This document consists of 23 Threats and Vulnerabilities that you can use in almost every scenario. These covers all content of Learning Aim A of Unit 11 spec. I wrote down 19 of these in my exam and got full marks. You'll have to change the 'Probability', 'Potential size of loss / impact level' an...
Threat 1
number.
Risk severity. Extreme
Threat title. Network is vulnerable to virus attacks because the anti malware
software isn’t up to date and configured.
Probability. Very likely because guests and staff are surfing the internet and
receiving emails, meaning the network will pick up a virus at
some point.
Potential size Major because once the virus in installed on the network then it
of loss / could slow down the network by taking all of the storage space or
impact level. lock all the PCs depending on the type of virus.
Explanation As there is mention of anti malware / anti virus software in the
of the threat scenario, we can assume that is none in place currently. Due to
in context. the fact that users are surfing the internet and receiving emails
from clients and guests, it is likely that the system will pick up a
virus at some point if not already, because some of the emails
might be phishing attempts or users accidentally visiting an
untrusted website which downloaded malware onto the network.
Moreover, a malware might be currently in the network but
because there is no anti malware software currently installed, the
company might be unaware of that. This means all of company’s
data is under risk of being stolen.
Threat 2
number.
Risk severity. High
Threat title. Only one server available, No backups
Probability. Likely because the server will fail at some point as its
mechanical.
Potential size Major because if the server goes down, the company won’t be
of loss / able to save anything in server and any changing in the data will
impact level. be lost.
Explanation of The server stores confidential information about the company,
the threat in employees and customers. If it fails, then that means employees
context. and company will not be able to access the information that is
stored on the server and any changing in data will be lost. If the
data gets deleted either intentionally or accidentally, the company
will not be able to restore the data as there is no backup server
available. The lost data might have the company trade secrets
and other confidential information that is very vital for the
company. If data gets lost, this could lead the business to suffer
reputational and income loss as well as getting sued for not being
able to protect the customer information according to GDPR
Threat 3
number.
, Risk severity. Extreme
Threat title. Data stored on server is readable to everyone
Probability. Very Likely because if the server is hacked then the hacker can
read the data easily as its not stored in an encrypted format
Potential size Major because server has confidential information about
of loss / customers and company’s trade secrets, if these gets stolen then
impact level. the business will have to suffer several consequences
Explanation of Server stores confidential information about customer and trade
the threat in secrets of company. If this data gets stolen, then hacker can read
context. it easily due to the fact that it’s not stored in an encrypted
format. As there is no mention of encrypting the confidential data
stored on server, we can assume that its not. After stealing the
data, hacker can then use stolen data for fraudulent purposes for
financial gain or reveal the information online to damage
company’s reputation.
And because company don’t have any proper backups this means
any stolen data won’t be able to recover and any changes made
in the data will be lost. (only applies depending on scenario)
Threat 4
number.
Risk severity. High
Threat title. Files and Folders are not stored in Encrypted format
Probability. Likely because someone can get access to user’s PC using a
virus/infected links or a grudged employee may get access to
some other employee’s PC if its left unattended/unlocked
Potential size Major because if the hacker or intruder get access to a high
of loss / privileged employee’s PC then he can access all the files on the
impact level. PC as they aren’t encrypted.
Explanation of Just like the data stored on server isn’t encrypted, the files and
the threat in folders in employees and admin’s computer is not stated to be
context. encrypted either. This means if the hacker somehow gets access
to the admin or employee’s PC which can be done via infected
links that installs keylogger onto the PC when clicked or a
grudged employee getting access to another high privileged
employee’s PC, after getting access to the PC the hacker can
easily read, copy, modify or delete the files and folders on that
device as its not encrypted. Otherwise it will be hard for him to
get access to the information as it would require a decryption key
which is hard to generate.
Threat 5
number.
Risk severity. High
Threat title. Wi-Fi connection is not encrypted; Outdated Protocols Used
Probability. Likely because the data transferring through Wi-Fi would be
unencrypted and can be intercept very easily since its readable to
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur Saim. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour $14.38. Vous n'êtes lié à rien après votre achat.
