Risk Assessment Assignment
Step 1 Assessment of Assets
In this scenario of the becoming company, there are many assets. The hardware in place includes a Dell OptiPlex 390 computer that uses software that has Microsoft Windows 7 professional edition included with the canned software including the Microsoft Office, along with an 8x5 support and maintenance contract that allows her to upgrade her software at a reduced rate. On this computer, all business transactions and invoices are stored. She also has a Point of Sales computer from InitiaTek. The POS software runs Windows 7 in the Microsoft Virtual PC virtual machine. The configuration of the POS system consists of self-contained cash drawer and sales register and tabulation and transaction software, written in C#. NET. This system is networked over the wireless network to the back office computer, also using WEP. The software is also able to record all transactions to the back office computer into the Microsoft Access database. In addition to that, she has a custom program for accounting. All business records and invoices are stored in Microsoft Word as documents or as text files. Other hardware items include a fax machine and a printer.
Step 2 Assess the Vulnerability
Information on the back office computer is vulnerable for many reasons. Allowing access to the computer to all of the employees makes for all information to be accessible. She also does not back up her files in any way and does not secure her information with any encrypted files or any extra security measures. The only security measure that is in place is her Administrator password, which is extremely weak. Her staff can login using an Assistant account to do basic things but if the need to work on a project that requires more programs they would have to use the Administrator account. The Internet connection is WEP encrypted but again, has a weak password.
Step 3 Assess the Probability and Severity of Damage
After reading and analyzing this scenario, there is an
In this scenario of the becoming company, there are many assets. The hardware in place includes a Dell OptiPlex 390 computer that uses software that has Microsoft Windows 7 professional edition included with the canned software including the Microsoft Office, along with an 8x5 support and maintenance contract that allows her to upgrade her software at a reduced rate. On this computer, all business transactions and invoices are stored. She also has a Point of Sales computer from InitiaTek. The POS software runs Windows 7 in the Microsoft Virtual PC virtual machine. The configuration of the POS system consists of self-contained cash drawer and sales register and tabulation and transaction software, written in C#. NET. This system is networked over the wireless network to the back office computer, also using WEP. The software is also able to record all transactions to the back office computer into the Microsoft Access database. In addition to that, she has a custom program for accounting. All business records and invoices are stored in Microsoft Word as documents or as text files. Other hardware items include a fax machine and a printer.
Step 2 Assess the Vulnerability
Information on the back office computer is vulnerable for many reasons. Allowing access to the computer to all of the employees makes for all information to be accessible. She also does not back up her files in any way and does not secure her information with any encrypted files or any extra security measures. The only security measure that is in place is her Administrator password, which is extremely weak. Her staff can login using an Assistant account to do basic things but if the need to work on a project that requires more programs they would have to use the Administrator account. The Internet connection is WEP encrypted but again, has a weak password.
Step 3 Assess the Probability and Severity of Damage
After reading and analyzing this scenario, there is an