Proper installations of the technology system prevent ports on the firewall and the IT department in Afrotech to ensure that there is no room for faults.
References
Stevens, N. J., Salmon, P. M., & Taylor, N. (2018). Work Domain Analysis applications in urban planning: active transport infrastructure and urban corridors. Cognitive Work Analysis: Applications, Extensions, and Future Directions, 285-302.
Vasileiadis, D. (2017). Implementation of a reference model of a typical IT infrastructure of the office network of a power utility company.