Security Risk Analysis and Assessment Report - 1093 Words

All of the operating system (OS) log files were examined for any suspicious activity. The event logs which were searched were application, security, setup, system, as well as applications and services. According to Sunil Gupta (2013), â€Å"Windows has the ability to generate a detailed audit record of security events on each system. Windows logs events for the two types of security Accounts: Computer and User for their logon and authentication â€Å"(p.21). The application log was searched for errors and events of programs and applications. Security logs were checked for log-ins to the device and the manipulation of files and folders. Setup logs were searched for information on what programs were installed on the device. System logs provided†¦show more content†¦This type of exploitation of web browser technology poses a persistent vulnerability in network security, and for that reason it is important that employees do not become the victim of such an attack. According to Will Dormann and Jason Rafail, â€Å"Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer† (2008). After this phase of the investigation was completed, the targets were interviewed for their input on why the penetration testers were successful or failed to obtain sensitive information. The risk of a breach due to an insider is something that Cybercom must consider and have measures in place for. Some of the vulnerabilities associated with an insider attach include the setting up of a rogue access point and the use of thumb drives. A rogue WiFi access point setup near an external wall could be used to access the network from outside the facility, and thumb drives can be used to steal data, keeping it in a small, easy to conceal medium. According to Kelly Jackson Higgins, â€Å"The difference with insiders is they can inflict measurable financial, measurable IP, measurable brand and reputation damage -- more so than an outsider can† (2012). Analysis Of the Threats identified, three were deemed to be the most crucial to address;Show MoreRelatedSystem Analysis and Recommendation Report of Natividad Medical Center859 Words   |  3 PagesSystem analysis and recommendation report In this section, I present a system analysis and recommendation report on the Natividad Medical Centers Hospital Computer Information Systems (HCIS) network and its hospital-grade systems infrastructure and technology components. The system analysis report details the findings of the system analysis in the part of system vulnerability/risk assessment as a critical component of the security plan. Why the system vulnerability/risk assessment was carriedRead MoreReport on the Security System at Natividad Medical Center1227 Words   |  5 PagesSecurity plan This final part of the project contains an in-depth and comprehensive report on the security system at Natividad Medical Center. Using relevant peer-reviewed and technical reports, I devise an analysis plan that explains thoroughly, how I will analyze as well as evaluate Natividad Medical Centers Hospital Computer Information Systems (HCIS) network and its hospital-grade systems infrastructure and technology components. In this comprehensive report, the details of what is going toRead MoreManaging Information Security Risks: The Octave Approach1635 Words   |  6 PagesAlberts, C. Dorofee, A.(2003) Managing Information Security Risks: The OCTAVE Approach. New York: Addison Wesley. This work is a descriptive and yet process-oriented book on the concept of security risk assessment with a specific focus on new risk evaluation methodology, OCTAVE. The term OCTAVE is used to denote f Operationally Critical Threat, Asset, and Vulnerability Evaluation SM.It is important that organizations conduct a security risk evaluation in order for them to effectively evaluateRead MoreRisk Analysis : Risk Assessment1647 Words   |  7 Pages Risk Analysis Methodologies By: Cressandra R Dull Professor Hughbank HLSS505 Security Risk Management Throughout the many different types of establishments that currently exist today, there are risk assessments methodologies which are used to estimate or determine risk. According to the Department of Homeland Security (DHS) Risk Lexicon (2010), risk assessment methodologies are defined as, â€Å"set of methods, principles, or rules used to identify and assess risk and to form prioritiesRead MoreElectronic Protected Health Information On The Confidentiality, Integrity, And Availability Of The Electronic Protection Essay865 Words   |  4 PagesI. Purpose To establish guidelines to assess and analyze potential risks and vulnerabilities to the confidentiality, integrity and availability of the electronic protected health information that Topaz Information Solutions, LLC (Topaz) creates, uses, processes and transmits. II. Scope and Limitations This policy applies to all Topaz workforce members. III. Related Policy Names and Numbers Privacy Policy (COM-001) Security Policy (COM-002) Disclosure Policy (COM-003) IV. Definitions ElectronicRead MoreCase Study : Strengths And Weaknesses1447 Words   |  6 Pagesbackup every day Strength Data Security FFC has no formalized security awareness programs related to data security Weakness System Development FFC adopted Structured System Analysis and Design Methodology. Strength Data Security Application programmer could not access the computer room unless the data center personnel have permitted them. Strength Change Management FFC have formal procedure for change management Strength Data Security FFC has an appropriate IT security policy that VP, IS could knowRead MoreA Brief Note On Idaho State University ( Isu ) Essay731 Words   |  3 PagesIdaho State University (ISU) controlled and managed the security for twenty-nine outpatient clinics. Thus, one would expect that all the health information would be protected. Four to eight of these facilities were required to follow HIPAA Privacy and Security Rules. However, they failed to do this efficiently especially at the ISU’s Pocatello Family Medicine Clinic (HHS.gov, 2013a). As a result, ISU reported a breach to their system to the U.S. Department of Health Human Services (HHS) Office ofRead MoreMcdonald s Risk Assessment Policies And Procedures1216 Words   |  5 Pages RISK ASSESSMENT POLICIES AND PROCEDURES DATE: 1-1-201X TO: ASSESSOR FROM: Mr.ABC Introduction: This report is about McDonalds’s risk assessment policies and procedures. We have done technical analysis of policies, procedures, guidelines, strengths, weaknesses, legal and legislation requirements of McDonalds. This report summarizes our work to make it convenient for you to understand McDonalds’s risk assessment plan. MCDONALD’S RISK ASSESSMENTRead MoreCase Study : Area Risk Assessment862 Words   |  4 PagesITGC Area Risk Assessment IT Management Low Systems Development Low Data Security Medium Change Management Low Business Continuity Planning High Alexandra DeHaven IT General Controls ITGC Area Summary of Issue Strength or Weakness IT Management FFC has an IT strategic plan Strength IT Management FFC has an IT Steering Committee Strength IT Management VP Information Security reports to CIO Weakness IT Management FFC plan matches IT plan Strength IT Management VP Applications reports to CIO WeaknessRead MoreWhat Role Does Risk Management Play Within The Homeland Security Enterprise?1186 Words   |  5 PagesWhat role does risk management play within the homeland security enterprise? To answer that question we first have to examine what risk management is. Risk management is an anaclitic approach to figuring out the likelihood that an event will impact a specific assets, person, or function and then implementing steps to mitigate the impact or consequence of the event. (Decker, 2001) The Standard risk management formula that the Department of Homeland Security uses is R=T*V*C or Risk = Threat * Vulnerability