Identifying Threats and Vulnerabilities PDF

Preview

Summary

something...

Description

Course: IT-313-J1660 Risk Mgmt./Mitigation Sys Des 20EW1 Student’s name: Salome Odipo Name of School: South New Hampshire University Date: 15th September 2020

Identifying Threats and Vulnerabilities Risks in an organization’s IT system can be mitigated by properly identifying threats and vulnerabilities. Another way to mitigate risks to reduce impact of vulnerabilities. This paper identifies threats and vulnerabilities within the seven domains of IT for Fertilizer Plus, a small agricultural company that produces and sells fertilizer products. We will also discuss the likelihood of each threat action.

Threats to the seven domains of IT

The first threat concerns the user domain since sales persons employed by Fertilizer Plus connect to the network in one way or another, they could be compromised and fall victims to social engineering attacks where they are tricked into giving vital information or visiting malicious links or sites which may contain malware, writing down passwords as a way to keep track of them or even knowingly disclosing them.

For the workstation domain, since sales persons are allowed to connect through a VPN from their home computers, Fertilizer plus does not have control of these devices. This even when connected to a bastion host, can allow data leakage from keystroke loggers and screencapturing malware (Kraft Kennedy, 2020).

Since all three main sites for Fertilizer plus use Ethernet-cabled LANs to connect its users to their respective work stations, this is a threat since an attacker can gain access into the any of the facilities and steal company information. Remote connections through a VPN is also a threat since the VPN software may be compromised during authentication or data transmission.

Another threat is that Fertilizer Plus does not have proper backups since all the three servers located centrally at its headquarters in Indiana.

Vulnerabilities to the seven domains of IT

The organization stands to lose data or hindered business continuity incase all the three servers are destroyed. Another vulnerability is the use of an outdated operating system, Windows 7 in all of its three major sites. Use of VPN software over the internet is a vulnerability in Fertilizer Plus IT infrastructure, data can be intercepted during transmission if it is not encrypted.

Threat/vulnerability pairs

THREAT

VULNERABILITY

Social Engineering

Sales persons not being security aware or conscience

Malware attacks

Sales persons visiting malicious links

Computer Equipment failure

Data not being backed up

Stolen data

Use of VPN software over public internet without encryption

Denial of service (DoS)

Use of outdated window’s seven PCs for users in all the sites

Stolen data

Sales persons allowed to access company I.T resources from home using home computers

References

Kraft Kennedy, 2020. WARNING… The Dangers of Using a VPN on a Home Computer Retrieved from https://www.kraftkennedy.com/warning-the-dangers-of-using-a-vpn-on-ahome-computer/...