EZ2find has mandated our team to perform a Threat and Risk Analysis of the computer environment in its Montreal head office. ...
As requested, our team is only focusing on the Montreal headquarters in this Threat and Risk Analysis of EZ2find. ...
As a result of our Threat and Risk Analysis we recommend the following solutions to ensure the appropriate management of EZ2find’s IT security:
EZ2find Threat and Risk Analysis
Page 3 of 53 2003. ...
The remainder of this document outlines our Threat and Risk Analysis in detail.
EZ2find Threat and Risk Analysis
Page 4 of 53 2003. ...
EZ2find Threat and Risk Analysis
Page 5 of 53 2003. ... 21
4 Analysis Limitations
This Threat and Risk Analysis is limited to the Montreal operation. ...
Exclusions from our Threat and Risk Analysis are the following:
•The concerns related to the destruction of the environment, concerns such as flood,
fire, earthquake, and airplane crashes. ...
5 Risk Model
A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. The Threat and Risk Analysis process results in a cost effective security program that minimizes, or eliminates, the effect of the risks.
There are many different Threat and Risk Analysis models. ... The objective models require assigning a numerical values to
each threat and a probability value to each vulnerability. ... This model requires the assignment of subjective values, such as “high”, “medium” and “low” to each threat and vulnerability. The Threat and Risk Analysis model used in this report is based on a well-accepted process in the IT security industry. ... EZ2Find’s marketing collateral (including market analysis, design, & plans) is its lifeline. ... Through this analysis the Marketing Department is able to pinpoint its target audience and the types of websites their potential and current customers are likely to visit. ...
Threats, Likelihood, Risk
THREAT ANALYSIS
Asset Threat Threat category Likelihood of Occurrence Consequence of Occurrence Impact Risk Level Rationale
Computers Hardware
Failure Interruption Low Loss/Corruption of info Exceptionally grave 4 Given today’s technology and the regency of the equipment, this likelihood is Low
Removal Low Loss/Corruption of info Serious 2
Power failure Interruption Medium Non availability Serious 6 This likelihood is estimated to be medium. ... Hacking can involve more than one threat to the network: disclose, interrupt and modify and destroy the network. ...
Threat Threat category Likelihood of Occurrence Rational
Hacker/
Sabotage Disclosure High Given the near absence of network security and the unpredictable nature of he hacking, the likelihood of an hacker attacking the network is High
Interruption High
Modification High
Destruction High
Removal Low Although the physical security is near inexistent, saboteur has to know about the computer room and has to have an interest in stealing the network devices or media. ... 4 Risk
The risk level associated with a threat is function of the likelihood of an event and of the impact on the organization. Risk level are expressed numerically from 1 to 9, 1 being the lesser risk and 9 being the prevalent risk.
THREAT ANALYSIS
Asset Threat Threat category Likelihood
of
Occurrence Consequence
of
Occurrence Impact
Risk level
Network
Hacker/
Sabotage Disclosure High Confidential and internal information are exploited Very serious 9
Interruption High Non availability Very serious 9
Modification High Modification of accounting data or customer data and lost the access control Very serious 9
Destruction High Major disruption of the network Very serious 9
Removal Low Major disruption of the business functions Very serious 9
Hardware failure Interruption Low Non availability Serious 2
Destruction Low Damage the configuration and log files Very serious 4
Power failure Interruption Medium Non availability Less serious 3
Destruction Medium Damage the configuration and log files Serious 6
No encrypted Channels Disclosure High Disclosure of company secrets, customer data, accounting data Very serious 9
To link to this page, copy the following code to your site:
All Papers Are For Research And Reference Purposes Only!
You may not turn these papers in as your own! You must cite our web site as your source!
