IT-313 2-2 Activity
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
313
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
3
Uploaded by ElderHeronMaster1052
2-2 Activity
IT-313: Risk Management/Mitigation System
2-2 Activity: Identifying Threats/Vulnerabilities Toni Yvon
As an IT professional at Fertilizer Plus, my responsibility is to reduce threats, vulnerabilities and strive in protecting the company’s reputation. Risk involves in all of our
2-2 Activity
life’s regardless of the precautions that we take. Therefore, acknowledging risks, being aware
of these vulnerabilities and estimating the possibility of these threat actions would help the company and all of us grow together and protect each other. At Fertilizer Plus, there are seven domains of IT infrastructure such as User domain, Workstations domain, LAN domain, System/Application domain, Remote Access domain and LAN-to-WAN domain. Each of these domains arises its own risks/threats. Some of the biggest threats/vulnerabilities include human error, viruses and malicious attacks, weak/compromised authentication mechanisms and hardware/software failures. For example,
a remote access domain or user domain salesperson throughout the country connects to the company network via VPN software, which could be an easy target for data breach, allowing an unauthorized user from inside or outside an organization to gain access to sensitive data and intellectual property. While the LAN, LAN-to-WAN domain, system/application of the company is outdated which would be easier to corrupt by malware and viruses. Another threat that can impact the company is the workstations. Since the workstations/servers are located in Indiana, during a breach it would be hard to restore data. There are several vulnerabilities in the seven domains of Fertilizer Plus’s IT infrastructure. One major factor is inadequate training of the staff members from different states which could result in security vulnerabilities. For instance, employees may unknowingly download malicious applications, lost/stolen device, connecting to unsecured networks or fail to install security updates. When this happens, it creates a challenge for protecting sensitive data. Other vulnerabilities include the workstations that are utilizing Windows 7 OS, the remote access that uses firewall for routing traffic, Data stored through
2-2 Activity
Linux and Oracle. All of these IT infrastructures are outdated which results in exposure of vulnerabilities to hackers. One way to prevent these vulnerabilities would be to have proper training for employees, up-to-date systems, constantly updating the systems, cloud storage for backups, limited access to employees based on responsibilities and ensure that devices have extra authentication system setup. Below are the threats/vulnerability pairs to determine threat actions that could pose risks to the organization and the likelihood of each threat action identified:
Threats Vulnerabilities Likelihood of threat
Users/Employees
System attacks, lack of system security, lack of education/training
High
Stolen Credentials/Device
Compromised/data breach
High
Outdated Software
Easier for hackers to gain access
High
Equipment Failure Outdated backup systems
High
Malware/Virus Fishing/malicious links
Medium The current IT infrastructure of Fertilizer Plus is a great starting point for any business. However, looking at our IT structure, there are multiple threats and vulnerabilities that have been classified such as mentioned above. Let’s create a plan to implement for better
security and improve the company’s IT infrastructure such as utilize cloud for backups instead of Active Directory, updating hardware/software and educate/train employees. This would be a great start for the future of our company and growth.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help