Professional Documents
Culture Documents
Table of Contents
Introduction to the Case......................................................................................................................................2
The Company......................................................................................................................................................2
Information technology department....................................................................................................................2
RISK DETERMINATION PHASE.....................................................................................................................3
Assets and owners...........................................................................................................................................3
Asset Value.....................................................................................................................................................4
Identify threats to Assets and their Likelihood................................................................................................5
Identify Vulnerabilities and the Likelihood of their Exploitation by the Identified threats..............................6
Describe Risks to the Assets based on Points (1, 2, 3).....................................................................................7
Evaluate Risk based on Point (5).....................................................................................................................7
SAFEGUARD DETERMINATION PHASE..................................................................................................7
Define the recommended Controls and Safeguards based on the 20 critical security controls.....................7
Determine the residual likelihood of occurrence if control and safeguard are implemented........................8
Determine residual severity of impact if candidate control and safeguard are implemented.......................9
Determine residual risk levels.....................................................................................................................9
References.........................................................................................................................................................10
PROJECT REQUIREMENTS
Introduction to the Case
Risk Management in IT is the key aspect of the business process of Smart Solutions Company, and its
major purpose is to manage risks in a commercial firm. The risk management conducted on a
business might potentially handle the aggregate data as well as ensure efficiency and efficient
operations of the corporation. This study targets at supporting the firm in analyzing the degree of
acceptance and also the general security demands. The company might move on to advance processes
for monitoring and deployment to solve and also lessen the danger levels in the firm. The aftermath
of this examination is the reconnoitering the organization level by analyzing the structure and
management of the corporation. Several factors will be discussed concerning selection,
administration, as well as the employment of IT services. These include of; service provider
credentials, expertise, operational needs, service organization, and the trustworthiness of the supplier.
The Company
As a notable organization, Smart Solutions provides a wide range of commercial strategic units, such
as retail, manufacturing, tourism and commerce with coherent ICT services. Profits for the company
are generated via the development and maintenance of various tools. It also produces procurement
and supply chain management technologies that benefit other firms in their commercial activities by
facilitating speed and efficiency. Despite the fact that the firm has 600 employees and many locations
all throughout the nation, the database servers are kept on-site at the main office. The company's
business strategy is based on automated interactions with key suppliers and customers. The Microsoft
Azure cloud platform is used by Smart Solutions Co. to handle internal and external transactions and
communications. A total of 25 internal apps and 250 external trade partners are linked to the
company. Processing capacity is expected to reach 1.8 million documents per week by 2021, up from
the present 1.3 million.
Building CEO
Datacenter CIO
Asset Value
Identify threats to Assets and their Likelihood
It's a good idea to categories key resources. An investigation of how a danger grows over time should
be tough. Denial of service assault, surveillance, and data vulnerability are among the threats that
might emerge. Here are some recent occurrences that have been documented in the media during the
last several months.
500 customers' accounts were compromised in an attack on the company's internal
network, according to a call notice. Employee PCs were reportedly the target of a
cross-site scripting assault.
Social engineering, malware, key loggers, or Trojans were used to gain access to a
senior management e-mail account.
In the middle of the day, when most transactions were taking place, one of the
Microsoft Azure servers failed to react. Even though there is an automated system
in place to take over if one of the servers fails, it didn't work out that way. In the
course of an investigation, a network team member discovered that the network
fault was not responsible for forcing the redundant server to take over. His inability
to address the problem quickly led to a large number of failed transactions and a
corresponding loss of income.
Linux-based systems are maintained by a security team using Windows. The
company's internal network was infected by malware.
One of our employees detected some unusual activity on a server and alerted
management.
A problem had been discovered, and the security team convened a meeting to
discuss it. The gathering drew around 30 people, which caused a great deal of
chaos.
An internal audit showed that the security team utilized a wireless connection to
handle various devices such as firewalls and intrusion detection systems.
In the workplace, a person wandering about who did not seem to be an employee
or a partner vendor engineer or support was seen by the company's security officer.
The company's safety and security is a top priority for the leadership. They are
concerned about privacy, identity theft, social engineering, and the actual theft of
any electronic item.
Threat Likelihood
Hacker Attack High
Loss of data from virus infection. High
Lack of encryption. low
Exposure is a threat action whereby sensitive High
data is directly released to an unauthorized
entity.
E-mail Spoofing. High
Espionage on the company. High
DoS attacks. Low
servers failed Moderate
References
Ruan, K. (2017). Introducing cybernomics: A unifying economic framework for
measuring cyber Risk. Computers & Security, 65, 77-89.
Travis Smith, AUG 22, 2018.Center for Internet Security (CIS) Controls: Your
Complete Guide of the Top 20. www.tripwire.com
Mike Orcutt, April 25, 2018. How secure is blockchain? It turns out "secure" is a
funny word to pin down. https://www.technologyreview.com/2018/04/25/143246/how-
secure-is- blockchain-really/
Saleh, M. S., & Alfantookh, A. (2011). A new comprehensive framework for
enterprise information security risk management. Applied computing and
informatics, 9(2), 107- 118.
Whitman, M. E., & Mattord, H. J. (2011). Principles of information security.
Cengage Learning.
Citu, A. (2017). Adventures in the programming jungle.Secure software concepts;
General Security Concepts. https://adriancitu.com/tag/risk-management/
Contributor, J. M. (2014). Five steps to determine residual Risk during the
assessment process: https://searchcompliance.techtarget.com/tip/Five-steps-to-
determine-residual-risk-during- the-assessment-process
Evans, L. (2016). Protecting information assets using ISO/IEC security standards.
Information Management, 50(6), 28.
Kelchner, Luanne. (2020, April 8). What Are the Duties of an IT Department?.
www.Careertrend.com. Retrieved from https://careertrend.com/13374589/what-are-
the- duties-of-an-it-department
Lotte Schou-Zibell, N. P. (2018, April). How secure is blockchain? Retrieved from
World economic forum: Retrieved from
https://www.weforum.org/agenda/2018/04/how-secure- is-blockchain/
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards:
guidelines for effective information security management. CRC Press.