IT help needed
LEARNING TEAM, VULNERABILITIES AND THREAT PAIRS 5
Learning Team, Vulnerabilities and Threat Pairs
Ramell Watts team
CMGT/430
AFSHIN SARDARYZADEH
26 Jul 17
Learning Team, Vulnerabilities and Threat Pairs
Example of the A case study that I have selected is that of ‘curbing phishing’ from the FedEx organization. The CEO of the FedEx organization has requested a firm security plan from my team.
FedEx endeavors to be a front-runner in all phases of client gratification. We comprehend that our clients take a very important part in guarding themselves and aiding protect cyber space, and we need to do everything we can to aid them (Khoo, Harris, & Hartman, 2010). The difficulty of guarding the reputation of the firm and doing commercials in the cyber space has never been easy, with the detonation of e-commerce and the generality of scammers and hackers manipulating those straits. FedEx has reacted to this trial by presenting two customer-focused enterprises: the Email Security Program and the FedEx Client Protection Center (Mather, Kumaraswamy, & Latif, 2009).
The initial phase I will form an enterprise safety plan to recognize the exact vulnerabilities and the associated dangers encountering the organization. I will create a data safety vulnerabilities with associated dangers significant to the association.
Vulnerability | Threat | Probability | Impact | Suggested Mitigation Steps |
Business Continuity Plan | Availability |
|
|
|
Software vendors change ownership/out of business | Availability |
|
|
|
CSRF Vulnerability | Confidentiality | |||
IDS (Intrusion Detection System) | Integrity | |||
Unpatched Antivirus | Integrity/Stability | |||
Employee Control Access for terminated accounts. | Accessibility | |||
Data encryption | Confidentiality | |||
Cache Poisoning | Availability | |||
Denial of Service | Availability | |||
Unpatched systems | Confidentiality, Availability, & Integrity | |||
Microsoft Silverlight 5 vulnerability | Availability/Confidentiality | |||
Hardware-related Failure | Physical | |||
Unsecure wireless network | Confidentiality | |||
Keystroke logging | Confidentiality | |||
Software bugs and faulty design | Integrity |
References
Khoo, B., Harris, P., & Hartman, S. (2010). Information security governance of enterprise information systems: An approach to legislative compliant. International Journal of Management and Information Systems, 14(3), 49.
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy: an enterprise perspective on risks and compliance. " O'Reilly Media, Inc.".