Case Study Essay

1452 Words Apr 3rd, 2015 6 Pages
Case Study Phase III
Edgar Pavon-Hernandez
American Military University

Case Study Phase I Defining risk to an organization means identifying which assets are susceptible to a threat. This threat can cause damage to a company or can be costly. The most important aspect is to mitigate risk to keep tangible and intangible costs low. For example is an online shopping website. Because it is a website its revenue is from online orders. In the following sentences I will go over a few things which can be potential risk to the site. A risk to the company,, could be a hacker gaining unauthorized access to the websites server. The hacker could then begin attacking other servers within the site. If the
…show more content…
It is important to safeguard the server which stores this information. If a hacker gained access to the server, it puts the customer at risk for identity theft. Which would then fall on Amazon to make amends with the customer. Any area in Amazon that processes personal information would be highly susceptible to risks as well as the systems that process all online transactions. Because the site is an online shopping site. It must put controls in place to prevent the site from coming down. For example, by setting up a backup fallback server which allows the site to run even if the main server crashes or goes down. By having more servers to handle the websites request it can ensure that the site stays operational at all times.

Case Study Phase II Now that we covered what are the possible risk associated with Amazon. It is time to put those possibilities down on paper. By performing a risk assessment on this company we can evaluate which assets are vital towards the company and which one requires controls. There is a four step process to the risk assessment. The first is identifying and evaluate relevant threats, the next step is identify and evaluate relevant vulnerabilities, the one after that is identify and evaluate countermeasures and the last is developing a mitigation strategy. Beginning with identifying and evaluating relevant threats. The risk assessment needs to take into account what assets are used most. A possible

Related Documents