Gibson says, “A risk assessment (RA), also referred to as “Risk Analysis”, is a process used to identify and evaluate risk” (2015). It differs from Risk Management Plan (RMP) as RA is about classifying the risks quantitatively and qualitatively, but RMP is about avoiding and mitigating risks, threats and vulnerabilities.
Risk assessment is a subset of RMP. RA helps an organization to prioritize the risks based on their likelihood and degree of impact. RA is a very important instrument when an organization is trying to evaluate their risks, plan the control/solution and monitor their effectiveness. RA helps the management take well informed decision to neutralize the risks based on the quantitative numbers and qualitative factors. Once a control …show more content…
SL.no Risks, Threats, ad Vulnerabilities Primary domain impacted Risk Impact/factor
1 Unauthorized access from public Internet WAN 2
2 User destroys data in application and deletes all files LAN 1
3 Hacker penetrates your IT infrastructure and gains access to your internal network System/Application 3
4 Intraoffice employee romance gone bad Workstation 3
5 Fire destroys primary data center System/Application 1
6 Service provider service level agreement (SLA) is not achieved User 2
7 Workstation operating system (OS) has a known software vulnerability Workstation 3
8 Unauthorized access to organization-owned workstations Workstation 2
9 Loss of production data server System/Application 1
10 Denial of service attack on organization Demilitarized zone (DMZ) and e-mail server System/Application 2
11 Remote communications from a home office WAN 3
12 LAN server OS has a known software vulnerability LAN 3
13 User downloads an unknown e-mail attachment Workstation 3
14 Workstation browser has software vulnerability Workstation 3
15 Mobile emplyoee needs secure browser access to sales-order entry system LAN-to-WAN 2
16 Service provider has a major network outage User 1
17 Weak ingress/egress traffic-filtering degrades performance User …show more content…
Breaking them down further, there are 2 RF for System/Application domain, 2 for User domain, and 1 each for Remote access and LAN domain. These are critical as they impact the compliance and may cause a big financial loss to the stakeholders and shareholders. These critical issues need to be addressed as soon as possible. There are 8 major issues, 2 RF impacting each of WAN, LAN-to-WAN, and User domains. 1 RF impacting each of System/Application and Work station domains. These major issues are to be addressed once the critical issues are mitigated first. Las but not the least, there are 8 minor issues as listed in the above table, which should not be completely ignored, in fact, they should be handled
Risk assessment is a subset of RMP. RA helps an organization to prioritize the risks based on their likelihood and degree of impact. RA is a very important instrument when an organization is trying to evaluate their risks, plan the control/solution and monitor their effectiveness. RA helps the management take well informed decision to neutralize the risks based on the quantitative numbers and qualitative factors. Once a control …show more content…
SL.no Risks, Threats, ad Vulnerabilities Primary domain impacted Risk Impact/factor
1 Unauthorized access from public Internet WAN 2
2 User destroys data in application and deletes all files LAN 1
3 Hacker penetrates your IT infrastructure and gains access to your internal network System/Application 3
4 Intraoffice employee romance gone bad Workstation 3
5 Fire destroys primary data center System/Application 1
6 Service provider service level agreement (SLA) is not achieved User 2
7 Workstation operating system (OS) has a known software vulnerability Workstation 3
8 Unauthorized access to organization-owned workstations Workstation 2
9 Loss of production data server System/Application 1
10 Denial of service attack on organization Demilitarized zone (DMZ) and e-mail server System/Application 2
11 Remote communications from a home office WAN 3
12 LAN server OS has a known software vulnerability LAN 3
13 User downloads an unknown e-mail attachment Workstation 3
14 Workstation browser has software vulnerability Workstation 3
15 Mobile emplyoee needs secure browser access to sales-order entry system LAN-to-WAN 2
16 Service provider has a major network outage User 1
17 Weak ingress/egress traffic-filtering degrades performance User …show more content…
Breaking them down further, there are 2 RF for System/Application domain, 2 for User domain, and 1 each for Remote access and LAN domain. These are critical as they impact the compliance and may cause a big financial loss to the stakeholders and shareholders. These critical issues need to be addressed as soon as possible. There are 8 major issues, 2 RF impacting each of WAN, LAN-to-WAN, and User domains. 1 RF impacting each of System/Application and Work station domains. These major issues are to be addressed once the critical issues are mitigated first. Las but not the least, there are 8 minor issues as listed in the above table, which should not be completely ignored, in fact, they should be handled