Fangonillo 1

Vulnerability Assessment

Asset identification

The asset is a personal computer (laptop) containing personal data and other important data
custom designed for commercial reasons.

Threat evaluation

Under this, the first consideration is to look at all the possible vulnerabilities to the safety of my
PC. The threat under consideration is a hacking attack. Therefore, this assessment will be attempting to
evaluate the levels of risk my laptop is exposed to and whether or not am a victim of a hacking attack. a
firewall can be setup to stop sniffing and snooping, however, some hackers are known to bypass firewall
security measures by disguising themselves as authorized users of the PC (LAM, KWOK YAN).

Vulnerability Appraisal

This step will look at the possible vulnerabilities that the hackers can easily exploit in a laptop.
These intrusions can be devastating, severe, noticeable or minor.

Defined: there has been a history of hacking anomalies in my PC. Firewall attempts to block
intrusions failed but I never got an alarm.
Credible: there is a history of other peoples laptops being attacked in the same network but my
laptop firewall has never shown indications of any attacks on my PC.
Potential: there are other PCs which have fallen victim of these hackers and documents, files,
and programs were corrupted but not on this PC I got a warning alarm from the firewall.
Minimal: there has never been any reported hacking attacks on either this or colleagues
computer.

Risk Assessment

This is the assessment of impact after a successful attack by a hacker on the PC and the extent of
vulnerability a PC is exposed to. The main components of this stage is the ratings assigned to the extent
of an impact (Navarro, Luis).

Devastating: this is a rating issued for the case of all the important documents and files have
been corrupted by the hacker and the laptop is controlled by the hacker.
Severe: there is partial damage to the stored content in my laptop. Examples include, partial loss
of files in the internal storage and corrupted files but I retain control of the PC.
Noticeable: the laptop is partially affected and can continue for some days although it gets
overheated and experiences a lot of system hangings.
 Fangonillo 2

Minor: the laptop is breached by but does not show any visible signs of breach, although the
system takes long to boot up and shut down.

Risk Mitigation

Under this it is imperative to look at the measures to deal with the identified risks. The reason an attacked
is successfully launched on the PC could be contributed by weak protection mechanism (Wylder, John).
To enhance security a user should try:

A strong policy regarding passwords: this is a prevention policy that allows the user to create long
passwords that are not easily decipherable by an attacker. Character passwords only could be
easily breached by an attacker; therefore it is supreme that a password policy to include numbers
in a password is a positive mechanism. In addition, all the files and disk storages should be
protected using a password. Finally passwords should be changed regularly to avoid predictions
by intruders (Wylder, John).
Access restriction policy: this approach ensures the security of personal computers by enforcing
restrictions to host data and the system internal disks. Attackers can use a dump technique where
they access personalized records offline and later hack them breaching privacy of the data
(Navarro, Luis).

Conclusion

The steps in risk management involve the evaluation of the risk to identify the possible threats
being faced by a PC, a vulnerability appraisal to determine the much that can be lost in an attack, risk
management indicates how likely is the breach and mitigation shows how to curb such anomalies on
personal computers. In all the steps, it is key that the user gets to understand the measures to employ to
avoid further damage.
 Fangonillo 3

References

Lam, Kwok Yan. Information and Communications Security. [Place Of Publication Not Identified], Springer
International Pu, 2017.

Navarro, Luis. "Information Security Risks And Managed Security Service". Information Security Technical
Report, vol 6, no. 3, 2001, pp. 28-36. Elsevier BV, doi: 10.1016/s1363-4127(01)00305-3.

Wylder, John. Strategic Information Security. Boca Raton, Fl., Auerbach Publications, 2004.