Global Tech is a website for online selling of the sports goods. The employees authentication mechanism has been kept strict, the employee authentication credential have updated regularly with standard procedure on their workstations. All these workstations have low level information related to sale and purchase only and no customers banking data. The server room has guards and all authorized employees are verified by the security, the server holds the most critical business process, unauthorized access to the server room may lead to major system damage. The guards switch over their duty 12 hourly. Global Tech website contents have been verified by the senior staff as well as proper check has been made on the client-server sessions to avoid website crash. The contents of the website mostly related to the general information about the products for sale, as sale and purchase has been done through third party. Furthermore, the firewall rules are updated occasionally so there might be a chance of DOS attack. Customers banking data has been stored on the SAN storage, this data is encrypted but there are chances leakage as salt and encryption are not added to the customer credentials. It has been observed that SAN storage system is under constant threat due to increase online shopping, as hackers likely attempt it as a customer. This leakage might be complete mission failure for the Global Tech. You are required to assess the risk of the following IT assets in your facility with proper justification and scoring. Asset Vulnerability P I R Work station Weak authentication Server Unauthorized access to the server room Website Firewall configured properly and has good DDOS mitigation SAN storage system Data protection but contains error P=Probability I=Impact R=Risk Following criteria can be used to for the risk assessment Probability: 5: Frequent 4: Likely 3: Occasional 2: Seldom 1: Unlikely Impact: 4: Catastrophic: Complete mission failure, death, bankruptcy 3: Critical: Major mission degradation, major system damage, exposure of sensitive data 2: Moderate: Minor mission degradation, minor system damage, exposure of data 1: Negligible: Some mission degradation
Global Tech is a website for online selling of the sports goods. The employees authentication
Global Tech website contents have been verified by the senior staff as well as proper check has been made on the client-server sessions to avoid website crash. The contents of the website mostly related to the general information about the products for sale, as sale and purchase has been done through third party. Furthermore, the firewall rules are updated occasionally so there might be a chance of DOS attack. Customers banking data has been stored on the SAN storage, this data is encrypted but there are chances leakage as salt and encryption are not added to the customer credentials. It has been observed that SAN storage system is under constant threat due to increase online shopping, as hackers likely attempt it as a customer. This leakage might be complete mission failure for the Global Tech.
You are required to assess the risk of the following IT assets in your facility with proper justification and scoring.
|
Asset |
Vulnerability |
P |
I |
R |
|
Work station |
Weak authentication |
|
|
|
|
Server |
Unauthorized access to the server room |
|
|
|
|
Website |
Firewall configured properly and has good DDOS mitigation |
|
|
|
|
SAN storage system |
Data protection but contains error |
|
|
|
- P=Probability
- I=Impact
- R=Risk
Following criteria can be used to for the risk assessment
Probability:
5: Frequent
4: Likely
3: Occasional
2: Seldom
1: Unlikely
Impact:
4: Catastrophic: Complete mission failure, death, bankruptcy
3: Critical: Major mission degradation, major system damage, exposure of sensitive data
2: Moderate: Minor mission degradation, minor system damage, exposure of data
1: Negligible: Some mission degradation
Step by step
Solved in 4 steps
