Title | Allegro Worksheet V1 |
---|---|
Author | sdf sdfv |
Course | Network Security |
Institution | Kingston University |
Pages | 8 |
File Size | 221.7 KB |
File Type | |
Total Downloads | 139 |
Total Views | 386 |
Allegro Worksheet RISK MEASUREMENT CRITERIA – REPUTATION AND CUSTOMER CONFIDENCEImpact Area Low Moderate HighReputationReputation is slightly affected. Ver easy to recover.Reputation is spoiled. Lot of money and time should be spent.Reputation is damaged very severely and cannot be restored.Customer...
Allegro Worksheet Impact Area Reputation
Customer Loss
RISK MEASUREMENT CRITERIA – REPUTATION AND CUSTOMER CONFIDENCE Low
Moderate
High
Reputation is slightly affected. Ver easy to recover. Less than 15% loss in customers due to loss of confidence
Reputation is spoiled. Lot of money and time should be spent 15 to 55% loss in customers due to loss of confidence
Reputation is damaged very severely and cannot be restored. More than 50% loss in customers due to loss of confidence and publicity.
Allegro Worksheet Impact Area
RISK MEASUREMENT CRITERIA – FINANCIAL Low
Moderate
High
Operating Costs
25% increase in yearly operating costs
Yearly operating costs increase by 25 to 50%.
Yearly operating costs increased more than 50%.
Revenue Loss
Less than 20% loss in revenue
Less than 50% loss in revenue
Greater than 50% yearly revenue loss
One-Time Financial Loss
One-time financial cost of less than $ 40,000
One-time financial cost of $ 40,000 to $ 200,000
One-time financial cost greater than $ 250,000
Allegro Worksheet Impact Area
Staff Hours
RISK MEASUREMENT CRITERIA – PRODUCTIVITY Low
Moderate
Human work hours are increased by less than 15% for 2 day(s).
Human work hours are increased between 15% and 40% for 5day(s).
Allegro Worksheet Impact Area
High Human work hours are increased by greater than 50% for 5 to 15day(s)
RISK MEASUREMENT CRITERIA – SAFETY AND HEALTH Low
Life
No damage to customers’ or staff members’ lives
Health
Minimal, immediately treatable degradation in customers’ or staff
Moderate Customers’ or staff members’ lives are at risk, but they will recover after recei ing medication Temporary or recoverable impairment of customers’ or staff members’ health
High Damage of customers’ or staff members’ lives Permanent impairment of significant aspects of customers’ or staff
Safety is questioned
Safety
Allegro Worksheet Impact Area
Safety is affected
Safety is violated
RISK MEASUREMENT CRITERIA – FINES AND LEGAL PENALTIES Low
Moderate
High
Fines
Fines less than 19% are levied.
Fines between 20% and 50% are levied.
Fines greater than 50% are levied.
Lawsuits
Non-frivolous lawsuit or lawsuits less than 10% are filed against the organization, or frivolous lawsuit(s) are filed against the organization.
Non-frivolous lawsuit or lawsuits between 20% and 40% are filed against the organization.
Non-frivolous lawsuit or lawsuits greater than 50% are filed against the organization.
Investigations
No queries from government or other organizations
Government or other investigative organization requests information or records (low profile).
Government or other investigative organization initiates a high-profile, in-depth investigation into organizational practices
Allegro Worksheet
IMPACT AREA PRIORITIZATION WORKSHEET
PRIORITY 5 4 3 2 1
IMPACT AREAS Productivity Financial Reputation and Customer Confidence Fines and Legal Penalties Safety and Health
Allegro Worksheet 8
CRITICAL INFORMATION ASSET PROFILE
(1) Critical Asset
(2) Rationale for Selection
(3) Description
Business Data
This asset is important to the organization because it stores all of the crucial data like permissions, access etc.
A data system used for storing info for long or short periods of time and keeping it organized.
(4) Owner(s) Organization “XYZ” (5) Security Requirements Confidentiality
Only authorized personnel can view this information asset, as follows:
Security Manager, CEO, Security Admin
Only authorized personnel can modify this information asset, as follows:
Security Manager, CEO
Integrity
This asset must be available for these personnel to do their jobs, as follows:
Security Manager, CEO. Security Admin, Users.
Availability This asset must be available for 24 hours, 7 days/week, 365 days/year.
Other
This asset has special regulatory compliance protection requirements, as follows:
HIPPA is needed in medical organization and PCI DSS for Bank Information.
(6) Most Important Security Requirement
Confidentiality
Integrity
Availability
Other
Allegro - Worksheet 10
INFORMATION ASSET RISK WORKSHEET
Information Asset
Active Directory
Area of Concern
Unauthorized disclosure of Financial and person data.
(1) Actor
Attacker or Competitor.
Who would exploit the area of concern or threat? (2) Means
Exploiting the Vulnerabilities.
Information Asset Risk
Threat
How would the actor do it? What would they do? (3) Motive
Trying to steal financial and personal information
What is the actor’s reason for doing it?
from the business or from other customers.
(4) Outcome
Disclosure
Destruction
What would be the resulting effect on the information asset?
Modification
Interruption
(5) Security Requirements
By getting Access to the ports in the Active
How would the information asset’s security requirements be breached?
Directory.
(6) Probability What is the likelihood that this threat scenario could occur?
✔ High
(7) Consequences What are the consequences to the organization or the information asset owner as a result of the outcome and breach of security requirements?
Moderate
Medium
Low
(8) Severity How severe are these consequences to the organization or asset owner by impact area? Impact Area
Value
Score
Reputation & Customer
5
20
Financial
3
15
Productivity
2
5
Safety & Health
1
5
Fines & Legal Penalties
4
20
User Defined Impact Area
N/A
N/A
Relative Risk Score
65...