Risk Assessment - Alliance Finance

ICT 4009 - IT Contingency Planning
Risk Assessment Report

Alliance Finance Co PLC.
Students -
Registration No.
Index No.
M.A.S.S Malwattha
2010/ICT/052
10020527
W.A.L.T.C Weliwita
2010/ICT/072
10020721
This report is an outcome of the risk assessment conducted on Domain Controller System, at
Alliance Finance Co PLC. Ward pl. Colombo.
Risk Assessment Alliance Finance
Acknowledgement
Firstly, we would like to thank Mr. Athula Samarasinghe for giving us the opportunity to
participate in this assessment and providing us with the knowledge, guidance and motivation
to successfully complete this task. Secondly, would like to show our gratitude to the Alliance
Finance employees who supported us in carrying out the risk assessment. Finally, our sincere
gratitude goes to all the parties who aided and motivated us in this regard.
Table of Contents
Acknowledgement ..................................................................................................................... 1
List of Tables ............................................................................................................................. 3
1. Introduction ............................................................................................................................ 4
1.1 Purpose ............................................................................................................................. 4
1.2 Scope ................................................................................................................................ 4
1.3 Audience........................................................................................................................... 4
2. Risk Assessment Approach and Methodology ...................................................................... 6
2.1 Risk Assessment Process ................................................................................................. 6
2.1.1 Phase 1 - Pre-Assessment .......................................................................................... 6
2.1.2 Phase 2- Assessment .................................................................................................. 7
2.1.3 Phase 3 Post Assessment ...................................................................................... 11
3. System Characterization ...................................................................................................... 12
3.1 Functional Description ................................................................................................... 12
3.2 System Environment ...................................................................................................... 12
3.3 System Users .................................................................................................................. 14
3.4 System Dependencies ..................................................................................................... 14
3.5 Supported Programs and Applications ........................................................................... 15
4. Information Sensitivity ........................................................................................................ 16
4.1 Sensitivity ....................................................................................................................... 16
4.2 Protection Requirements ................................................................................................ 17
4.2.1 Protection Requirement findings ............................................................................. 17
5. Identification of Vulnerabilities, Threats and Risks ............................................................ 19
6. Control Analysis .................................................................................................................. 26
7. Risk Likelihood & Impact Determination ........................................................................... 27
8. Overall Risk Determination & Recommendations .............................................................. 38
List of Tables
Table 2.1 Risk Likelihood Definitions (1) ................................................................................. 8
Table 2.2 Risk Likelihood Definitions (2) ................................................................................. 9
Table 2.3 Risk Impact Definitions ............................................................................................. 9
Table 2.4 Risk Level Definitions ............................................................................................. 10
Table 2.5 Overall Risk Rating Matrix...................................................................................... 10
Table 3.2 Host Characterization Components ......................................................................... 13
Table 3.3 Domain Controller System Users ............................................................................ 14
Table 4.1 Domain Controller Information Type ...................................................................... 16
Table 4.2 Definitions for C/I/A Ratings .................................................................................. 16
Table 5.1 Vulnerabilities, Threats, and Risks .......................................................................... 19
Table 6.1 Risk Controls in place/planned for domain controller ............................................. 26
Table 7.1 Risk Likelihood & Impact ratings ........................................................................... 27
Table 8.1 Overall Risk Rating ................................................................................................. 38
1. Introduction
Information systems are vital elements in most businesses since they are essential to carry out
business operations smoothly. If there are disruptions to these information systems, the
business couldnt be able to continue as it was. Due to the disruptions to the business, there
will be tangible losses such as financial/profit loss as well as intangible losses like loss of
customer goodwill. Thus, it is critical that these systems are able to operate effectively
without excessive interruption.
IT contingency planning supports by reactively and proactively safeguarding the information
systems and related assets from wide range of risks. IT contingency planning refers to a
coordinated strategy involving plans, procedures, and technical measures that enable the
recovery of information systems, operations, and data after a disruption. Risk assessment is
one of the critical activity in IT contingency planning where the system characteristics and
risks are identified and evaluated. Remedial measures are suggested based on the type of the
risk and their impact.
1.1 Purpose
The purpose is to identify how Alliance Finance has implemented their IT contingency
plans. In addition, we hope to identify the existing vulnerabilities of the domain controller
system and suggest preventive controls and strategies as well as discuss their effectiveness.
1.2 Scope
This report examines the current hardware, software, operating systems and critical data in
domain controller system. Furthermore, identify the vulnerabilities and suggest remedial
measures and reflect on their effectiveness.
1.3 Audience
This document is primarily aimed for system administrators responsible for information
systems or security at system and operational levels as well as for higher level managerial
personnel who coordinate and support information system contingency planning activities.
Managers
Personnel who are responsible for overseeing information system operations or

mission/business processes that rely on information systems.
Chief Information Officers (CIOs)
Personnel who hold the overall responsibility for the organizations information systems.
System engineers and architects
Architects are responsible for designing, implementing, or modifying information systems.
System administrators
The employees who are responsible for maintaining daily information system operations.
2. Risk Assessment Approach and Methodology

The risk assessment conducted followed the guidelines of NIST SP 800-30, Risk
Management Guide for Information Technology System. The assessment is aimed at
assessing the security vulnerabilities affecting confidentiality, integrity and availability of
domain controller server at Alliance Finance.
At the end of this assessment, the risk assessment team recommends security safeguards to
address identified threats and vulnerabilities. The methodology addresses the following types
of controls:
Management Controls: The management level controls were addressed in order to

manage and accept the risks as well as to manage the IT security systems.
Operational Control: Manual security controls implemented to address the physical
access to servers and media safeguards.
Technical Controls: Automated security controls providing protection to applications
and server systems.
2.1 Risk Assessment Process

This section details the risk assessment process performed during this effort. The process is
divided into pre-assessment, assessment, and post-assessment phases.
2.1.1 Phase 1 - Pre-Assessment
Step 1: Define the nature of the risk assessment
This risk assessment effort provides an independent review of the Alliance Finance Domain
control server to help determine the appropriate level of security. On site interviews,
Questionnaires and documentation reviews were taken as the basis for this effort.
Step 2: Data collection
The data collection phase included interviewing key personal responsible for the domain
controller server within the organization and reviewing existing documents. Interviews were
complemented with a questionnaire and focused on system characterization, operating system
and software, access control, authentication, network access control, data integrity and
security, monitoring and logging, Intrusion detection, physical security and backups. The
document review enabled the risk assessment team to evaluate compliance with guidelines
and standards that are adhered.
Step 3: Templates
The following templates were used in this risk assessment effort and are included at the
appendix of this document.
6
Questionnaire - Carnegie Mellon Information Security Office Template

NIST Risk Assessment Template
Old Dominion University Risk Assessment Template
2.1.2 Phase 2- Assessment

Step 1: Document Review
The IT policy documents are reviewed at the beginning of the assessment provided by the
domain controller systems administrator. Furthermore, detailed interview with the system
administrator of the domain controller was carried out to complete the system questionnaire.
This allowed, identifying the system characteristics as well as security threats.
Step 2: System Characterization
In the system characterization step, first, the boundary of the domain controller system was
defined. Then, the hardware, OS/software and network connectivity was identified in order to
describe the system. Additional data on system configuration, backup plan and recovery
related information were gathered as well.
To gather the necessary information, following data gathering techniques were used.
Questionnaire.
A questionnaire was designed to gather the information about the domain controller
system aimed on characteristics of the system as well as the management and operational
controls planned or used for the IT system. The questionnaire was aimed for operational
employees who are designated in maintaining the domain controller system.
On-site Interviews
In order to fill out the questionnaire, on site interview was conducted with the designated
system administrator of the domain controller system. Further, it allowed the auditors to
observe and gather information about the physical, environmental, and operational
security of the IT system.
Document Review
Policy documents were reviewed in addition to the questionnaire and interview, in order
to identify the security policies related to the domain controller system. These documents
provided information about the security controls used by and planned for the IT system.
Step 3: Threat Identification
The NIST SP 800-30 standard is used as the basis for threat identification. The threats which
are more likely to occur, was identified through interviews and questionnaire. A threat is
defined as the potential for a particular threat-source to successfully exercise a particular
7
vulnerability. It is important to identify the threat sources as well as motivations and actions
of these threats that are affected to the domain controller system.
Step 4: Vulnerability Identification
After the threat identification, vulnerability identification was carried out in order to list the
vulnerabilities related to the domain controller system. The NIST SP 800-53, Revision 2,
Security Baseline Worksheet used in documenting the vulnerabilities identified through
interview and the questionnaire.
Step 5: Risk Determination (Calculation/Valuation)
The risk assessment team determined the degree of risk upon a threat being exploited by
vulnerability in this step. The risk for a particular threat was expressed as a function of
likelihood and impact.
Likelihood Analysis
Likelihood is the probability that vulnerability might be exploited in the context of the
associated threat environment.
The following tables defines the likelihood definitions used.
Table 2.1 Risk Likelihood Definitions (1)

Likelihood Likelihood Definition
The threat source is highly motivated and sufficiently capable, and controls
High
to prevent the vulnerability from being exercised are ineffective.
Moderate The threat source is motivated and capable, but controls are in place that may
impede successful exercise of the vulnerability.
The threat source lacks motivation or capability, or controls are in place to
Low
prevent, or at least significantly impede, the vulnerability from being
exercised.
Table 2.2 Risk Likelihood Definitions (2)

Effectiveness
Controls
Low
Moderate
High
of
Probability of Threat Occurrence

Low
Moderate
High
Moderate
High
High
Low
Moderate
High
Low
Low
Moderate
Impact Analysis
The second factor determining the level of a risk is the impact resulting from a successful
exploitation of a prevailing vulnerability. The adverse impact of such successful exploitation
can result in harm to any of the main security goals (Confidentiality, Integrity, and
Availability). Loss of confidentiality can occur from the disclosure of sensitive information
stored in the server. Integrity can be harmed through unauthorized changes to the data stored
in the server. Finally, loss of availability can result from disrupt to server functionality and
operational effectiveness. The following table defines the magnitudes of impacts used.
Table 2.3 Risk Impact Definitions
Magnitude Impact Definition
of Impact
Exercise of the vulnerability (1) may result in the highly costly loss of
High
major tangible assets or resources; (2) may significantly violate, harm, or
impede an organizations mission, reputation, or interest; or (3) may result
in human death or serious injury.
Moderate Exercise of the vulnerability (1) may result in the costly loss of tangible
assets or resources; (2) may violate, harm or impeded an organizations
mission, reputation, or interest; or (3) may result in human injury.
Exercise of the vulnerability (1) may result in the loss of some tangible
Low
assets or resources; (2) may noticeably affect an organizations mission,
reputation, or interest.
In determining the levels of risks the likelihood of a threat, the impact the threat might cause
if the vulnerability is exploited successfully and the adequacy of existing control measures
for reducing and eliminating risks were taken into consideration. According to that, the
following table defines the different levels of risks.
Table 2.4 Risk Level Definitions

Risk
Level
High
Risk Level Definition
There is a strong need for corrective measures. An existing system may

continue to operate, but a corrective action plan must be put in place as soon
as possible.
Moderate Corrective actions are needed and a plan must be developed to incorporate
these actions within a reasonable period of time.
The systems Authorizing Official must determine whether corrective actions
Low
are still required or decide to accept the risk.
Table 2.5 Overall Risk Rating Matrix
Risk Impact
Risk Likelihood
Low
(1)
Moderate
(5)
High
(10)
High
(10)
Low
1 x 10 = 10
Moderate
5 x 10 = 50
High
10 x 10 = 100
Moderate
(5)
Low
1x5=5
Moderate
5 x 5 = 25
Moderate
10 x 5 = 50
Low
(1)
Low
1x1=1
Low
5x1=5
Low
10 x 1 = 10
Step 6: Risk Mitigation Recommendations

The controls that can be used to mitigate or eliminate the identified risks are identified in this
step. Aim of these recommendations is to reduce the level of risk to the domain controller
system and the data contained on it to an acceptable level. The factors that are used in
recommending the controls would be,
Sensitivity of the data and the system

Effectiveness of recommended options
Legislation and regulations
Organizational policy
Operational impact
Safety and reliability
10
2.1.3 Phase 3 Post Assessment

Step 1: Risk Mitigation
Since the total elimination of a risk is impractical, senior management should assess control
recommendations, determine the acceptable level of residual risk, and implement those
mitigations. There are several types of risk mitigation techniques as follows.
Risk Assumption
Accept the potential risk and continue operating the IT system or to implement controls to
lower the risk to an acceptable level.
Risk Avoidance
Eliminate the risk cause and consequences to avoid the risk.
Risk Limitation
Limit the risk by implementing controls that minimize the adverse impact of an
exercising vulnerability.
Risk Planning
Develop a risk mitigation plan that prioritizes, implements, and maintains controls.
Risk Transference
Transfer the risk to a third party by using other options to compensate for the losses
Step 2: Ongoing Monitoring
The milestones to mitigate the risks will be defined and will be used to monitor the successful
completion of the milestones.
11
3. System Characterization
3.1 Functional Description
The domain controller system is a server that responds to security authentication requests
within the server domain in order to allow host access to Windows domain resources. It runs
as a part of the Windows Server 2003 operating system. Access to the domain controller
system is only granted to a few of the selected users who maintain the system. The system
doesnt have interfaces to other systems.
3.2 System Environment

The domain controller is a Dell Power Edge SC430 server running Windows server 2003
Service pack II. The last update to the operating system is version 5.2 build no 3790. Physical
memory of the server is 2GB; the processor is clocked at 2.8 MHz (Intel Pentium D) and the
storage capacity is 80GB. Redundant power supply is being provided to the server through an
Online UPS that can keep the server running for around 15-20 minutes. There are no network
interfaces other than the LAN. The server hardware components currently have no warranty
and a maintenance agreement is in progress.
Domain Controller is a process/service running on Windows server 2003 that contains
authentication details to respond to authentication requests made. Furthermore, the server is
housed at server room at Alliance Finance Co. PLC Wardplace, Colombo.
The users of the system are located at Alliance Finance Co PLC, Ward Pl. The remote access
is given to their client computers via remote desktop connections. The domain controller
system can only be accessed through LAN of the Alliance Finance premises. Table 3.1 lists
host characterization components for the domain controller.
12
Table 3.1 Host Characterization Components

Host Name
Domain
Controller
Location
Alliance
Finance Co.
PLC
Wardplace,
Colombo
Status
IP Address
Operational Not provided
Platform
Windows server
2003
Software
Eset File Security
Comments
-
13
3.3 System Users

There are only limited number users of who has been granted the access to the domain
controller system. The system administrator role is granted to the assistant manager of IT at
Alliance Finance Co PLC. Furthermore, there are two admin users who are dedicated to the
maintenance of the system.
Table 3.2 Domain Controller System Users
User Category
Access Level
Read /
Write/Full
Number
(Estimate)
Home
Organization
Geographic
Location
System
Administrator
Read/Write
Alliance Finance
Ward Pl,
Colombo
Admin User
Read
Alliance Finance
Ward Pl,
Colombo
3.4 System Dependencies

A dependency is a telecommunication or information technology interconnection or resource
on which the system under review relies for processing, transport, or storage. A relationship
between the domain controller and a dependency can directly affect its confidentiality,
integrity and availability since any vulnerabilities, threats and risks of the dependency will be
inherited by the domain controller itself. While there are no specific dependencies for the
domain controller the following generic information technology resources can be identified
as its dependencies.
Local Area Networks

Enterprise Policies
o Password policy
o IT policy
o Backup policy
Security Services
o Firewall
o Access Control lists
o Intrusion detection system
o Antivirus System
Server room staff, Physical, and Environmental Controls
Vulnerability scanning services an external party is responsible for carrying out

vulnerability scans annually.
14
3.5 Supported Programs and Applications

There is an antivirus program running on the domain controller system. The antivirus is
ESET File Security and the version is 5.1.34.0. It is currently up-to date and operational.
15
4. Information Sensitivity
This section provides details on different types of information handled and processed by the
domain controller and their sensitivity. Sensitivity of the information handled by a system is a
major factor in risk management.
The risk management team used FIPS 199 to reflect on the impact levels and magnitude of
the harm that loss of confidentiality, integrity and availability would have on the operations,
assets and individuals of at Alliance Finance Co. PLC. FIPS 199 have three potential impact
levels (Low, Mid, High) for each of the security objectives.
Domain controller handles mainly one type of information (Personal Identity and
Authentication). Table 4.1 lists information type characterization for the domain controller.
Table 4.1 Domain Controller Information Type

Information Type
Personal Identity and

Authentication
NIST SP
800-60
Reference
Volume II,
Appendix
C.2
Overall Rating
Confidentiality
Integrity
Availability
Low/Moderate/
High
Low/Moderate/
High
Low/Moderate/
High
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
4.1 Sensitivity
The following table provides the definitions for C/I/A ratings for domain controller
Table 4.2 Definitions for C/I/A Ratings
Security Objective
Confidentiality
Preserving
authorized
restrictions on
information access
and disclosure,
including means
for protection
personal privacy
and proprietary
information
Low
Moderate
High
The unauthorized
disclosure of
information could be
expected to have a
limited adverse effect
on organizational
operations,
organizational assets,
or individuals.
The unauthorized
disclosure of
expected to have a
serious adverse effect
on organizational
operations,
or individuals.
The unauthorized
disclosure of
expected to have a
severe or catastrophic
adverse effect on
organizational
operations,
organizational assets, or
individuals.
[44 USC, SEC.

16
3542]
Integrity
Guarding against
improper
information
modification or
destruction, and
includes ensuring
information nonrepudiation and
authenticity.
The modification or
destruction of
expected to have a
limited adverse effect
on organizational
operations,
or individuals.
The modification or
destruction of
expected to have a
serious adverse effect
on organizational
operations,
or individuals.
The modification or
destruction of
expected to have a
severe or catastrophic
adverse effect on
organizational
operations,
individuals.
The disruption of
access to or use of
information or an
information system
could be expected to
have a limited
adverse effect on
organizational
operations,
or individuals.
The disruption of
access to or use of
information or an
information system
have a serious
adverse effect on
organizational
operations,
or individuals.
The disruption of
access to or use of
information or an
information system
have a severe or
catastrophic adverse
effect on organizational
operations,
individuals.
[44 USC, SEC.

3542]
Availability
Ensuring timely
and reliable access
to and use of
information.
[44 USC, SEC.
3542]
The sensitivity designation of information processed by domain controller is moderate. This

moderate designation is based upon the C/I/A designation of the information type for the
domain controller.
4.2 Protection Requirements

4.2.1 Protection Requirement findings
Confidentiality
Domain controller contains sensitive information that is being used to authenticate users
of different systems in Alliance Finance. This data needs protection from unauthorized
access. If this data were to be exposed to public or even within the organization it could
result in unauthorized and malicious users gaining access to data that should otherwise be
out of their knowledge. It also risks sensitive data being leaked and changed. Therefore,
the unauthorized disclosure of domain controller information could be expected to have a
serious adverse effect on organizational operations, organizational assets, or individuals
and the information and protection measures are rated as Moderate.
17
Integrity
Domain controller system processes authentication information to grant access to a

particular server domain. The authentication information must be fully accurate in order
to grant access to the domain, thus, unauthorized modification of this information would
have a serious impact on login in to the server domain. Therefore, unauthorized
modifications to the domain controller systems information cause serious effects on the
Alliance Finance Co PLCs operations and assets. The current protection measures are
rated as low.
Availability
If domain controller were unavailable even for a shorter period of time, it would have an
immediate impact and would affect the efficiency with which domain controller as well
as other systems typically operates. Therefore, the unavailability of domain controller
information could be expected to have a serious adverse effect on organizational
operations, organizational assets, or individuals and the information and protection
measures are rated as High.
18
5. Identification of Vulnerabilities, Threats and Risks

In order to identify the potential threats and vulnerabilities, firstly, an interview was
conducted with the personnel who maintain the domain controller system and a questionnaire
was filled out based on the outcomes of the interview. In addition, cert websites were used to
identify further details on these vulnerabilities as well as suitable remedial measures. The
Table 5.1 Vulnerabilities, Threats, and Risks, illustrates the list of vulnerabilities and threats
that the risk assessment team found.
The way vulnerabilities combine with credible threats to create risks is identified Table 5.1.
Table 5.1 Vulnerabilities, Threats, and Risks
Risk
No.
Vulnerability
Threat
Patches to correct
flaws in operating
system software
could fail to
successfully install.
Computer crime
Loss of firewall
protection.
Computer crime
Malicious use
Malicious use
System compromise
Risk of
Compromise of
Confidentiality
and integrity of
authentication
data.
The system is
protected through
gateprotect hardware
firewall; failure of
this firewall can result
in increasing the
likelihood of other
risks being exploited.
Confidentiality
and integrity of
authentication
data
Loss or theft of
personal identity and
authentication data in
domain controller
could affect the
confidentiality and
integrity of the data.
Inability to access
the system.
Failure of hardware or
equipment may
impact the availability
of the domain
controller
Unauthorized use
Malicious use
Unauthorized use
Computer crime
Hardware
Issues/Equipment
Failure or loss
System Unavailable
Exploitation of flaws
in operating system
could result in
compromise of
confidentiality and
integrity of personal
identity and
authentication data.
Confidentiality
and integrity of
authentication
data.
Internal access to
server.
Risk Summary
19
Risk
No.
Vulnerability
Threat
Risk of
Compromise of
Inability to access
the system.
Single Point of
Failure
System Unavailable
Key Person
Dependency
System Unavailable
Inability to
adequately
support the
application.
Loss of a key person

responsible for the
domain controller will
result in inability to
operate system
functionality, enhance
them or maintain the
domain controller.
Loss of Critical
Documentation,
Data or Software
Malicious use, System

compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Loss of data, software

or documentation
could result in
disruption of service
Data Disclosure

compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Disclosure of
sensitive personal
information could
result in identity theft
and/or system access
control issues.
Software Issues
from Vendor

compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data and ability to
provide service.
Software issues by the

vendor may result in
data corruption or
mission critical
system disruption.
Poor Password
Practices

compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Poor password
practices could allow
improper system
access which could
result in data theft,
data corruption,
application system
alteration or
disruption.
10
Risk Summary
Failure in any part of
the domain controller
could affect other
systems being
properly functioning.
20
Risk
No.
Vulnerability
Threat
Malicious use,
Unauthorized access
Lack of Sufficient
Operational
Policies

compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Improper execution of
operational polices
can cause system
alteration, theft or
disruption.
Poor Physical
Security

compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Due to poor physical

security, unauthorized
personal can
physically access to
which would result in
data theft or
corruption.
Functional Lockout
System unavailability
Inability to access
the system.
If the infrastructure is
not accessible, the
staff will be unable to
access to the domain
controller system.
Natural Disaster
Hurricanes, floods,
and other weather
phenomenon.
Inability to access
the system.
A natural disaster can

cause power failure in
the server farm,
which disable the
access to domain
controller system.
Integrity checkups
are not done
Inability to identify
Unauthorized
modification to data
Integrity of
corporate data.
Integrity of data is not

automatically tested
and unauthorized
modification of data
might go unseen.
Logs stored in a
central location
Loss of log data
Availability of log
data, indirectly
affects integrity of
the data
Logs are kept in the

domain controller
server
13
14
15
16
17
Risk Summary
System
Compromise
11
12
Risk of
Compromise of
Confidentiality
and integrity of
authentication
data.
If the system is
compromised, it can
cause data theft,
corruption, system
alteration and
disruption.
21
Risk
No.
Vulnerability
Threat
Risk of
Compromise of
Confidentiality
and Integrity of
data
The role based

access requests are
not documented
Malicious use,
Unauthorized access
Media containing
sensitive data is not
destroyed
Malicious use
Confidentiality
The backup media

devices containing the
restricted/sensitive
data are not destroyed
or recycled. Instead,
currently they are
locked in a safe.
DOS overflow
Confidentiality
and Availability
of authentication
data
The windows server

2003 service pack 2
allows local users to
obtain sensitive
information from
kernel memory and
cause a denial of
service
Untrusted search
path vulnerability
Unauthorized access,
Confidentiality
and Integrity and
Availability of
authentication
data
The windows server

2003 service pack 2
gain privileges via a
Trojan horse cmd.exe
file in the current
working directory, as
demonstrated by a
directory that contains
a .bat or .cmd file
Read AV
Vulnerability
Confidentiality
and Integrity and
Availability of
authentication
data
The windows server

2003 service pack 2
obtain write access to
the PATHRECORD
chain, and
consequently gain
privileges
18
19
20
Malicious use of
system components
21
22
Risk Summary
Malicious use of
system components
Role based requests

and approvals are
only communicated
through emails.
Currently there is no
proper documentation
to track that.
22
Risk
No.
Vulnerability
Threat
Race Condition
Vulnerability
IPv6 Source
Address Spoofing
Vulnerability
Disk Partition
Driver Elevation of
Privilege
Vulnerability
CSRSS Memory
Corruption
Vulnerability
23
Malicious use of
system components
Risk of
Compromise of
Confidentiality,
Integrity and
Availability of
authentication
data
Race condition in
windows server
kernel mode drivers
allow local users to
gain privileges
Confidentiality
and Integrity of
authentication
data
The windows server

2003 service pack 2
allow remote
attackers to bypass
intended IPv4 sourceaddress restrictions
via a mismatched
IPv6 source address
in a tunneled ISATAP
packet
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
Windows server 2003

service pack 2 does
not properly allocate
memory, which
allows physically
proximate attackers to
execute arbitrary code
or cause a denial of
service by connecting
a crafted USB device
Confidentiality
and Integrity and
Availability of
authentication
data
The Client/Server
Run-time Subsystem
in Windows server
2003 service pack 2
does not properly
handle objects in
memory, which
gain privileges via a
crafted application
Malicious use of
system components
24
25
26
Risk Summary
Malicious use of
system components
23
Risk
No.
Vulnerability
Threat
Malicious use of
system components
Remote Procedure
Call Vulnerability
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
Microsoft Windows
Server 2003 SP2
allow remote
attackers to execute
arbitrary code via a
malformed
asynchronous RPC
request
Backups are
unencrypted
Unauthorized access
Confidentiality
and Integrity of
authentication
data
Backups are written

into optical disks
without encrypting
No direct network
link with the
Disaster Recovery
site
Unauthorized access
Confidentiality
and Integrity and
Availability of
authentication
data
Theft, misplace of the

backup media while
physically delivering
Operating System
is not backed up
Availability of
authentication
data
The Operating
System image is not
backed up. Therefore
in case of OS failure,
OS image and all the
patch updates need to
be done from the
beginning
The Operating
System is not
updated to the
latest version
(Windows server
2012)
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
The current operating

system that runs on
is Windows server
2003. Windows will
stop providing
support for this OS
from 2015 May
28
29
31
32
Risk Summary
OLE Property
Vulnerability
27
30
Risk of
Compromise of
Confidentiality
and Integrity and
Availability of
authentication
data
Microsoft Windows
Server 2003 SP2
allow remote
attackers to execute
arbitrary code via a
crafted OLE object in
a file
24
Risk
No.
Vulnerability
Accounts that are
no longer needed
are not deleted in a
timely manner
33
Threat
Malicious use of
system components
Risk of
Compromise of
Confidentiality
and Integrity of
authentication
data
Risk Summary
The current
procedure, user sends
a request through the
department head to
the IT department
manager to delete
user accounts of the
employee who left the
organization. This
process is time
consuming
25
6. Control Analysis
Table 6.1 Risk Controls in place/planned for domain controller
Control Area
In-Place/
Planned
1 Risk Management
1.1 IT Security Roles & Responsibilities
In Place
1.2 Risk Assessment

1.3 IT Security Audits
In Place
2 IT Contingency Planning
2.1 Continuity of Operations Planning

2.2 IT Disaster Recovery Planning
In Place
2.3 IT System & Data Backup & Restoration
In Place
3 IT Systems Security
3.1 IT System Hardening
In Place
3.2 Malicious Code Protection
In Place
4 Logical Access Control
4.1 Account Management
In Place
4.2 Password Management
In Place
4.3 Remote Access

5 Data Protection
5.1 Data Storage Media Protection
5.2 Encryption
In Place
6 Facilities Security
6.1 Facilities Security
In Place
7 Personnel Security
7.1 Access Determination & Control
In Place
7.2 IT Security Awareness & Training
In Place
8 Threat Management
8.1 Threat Detection
In Place
8.2 Incident Handling
In Place
8.3 Security Monitoring & Logging
In Place
9 IT Asset Management
9.1 IT Asset Control
In Place
9.2 Software License Management
In Place
9.3 Configuration Management & Change Control
In Place
26
7. Risk Likelihood & Impact Determination

Table 7.1 Risk Likelihood & Impact ratings
Risk
No.
Risk Summary
Risk Likelihood Evaluation
Exploitation of flaws in operating

system could result in compromise of
confidentiality and integrity of
personal identity and authentication
data.
Effectiveness of controls to apply

operating system patches is rated
moderate. This is because the
updates are applied automatically
whenever a new patch is released
without considering a risk benefit
analysis of the release. However,
the updates are applied regularly
and obtained from the vendor
only. Possibility of threat
occurrence is law since only
authorized users are given access
to the domain server.
The system is protected through

gateprotect hardware firewall; failure
of this firewall can result in
increasing the likelihood of other
risks being exploited.
Effectiveness of controls is low

since only one firewall is used.
Possibility of threat occurrence is
low, because there is no remote
access to domain controller.
Risk
Likelihood
Rating
Low
Moderate
Risk Impact
Risk Impact
Rating
Unauthorized
disclosure or
modification
of data.
High
Unauthorized
disclosure or
modification
of data.
High
27
Risk
No.
Risk Summary
Loss or theft of personal identity and
authentication data in domain
controller could affect the
confidentiality and integrity of the
data.
Access is only provided to select

few authorized personals. Thus,
the effectiveness of controls is
high. Threat probability moderate
due to human nature (writing
down passwords, social attacks,
etc.)
Failure of hardware or equipment

may impact the availability of the
domain controller

since there are no warranty
agreements for the hardware and
maintenance agreement is still on
progress. The probability of threat
occurrence is dependent on
hardware, software vendor and
age of the hardware.
Failure in any part of the domain

controller could affect other systems
being properly functioning.
The domain controller runs on

one physical system and no
mirror systems are available. If
the system fails, it takes up to 24
hours to recover from DR site.
Thus, the effectiveness of the
controls is low. The probability of
threat occurrence is dependent on
hardware, software vendor and
age of the hardware.
Risk
Likelihood
Rating
Low
Risk Impact
Risk Impact
Rating
Unauthorized
disclosure or
modification of
data.
High
Moderate
Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
Moderate
Inability to
access the
system.
Moderate
28
Risk
No.
Risk Summary
Risk
Likelihood
Rating
High
Risk Impact
Inability to
adequately
support the
system.
Risk Impact
Rating
Low
Loss of a key person responsible for

the domain controller will result in
inability to operate system
functionality, enhance them or
maintain the domain controller.
Effectiveness of the controls is

low since there are only two key
persons responsible for the
domain controller and no cross
training is provided for
redundancy. There is always a
possibility for key persons to
leave the company or go on leave.
Loss of data, software or

documentation could result in
disruption of service
All software and data are backed

up and validated daily. Software
could be downloaded through
vendor website. Thus, the
effectiveness of controls is high.
Possibility is low to moderate.
Low
Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
Disclosure of sensitive personal

information could result in identity
theft and/or system access control
issues.
Staff is properly trained and

educated on the security policies.
Therefore, the possibility of
sensitive information disclosure is
low. Even effective controls and
training cannot stop a person with
appropriate access from doing
something which is wrong. For
that reason, this must be
considered a medium risk.
Moderate
Confidentiality
of
authentication
data could be
compromised.
Moderate
29
Risk
No.
Risk Summary
Software issues by the vendor may
result in data corruption or mission
critical system disruption.
The only software used in the

domain controller is the Antivirus
program. And it is updated
regularly and automatically.
However, the software patches
are not thoroughly tested or
reviewed before applying. Thus,
the effectiveness of the controls is
low.
Poor password practices could allow

improper system access which could
result in data theft, data corruption,
application system alteration or
disruption.
There is a password policy to

enforce standards in applying a
password, and there are security
awareness training programs
conducted to stress the proper use
of passwords. So, the
effectiveness of the control is
high.
If the system is compromised, it can

cause data theft, corruption, system
alteration and disruption.
There is a firewall and an Intruder

Detection System installed. Thus
effectiveness of the controls is
high. Since the domain controller
can only be accessed by the LAN,
probability of system being
compromised is low.
10
11
Risk
Likelihood
Rating
Moderate
Risk Impact
Risk Impact
Rating
Confidentiality
of
authentication
data could be
compromised.
Ability to
provide services
could be
compromised.
Moderate
Low
Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
Low
Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
30
Risk
No.
Risk Summary
Improper execution of operational
polices can cause system alteration,
theft or disruption.
The policy statements are well

documented and there are training
programs twice a year to educate
employees. All the policies
including backup policy and
password policy is properly
maintained and executed. The
effectiveness of the controls is
high. The probability of
happening this kind of a threat is
moderate due to the human
nature.
Due to poor physical security,

unauthorized personal can physically
access to the domain controller which
would result in data theft or
corruption.
The server rooms have physical

security methods implemented
and only few authorized persons
have the access. Thus, the
effectiveness of controls is high.
Probability of unauthorized
persons accessing is low.
If the infrastructure is not accessible,

the staff will be unable to access to
the domain controller system.
The effectiveness of the controls

is dependent on the network
resilience. Probability of the
infrastructure becoming
inaccessible is moderate.
12
13
14
Risk
Likelihood
Rating
Low
Risk Impact
Risk Impact
Rating
Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
Low
Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
Low
Inability to
access the
system.
Moderate
31
Risk
No.
15
Risk Summary
Risk Impact
Risk Impact
Rating
Moderate
Moderate
Availability
and Integrity
of data could
be
compromised.
Moderate
Effectiveness of existing controls

is low since logs are kept in same
physical server. Possibility of
threat occurring is low.
Moderate
Confidentialit
y and integrity
of data in the
logs could be
compromised.
Moderate
Role based requests and approvals

are only communicated through
emails. Currently there is no proper
documentation to track that.

is low since requests are not
documented. Possibility of threat
occurring is low.
Moderate
Confidentialit
y and Integrity
of data could
be
compromised.
Moderate
The backup media devices containing

the restricted/sensitive data are not
destroyed or recycled. Instead,
currently they are locked in a safe.

is moderate since media is locked
on a safe. Possibility of threat
occurring is low.
Low
Confidentialit
y of data
could be
compromised.
High
Probability of a natural disaster

occurring is low.
Integrity of data is not automatically

tested and unauthorized modification
of data might go unseen.

since there are no automated
measures to conduct integrity
checks. Possibility of
unauthorized modification of data
is low.
Logs are kept in the domain

controller server
17
19
Risk
Likelihood
Rating
Low
Inability to
access the
system.
A natural disaster can cause power

failure in the server farm, which
disable the access to domain
controller system.
16
18
32
Risk
No.
20
21
22
Risk Summary
The windows server 2003 service

pack 2 allows local users to obtain
sensitive information from kernel
memory and cause a denial of service
Effectiveness is high since regular

updates are done. Possibility of
threat occurring is low since there
are only few users granted access.

pack 2 allows local users to gain
privileges via a Trojan horse cmd.exe
file in the current working directory,
as demonstrated by a directory that
contains a .bat or .cmd file
Effectiveness is high since regular

updates are done. Possibility of
threat occurring is low since there
are only few users granted access.

pack 2 allows local users to obtain
write access to the PATHRECORD
chain, and consequently gain
privileges
Effectiveness of controls are high

since regular updates are done.
Possibility of threat occurring is
low.
Risk
Likelihood
Rating
Moderate
Risk Impact
Risk Impact
Rating
Confidentiality,
Availability of
authentication
data could be
compromised.
High
Low
Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
Low
Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
33
Risk
No.
Risk Summary
Race condition in windows server

kernel mode drivers allow local users
to gain privileges

since regular updates are done.
Possibility of threat occurring is
low.

pack 2 allow remote attackers to
bypass intended IPv4 source-address
restrictions via a mismatched IPv6
source address in a tunneled ISATAP
packet

since the firewall protection is
available. Probability of threat
occurring is low.
Windows server 2003 service pack 2

does not properly allocate memory,
which allows physically proximate
attackers to execute arbitrary code or
cause a denial of service by
connecting a crafted USB device

since limited number of users
have access to the domain
controller. Probability of threat
occurring is low.
23
24
25
Risk
Likelihood
Rating
Low
Risk Impact
Risk Impact
Rating
Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
Low
Confidentiality
and Integrity of
authentication
data could be
compromised.
Moderate
Low
Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
34
Risk
No.
Risk Summary
The Client/Server Run-time

Subsystem in Windows server 2003
service pack 2 does not properly
handle objects in memory, which
allows local users to gain privileges
via a crafted application

occurring is low.
27
Microsoft Windows Server 2003 SP2

allow remote attackers to execute
arbitrary code via a crafted OLE
object in a file

since remote access is not granted
to the domain controller.
Probability of threat occurring is
low.
28

allow remote attackers to execute
arbitrary code via a malformed
asynchronous RPC request

occurring is low.
26
Risk
Likelihood
Rating
Low
Risk Impact
Risk Impact
Rating
Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
High
Low
Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
High
Low
Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
High
35
Risk
No.
Risk
Likelihood
Rating
High
Backups are written into optical disks

without encrypting
Effectiveness of controls are low

since no encryption. Probability
of risk occurring is moderate.
Theft, misplace of the backup media

while physically delivering
Effectiveness of controls are low.

Probability of risk occurring is
low.
Moderate
The Operating System image is not

backed up. Therefore in case of OS
failure, OS image and all the patch
updates need to be done from the
beginning
Effectiveness of controls are low

since the whole OS image is not
backed up. Probability of risk
occurring is moderate.
High
Availability of
authentication
data could be
compromised.
The current operating system that

runs on the domain controller is
Windows server 2003. Windows will
stop providing support for this OS
from 2015 May
Effectiveness of controls are

moderate since patch updates are
done. Probability of risk
occurring is moderate.
High
Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
29
30
31
32
Risk Impact
Risk Summary
Risk Impact
Rating
Confidentiality
and Integrity of
authentication
data could be
compromised.
High
Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
High
Moderate
High
36
Risk
No.
33
Risk Summary
The current procedure, user sends a
request through the department head
to the IT department manager to
delete user accounts of the employee
who left the organization. This
process is time consuming

Effectiveness of controls are
moderate since theres existing
process but its time consuming.
Probability of risk occurring is
low.
Risk
Likelihood
Rating
Low
Risk Impact
Confidentiality
and Integrity of
authentication
data could be
compromised.
Risk Impact
Rating
High
37
8. Overall Risk Determination & Recommendations

Table 8.1 Overall Risk Rating
Risk
No.
Risk Summary
Backups are written into optical disks

without encrypting
The current operating system that runs on
the domain controller is Windows server
2003. Windows will stop providing
support for this OS from 2015 May
The system is protected through
gateprotect hardware firewall; failure of
this firewall can result in increasing the
likelihood of other risks being exploited.
The windows server 2003 service pack 2

allows local users to obtain sensitive
information from kernel memory and
cause a denial of service
Risk
Likelihoo
d Rating
High
Risk
Impact
Rating
High
Overall Risk
Rating
High (Score 100)
Recommendation
Backups need to be written in

write once disks and must be
encrypted and signed with a
message digest
OS should be upgraded to the
latest version
High
Moderate
Moderate
High
High
High
High (Score 100)
Moderate (Score 50)
It is a good practice to use

multiple firewalls to keep
functioning even when one
firewall fails.
Moderate (Score 50)
Scan the opened ports in the

server and close the unnecessary
ports.
Fix is provided through Windows
update Windows Server 2003
KB2930275
38
Risk
No.
Risk Summary
Theft, misplace of the backup media while

physically delivering
The Operating System image is not backed
up. Therefore in case of OS failure, OS
image and all the patch updates need to be
done from the beginning
Risk
Likelihoo
d Rating
Moderate
Risk
Impact
Rating
High
Overall Risk
Rating
Moderate (Score 50)
High
Moderate
Failure in any part of the domain controller

could affect other systems being properly
functioning.
Moderate
Disclosure of sensitive personal
information could result in identity theft
and/or system access control issues.
Direct network link should be

implemented to connect disaster
recovery site to the Alliance
Finance premises
OS images should be backed up
on a regular basis and should be
annually tested least twice.
Moderate
Moderate (Score 50)
Moderate (Score 25)
Domain controller runs on one

physical server. It is
recommended to have a mirror
server in case of primary server
failure. Furthermore, Service
Level Agreements need to be
signed with the vendor.
Moderate (Score 25)
Domain controller runs on one

physical server. It is
recommended to have a mirror
server in case of primary server
failure.
Moderate (Score 25)
Disclosure of personal data is

mitigated to an acceptable level
using existing controls.
7
Failure of hardware or equipment may
impact the availability of the domain
controller
Recommendation
Moderate
Moderate
Moderate
Moderate
39
Risk
No.
10
11
12
13
14
15
Risk Summary
Software issues by the vendor may result
in data corruption or mission critical
system disruption.
Integrity of data is not automatically tested
and unauthorized modification of data
might go unseen.
Logs are kept in the domain controller
server
Risk
Likelihoo
d Rating
Moderate
Loss or theft of personal identity and

authentication data in domain controller
could affect the confidentiality and
integrity of the data.
Moderate
Overall Risk
Rating
Moderate (Score 25)
Recommendation
Update only on need basis and

review the patches before
updating.
Implement an automated system
to check the data integrity.
Moderate
Moderate
Role based requests and approvals are only

communicated through emails. Currently
there is no proper documentation to track
that.
Moderate
Exploitation of flaws in operating system
could result in compromise of
confidentiality and integrity of personal
identity and authentication data.
Risk
Impact
Rating
Low
Low
Moderate
Moderate
Moderate (Score 25)
Moderate (Score 25)
Logs should be kept in another

location separate from the domain
controller system.
Proper standards and guidelines
should be created regarding
documenting role based requests.
Moderate
High
High
Moderate (Score 25)
Low (Score 10)
Even though the risk is low, it is

important to conduct regular
integrity checkups and review the
recent patch updates done.
Low (Score 10)
The existing controls are

sufficient enough to mitigate the
loss/theft of personal data to an
acceptable level.
40
Risk
No.
Risk Summary
16
Loss of a key person responsible for the

domain controller will result in inability to
operate system functionality, enhance
them or maintain the domain controller.
17
18
19
The backup media devices containing the

restricted/sensitive data are not destroyed
or recycled. Instead, currently they are
locked in a safe.

allows local users to gain privileges via a
Trojan horse cmd.exe file in the current
working directory, as demonstrated by a
directory that contains a .bat or .cmd file
allows local users to obtain write access to
the PATHRECORD chain, and
consequently gain privileges
Risk
Likelihoo
d Rating
High
Risk
Impact
Rating
Low
Overall Risk
Rating
Low (Score 10)
Recommendation
Train few employees to be

responsible for maintaining the
domain controller system (have
redundancy).
Proper procedures should be
implemented in destroying the
media containing sensitive data.
Low
High
Low (Score 10)

Use monitoring tools that
examine the software's process
as it interacts with the operating
system and the network.
Use automated static analysis
tools
Use manual penetration testing,
threat modeling
Low
Low
High
High
Low (Score 10)
Low (Score 10)
Apply the relevant updates.

Administrators are advised to
allow only trusted users to the
system.
41
Risk
No.
20
21
22
Risk Summary
Race condition in windows server kernel

mode drivers allow local users to gain
privileges
Windows server 2003 service pack 2 does

not properly allocate memory, which
allows physically proximate attackers to
execute arbitrary code or cause a denial of
service by connecting a crafted USB
device
The Client/Server Run-time Subsystem in
Windows server 2003 service pack 2 does
not properly handle objects in memory,
which allows local users to gain privileges
via a crafted application
Risk
Likelihoo
d Rating
Low
Low
Risk
Impact
Rating
High
High
Overall Risk
Rating
Recommendation
Low (Score 10)
Disable the WebClient service

KB2813170
Low (Score 10)
Permit local access for trusted

individuals only. Where
possible, use restricted
environments and restricted
shells.
KB2998579
KB2820917
Low
High
Low (Score 10)
42
Risk
No.
Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
23
allow remote attackers to execute arbitrary
code via a crafted OLE object in a file
24
25
26

allow remote attackers to execute arbitrary
code via a malformed asynchronous RPC
request
The current procedure, user sends a
request through the department head to the
IT department manager to delete user
accounts of the employee who left the
organization. This process is time
consuming
Loss of data, software or documentation

could result in disruption of service
Low
High
Low (Score 10)
Recommendation
Block external access at the

network boundary, unless
external parties require service
Deploy network intrusion
detection systems to monitor
network traffic for malicious
activity
KB2876217
KB2849470
Low
High
Low (Score 10)

Accounts that are no longer
needed should be identified and
removed in a timely manner
Low
Low
High
Moderate
Low (Score 10)
Low (Score 5)
Since it takes up-to 24 hours to

full system recovery, faster
backup/recovery plans must be
implemented.
43
Risk
No.
Risk Summary
27
Poor password practices could allow

improper system access which could result
in data theft, data corruption, application
system alteration or disruption.
28
29
30
31
32
If the system is compromised, it can cause

data theft, corruption, system alteration
and disruption.
Improper execution of operational polices
can cause system alteration, theft or
disruption.
Due to poor physical security,
unauthorized personal can physically
access to the domain controller which
would result in data theft or corruption.
Risk
Likelihoo
d Rating
Overall Risk
Rating
Recommendation
The existing password policy is

sufficient to mitigate this risk.
Low
Moderate
Low (Score 5)
Conduct regular integrity checks
and review access logs regularly.
Low
Low
Moderate
Moderate
Low (Score 5)
Low (Score 5)
The operational policies are

practiced and executed well
enough to mitigate this type of a
risk.
The physical security levels of the
server farm is acceptable to
mitigate this risk.
Low
If the infrastructure is not accessible, the

staff will be unable to access to the domain
controller system.
Low
A natural disaster can cause power failure
in the server farm, which disable the
access to domain controller system.
Risk
Impact
Rating
Low
Moderate
Moderate
Moderate
Low (Score 5)
Low (Score 5)
Implement redundancy in the

network infrastructure and have a
plan for immediate replacement
of infrastructure hardware.
Low (Score 5)
Having alternative power

generators at least up to 48 hours
of operational time.
44
Risk
No.
33
Risk Summary

allow remote attackers to bypass intended
IPv4 source-address restrictions via a
mismatched IPv6 source address in a
tunneled ISATAP packet
Risk
Likelihoo
d Rating
Low
Risk
Impact
Rating
Moderate
Overall Risk
Rating
Low (Score 5)
Recommendation
Configure the
DisableIPSourceRouting entry to
a value of 2
KB978338
45
46

Risk Assessment - Alliance Finance

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Risk Assessment - Alliance Finance

Hochgeladen von

Copyright:

Verfügbare Formate

ICT 4009 - IT Contingency Planning

Risk Assessment Report

Risk Assessment Alliance Finance

Risk Assessment Alliance Finance

Risk Assessment Alliance Finance

Risk Assessment Alliance Finance

Personnel who are responsible for overseeing information system operations or

Chief Information Officers (CIOs)

Risk Assessment Alliance Finance

System engineers and architects

Architects are responsible for designing, implementing, or modifying information systems.

Risk Assessment Alliance Finance

2. Risk Assessment Approach and Methodology

Management Controls: The management level controls were addressed in order to

2.1 Risk Assessment Process

Risk Assessment Alliance Finance

Questionnaire - Carnegie Mellon Information Security Office Template

2.1.2 Phase 2- Assessment

Risk Assessment Alliance Finance

Table 2.1 Risk Likelihood Definitions (1)

Risk Assessment Alliance Finance

Table 2.2 Risk Likelihood Definitions (2)

Probability of Threat Occurrence

Risk Assessment Alliance Finance

Table 2.4 Risk Level Definitions

Risk Level Definition

There is a strong need for corrective measures. An existing system may

Step 6: Risk Mitigation Recommendations

Sensitivity of the data and the system

Risk Assessment Alliance Finance

2.1.3 Phase 3 Post Assessment

Eliminate the risk cause and consequences to avoid the risk.

Risk Assessment Alliance Finance

3.2 System Environment

Risk Assessment Alliance Finance

Table 3.1 Host Characterization Components

Risk Assessment Alliance Finance

3.3 System Users

3.4 System Dependencies

Local Area Networks

Server room staff, Physical, and Environmental Controls

Vulnerability scanning services an external party is responsible for carrying out

Risk Assessment Alliance Finance

3.5 Supported Programs and Applications

Risk Assessment Alliance Finance

Table 4.1 Domain Controller Information Type

Personal Identity and

[44 USC, SEC.

Risk Assessment Alliance Finance

[44 USC, SEC.

The sensitivity designation of information processed by domain controller is moderate. This

4.2 Protection Requirements

Risk Assessment Alliance Finance

Domain controller system processes authentication information to grant access to a

Risk Assessment Alliance Finance

5. Identification of Vulnerabilities, Threats and Risks

Risk Assessment Alliance Finance

Loss of a key person

Malicious use, System

Loss of data, software

Malicious use, System

Malicious use, System

Software issues by the