Risk assessment is a subset of RMP. RA helps an organization to prioritize the risks based on their likelihood and degree of impact. RA is a very important instrument when an organization is trying to evaluate their risks, plan the control/solution and monitor their effectiveness. RA helps the management take well informed decision to neutralize the risks based on the quantitative numbers and qualitative factors. Once a control …show more content…
SL.no Risks, Threats, ad Vulnerabilities Primary domain impacted Risk Impact/factor
1 Unauthorized access from public Internet WAN 2
2 User destroys data in application and deletes all files LAN 1
3 Hacker penetrates your IT infrastructure and gains access to your internal network System/Application 3
4 Intraoffice employee romance gone bad Workstation 3
5 Fire destroys primary data center System/Application 1
6 Service provider service level agreement (SLA) is not achieved User 2
7 Workstation operating system (OS) has a known software vulnerability Workstation 3
8 Unauthorized access to organization-owned workstations Workstation 2
9 Loss of production data server System/Application 1
10 Denial of service attack on organization Demilitarized zone (DMZ) and e-mail server System/Application 2
11 Remote communications from a home office WAN 3
12 LAN server OS has a known software vulnerability LAN 3
13 User downloads an unknown e-mail attachment Workstation 3
14 Workstation browser has software vulnerability Workstation 3
15 Mobile emplyoee needs secure browser access to sales-order entry system LAN-to-WAN 2
16 Service provider has a major network outage User 1
17 Weak ingress/egress traffic-filtering degrades performance User …show more content…
Breaking them down further, there are 2 RF for System/Application domain, 2 for User domain, and 1 each for Remote access and LAN domain. These are critical as they impact the compliance and may cause a big financial loss to the stakeholders and shareholders. These critical issues need to be addressed as soon as possible. There are 8 major issues, 2 RF impacting each of WAN, LAN-to-WAN, and User domains. 1 RF impacting each of System/Application and Work station domains. These major issues are to be addressed once the critical issues are mitigated first. Las but not the least, there are 8 minor issues as listed in the above table, which should not be completely ignored, in fact, they should be handled