T_McKinstry_W7P2
docx
keyboard_arrow_up
School
Charter Oak State College *
*We aren’t endorsed by this school
Course
CSS 230
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by ChefDanger11876
WK7: Application of Risk Management Techniques
October 13, 2023
Vulnerabilities/Threats
Internet Security
The use of VPN’s by the employees outside of the main facility can leave that main facility vulnerable to cyber-attacks. The employees access their main computers through the VPN while on their home network, which may or may not be entirely secure. Someone can use that connection between the two and exploit it. The likelihood of this happening is relatively high with a 50% - 90% chance.
Application Server Failure
The application server on the main facility stores all of the important information about the external facilities outside of the main one, such as sales, inventory, supply chain, etc. If this service were to fail for any reason, all of that information could potentially be wiped from the system. The likelihood of this happening is relatively moderate with a 30% - 50% chance.
Direct Storage Database Failure
The use of local drives in storing information that is managed by the database server
is good, however there is no mention of backup drives and seeing as how the drives are directly attached to the server, a simple power failure could have the potentiality to corrupt the data within those drives. The likelihood of this happening is a moderate chance of 30% - 50%.
LAN Connection Stoppage
The LAN connection that allows employees to access the workstations and connect them can have the possibility of failing, which would affect operations on all facilities.
The likelihood of this occurring would be relatively low of 10% - 30% chance.
External ISP Failure
The use of an external ISP in allowing the external facilities to connect to the main headquarters can have the possibility of failing as well, which would mean that most operations within those external facilities may be affected drastically as that cut connection could also mean that the information stored on the databanks would be inaccessible to them for the duration of that outage. The likelihood of this occurring is relatively moderate with a 30% - 50% chance.
Prioritization
(Ranked, “1” being the highest, and “5” being the lowest.)
1.
Internet Security
2.
Direct Storage Database
3.
Server Application
4.
External ISP 5.
LAN Connection
Mitigations
For the Internet Security I would not allow employees to access their workstations from their own home internet and instead give those external facilities their
own network that is directly shared to ours to ensure safe security. For the Direct Storage Database, I would make copies of all of the information stored on those devices to ensure that in the event of a sudden power failure or just a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
failure in the database in general, that the information stored would not be lost or corrupted at all.
For the Server Application, I would store the information on that application to either a backup drive or an external cloud service to ensure that in the event of a failure in the system, the information stored there can still be accessible to the external facilities outside of the main one.
For the External ISP, there is no realistic mitigation in the event that the service fails, however the external facilities can instead have their own drives and information stored on their own facility instead of relying on the connection provided by the ISP in order to access their information.
In the case of the LAN connection, if it fails, the equipment itself can be replaced,
however if it is more than just the simple cables and wires, then having back up storage on the external facilities would help mitigate this issue. Summary
Overall, there are five main risks to the organization which are Internet Security, Direct Storage Database Failure, Server Application Failure, External ISP Failure, and LAN Connection Failure. The order in which they appear is the order of prioritization with the first being at the highest priority and the last being at the lowest priority. The use of VPN’s can compromise the headquarters security system as an outsider can use a VPN and pose as an employee in order to steal information. The likelihood of this happening is high, but the mitigation to this would be to give the external facilities their own network security that is connected to ours.
The Direct Storage Database that is used in headquarters is good to have but must have a fallback in the event that it fails or if power is cut. The information stored on
the drives can be corrupted or erased in the event of a sudden failure. The likelihood of this occurring is moderate, but the mitigation for this would be to use backup drives to ensure that the information never gets lost. The Server Application stores all information regarding the external facilities and if that service fails, all of that information can be wiped out. The likelihood of this occurring is moderate, but the mitigation to this would be to use backup drives or a cloud service to store that information which can make it accessible to all facilities. The External ISP is something that is unavoidable to use for obvious reasons, however the service can still fail at times. The likelihood of this occurring is moderate, but the mitigation for this would be for the external facilities to have their own information stored on site, to ensure that they will always have access to it.
The LAN Connection is also something that is very much needed in operations and the chances of it failing are very low, however it is still possible. A mitigation for this would be the same for the External ISP in which facilities have their own information stored with them so that in the event of a connection failure, they can still continue operations.