Title | Identifying Threats and Vulnerabilities |
---|---|
Author | Don Ondeje |
Course | Introduction to Data and Information Management |
Institution | Southern New Hampshire University |
Pages | 4 |
File Size | 101.6 KB |
File Type | |
Total Downloads | 85 |
Total Views | 148 |
something...
Course: IT-313-J1660 Risk Mgmt./Mitigation Sys Des 20EW1 Student’s name: Salome Odipo Name of School: South New Hampshire University Date: 15th September 2020
Identifying Threats and Vulnerabilities Risks in an organization’s IT system can be mitigated by properly identifying threats and vulnerabilities. Another way to mitigate risks to reduce impact of vulnerabilities. This paper identifies threats and vulnerabilities within the seven domains of IT for Fertilizer Plus, a small agricultural company that produces and sells fertilizer products. We will also discuss the likelihood of each threat action.
Threats to the seven domains of IT
The first threat concerns the user domain since sales persons employed by Fertilizer Plus connect to the network in one way or another, they could be compromised and fall victims to social engineering attacks where they are tricked into giving vital information or visiting malicious links or sites which may contain malware, writing down passwords as a way to keep track of them or even knowingly disclosing them.
For the workstation domain, since sales persons are allowed to connect through a VPN from their home computers, Fertilizer plus does not have control of these devices. This even when connected to a bastion host, can allow data leakage from keystroke loggers and screencapturing malware (Kraft Kennedy, 2020).
Since all three main sites for Fertilizer plus use Ethernet-cabled LANs to connect its users to their respective work stations, this is a threat since an attacker can gain access into the any of the facilities and steal company information. Remote connections through a VPN is also a threat since the VPN software may be compromised during authentication or data transmission.
Another threat is that Fertilizer Plus does not have proper backups since all the three servers located centrally at its headquarters in Indiana.
Vulnerabilities to the seven domains of IT
The organization stands to lose data or hindered business continuity incase all the three servers are destroyed. Another vulnerability is the use of an outdated operating system, Windows 7 in all of its three major sites. Use of VPN software over the internet is a vulnerability in Fertilizer Plus IT infrastructure, data can be intercepted during transmission if it is not encrypted.
Threat/vulnerability pairs
THREAT
VULNERABILITY
Social Engineering
Sales persons not being security aware or conscience
Malware attacks
Sales persons visiting malicious links
Computer Equipment failure
Data not being backed up
Stolen data
Use of VPN software over public internet without encryption
Denial of service (DoS)
Use of outdated window’s seven PCs for users in all the sites
Stolen data
Sales persons allowed to access company I.T resources from home using home computers
References
Kraft Kennedy, 2020. WARNING… The Dangers of Using a VPN on a Home Computer Retrieved from https://www.kraftkennedy.com/warning-the-dangers-of-using-a-vpn-on-ahome-computer/...