What fills security gaps and software weaknesses

Project Part 1-Task 2 – Risk Assessment

Course: Information Security and Risk Management (ISOL533-03)

Name: Sai Vishal Goud Muddam

Student ID: 002852328

Instructor: Dr. Amelia Phillips

EXECUTIVE SUMMARY

One of the most important first steps to risk management plan is to identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountability for risk management.

The Risk Management plan covers the Risks, Threats, and weakness of the Health Network, Inc. (Health Network)

Risk Management plan: Risk Management is the process of reducing the risk of harm to the patients, staff, and associations. It includes exercises that encompass preventive action or mitigation of events to reduce poor results, or financial and proficient loses.

Risk Assessment: All risks recognized will be assessed to perceive the extent of possible undertaking results. Capacity will be used to make sense of which risks are the top priority to look for after and respond to and which threats can be ignored. The likelihood and impact of occasion for each recognized risk will be assessed by the undertaking chief, with commitment from the project team using the going with system. The purpose of risk assessment incorporates the avoidance related risks, and this should constantly be the goal, it won't commonly be attainable by and by. Where transfer of risks is past the domain of creative ability, the risks should be reduced, and the remaining risks should be controlled. At a later stage, as a noteworthy part of a study program, such leftover risk will be reassessed and the probability of transfer of the risk.

Follow these risk management steps to improve your risk management process:

Plan: understanding the authoritative objectives, external and internal condition.

Identify the risk: When you and your team have accumulated possible issues, make a project risk log or undertaking risk enroll for clear, after and checking of dangers all through a project. A project risk log, moreover, insinuated as an undertaking risk enlisted, is a fundamental piece of any compelling danger the board procedure. As a persistent database of each undertaking potential risk's, it empowers you administer current dangers just as fills in as a sort of viewpoint point on past errands as well. By laying out your risk register with the best possible information focuses, you and your group can rapidly and accurately identify and assess possible threats to any project.

Analyze the risk: During this progression, your team will evaluate the probability and fallout of each hazard to pick where to focus first. Elements, for instance, potential money related misfortune to the affiliation, time lost, and seriousness of impact all have an impact in looking at each hazard. In putting each hazard under the amplifying instrument, you'll also uncover any fundamental issues over an endeavor and further refine the risk management process for future activities.

Respond: At the point when every single reasonable course of action is recorded, pick the one that is well while in transit to achieve needed outcomes. Find the required resources, for instance, work power and financing, and get the essential buy in. Senior organization will likely need to confirm the game plan, and associates ought to be instructed and arranged if indispensable. continuously Set up a formal system to execute the game plan truly and dependably over the affiliation and stimulate specialists.

Monitor: Here we must play out the correspondence among the team and accomplices is essential with respect to persistent observing of potential risks. Furthermore, remembering that it may feel like you're gathering felines every so often, with your risk management process and its relating project risk register set up, checking those moving targets advances toward getting to be something besides unsafe business.

RISKS - THREATS – WEAKNESSES WITHIN EACH DOMAIN

User Domain: Any client who can access to our organization data systems comes into this domain.

Risks: At the point when User gets angry can devastate and erase every one of the information in application. Most likelihood of visiting the hazardous sites and download and introduce the malicious software. unknowingly without their insight bring virus from USB drives which infects different PCs and whole organization.

WorkStation domain: Workstation is only a client's PC like desktop, laptop which worked under the network.

Risks: Workstation is vulnerable and open to malicious software. If the system is infected malware may infect single system or entire organization through network and failure of hard drive may cause losing the data. We should refresh patches to the operating system, software and antivirus up to date.

LAN Domain: Lan refers to local area network is a group of computers, routers, switches connected to a trusted network zone within the firewall.

Risks: Any virus enters through Lan infect all the systems. Date which is transferred outside of network is not secure. Attackers uses sniffers to capture and read all the data within the packets.

LAN to WAN Domain: Domain which connects the local area network to wide area network by providing the firewalls and boundary protection between trusted and untrusted zones.

Risks: An unnecessary open of firewall ports gives a way for hackers to access the internet from outside using a public IP address. Heavy flow of incoming and outgoing packets of traffic may reduce the performance issues.

WAN Domain: Defines wide area network which uses semiprivate lines from telecommunication companies.

Risks: Servers may receive the cyber-attacks (DOS) by hackers who wants to make system and network unavailable to users. Moreover, chances of security risks are high while uploading the software’s through FTP.

System / Application Domain: Domain refers to a server which hosts a user access application like database, oracle, mail servers WebSphere.

Risks: Because of security gaps and software weakness servers might receive a cyber-attack by attacker who wants to corrupt and destroy the data.

Remote Access Domain: Domain which refers to users who works remotely from their private network over a public network through VPN.

Risks: Remote access is the easy way of accessing the unprotected connections by attackers. Chances are high while authentication (credentials)and data transfer through VPN.

Risk – Threat - Weakness

Domain Impacted

Risk Impact / Factor

Risk: Chances are high while authentication (credentials)and data transfer through VPN. Threat : It is easy way of accessing the unprotected connections by attackers. Weakness : Unauthorized access from public internet

Remote Access Domain

2 Major

Risk : Because of security gaps and software weakness servers might receive a cyber-attack by attacker. Threat : Users who have full access to data lead to data manipulation. Weakness : Doctor destroys data in application, deletes all files, and gains access to internal network

System/Application

1 Critical

Risk : An unnecessary open of firewall ports gives a way for hackers to access the internet from outside using a public IP address. Threat : Hacker penetrates IT infrastructure through modem bank and gain access to internal network. Weakness : Hacker penetrates IT infrastructure through modem bank

LAN – to - WAN

1 Critical

Risk : Most likelihood of visiting the hazardous sites and download and introduce the malicious software. Threat : Unknowingly without their insight bring virus from USB drives which infects different PCs and whole organization. Weakness : A technician inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

User

3 Minor

Risk : Any virus enters through Lan infect all the systems. Date which is transferred outside of network is not secure. Threat : Attackers uses sniffers to capture and read all the data within the packets Weakness : LAN server OS has a known software vulnerability

LAN

3 Minor

Risk : If the system is infected malware may infect single system or entire organization through network and failure of hard drive may cause losing the data Threat: Workstation is vulnerable and open to malicious software Weakness : Unauthorized access to organization-owned workstations

Workstation

1 Critical

Risk : Servers may receive the cyber-attacks (DOS) by hackers who wants to make system and network unavailable to users Threat : Security risks are high while uploading the software’s through FTP. Weakness : Service provider has a major network outage

WAN

1 Critical

Risk : Chances are high while authentication (credentials)and data transfer through VPN Threat : It is easy way of accessing the unprotected connections by attackers. Weakness : Remote communications from office

Remote Access Domain

2 Major

Risk : Servers may receive the cyber-attacks (DOS) by hackers who wants to make system and network unavailable to users Threat : Security risks are high while uploading the software’s through FTP. Weakness : Communication circuit outages

WAN

2 Major

Risk : Because of security gaps and software weakness servers might receive a cyber-attack by attacker Threat : Users who have full access to data lead to data manipulation Weakness : Denial of service attack on organization’s e-mail server

System/Application

1 Critical

Risk : Most likelihood of visiting the hazardous sites and download and introduce the malicious software. Threat : Unknowingly without their insight bring virus from USB drives which infects different PCs and whole organization Weakness : Intraoffice employee romance gone bad

User

3 Minor

Risk : If the system is infected malware may infect single system or entire organization through network and failure of hard drive may cause losing the data Threat : Workstation is vulnerable and open to malicious software Weakness : Workstation operating system (OS) has a known software vulnerability

Workstation

3 Minor

Risk : Any virus enters through Lan infect all the systems. Date which is transferred outside of network is not secure Threat : Attackers uses sniffers to capture and read all the data within the packets Weakness : Need to prevent rogue users from unauthorized WLAN access

LAN

3 Minor

Risk : An unnecessary open of firewall ports gives a way for hackers to access the internet from outside using a public IP address Threat : Hacker penetrates IT infrastructure through modem bank and gain access to internal network Weakness : Weak ingress/egress traffic-filtering degrades performance

LAN – to - WAN

1 Critical

Risk : Because of security gaps and software weakness servers might receive a cyber-attack by attacker Threat : Users who have full access to data lead to data manipulation Weakness : Loss of production data server

System/Application

1 Critical

Compliance Laws and Regulations

Health Network, Inc must comply with explicit laws and regulations to guarantee information security. Basically, the organization must exhibit the centrality of shielding information regarding all the customer. Moreover, with most organizations, the laws of government information security the official's security data regarding all the clients. Similarly, with most organizations, the laws of government information security the board showing are fundamental and Health Network, Inc. Must submit to them. FISMA helps relationship in ensuring that their information is secure. Medical coverage likelihood and duty act is the laws that Health Network must kept up due to the information set away in HNetExchange, HNetPay, and HNetConnect. HIPPA laws are basic in verifying wellbeing information. Moreover, Health Network must ahere to Work Health and security Act, Privacy Obligations and Government Information Act. Also, Payment card industry information security standard, Public interest disclosure, and state records act are vital.

References:

The seven domains of a typical IT Infrastructure. (n.d.). Retrieved from https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/

(n.d.). Retrieved from https://stevevincent.info/ITS305_2016_2.htm

What is Risk Management? What are the 5 Risk Management Steps in a Sound Risk Management Process? (2018, December 24). Retrieved from https://www.managementstudyhq.com/risk-management-steps-in-risk-management-process.html

Dcosta, A. (2018, November 18). An Example of a Risk Management Plan for Use on Any Project. Retrieved from https://www.brighthubpm.com/risk-management/5141-risk-management-plan-examples/