IT System Connection Table
When securing the modern enterprise, consider that IT systems do not operate alone. Securing them involves securing their interfaces with other systems as well. It is important to know the different interconnections each system may have.
Fill out the following table for four different IT systems.
- Note two enterprise systems they connect with and their connection type.
- Note two security vulnerabilities the connection may have and 2 to 4 ways each vulnerability could be potentially exploited.
Some Comments:
- An example row has been entered into the table. This is only an example and should not limit what you do.
- Keep in mind that enterprise systems cover a certain task in the enterprise (HR, CRM, Identity Management, etc.). They are not the components of a system (such as servers).
- Connections can often be a direct connection/pipe, a file, a common database or something else.
- The vulnerability is what would make the connection vulnerable to an attack.
- The related risk is an attack that could target the weakness.
|
IT System
|
Target System
|
Connection Type
|
Possible Security Vulnerability
|
Related Risk
|
|
EXAMPLE
HR System
|
Identity Management System
|
Feeder File
|
File could be modified.
|
User rights might not be correctly updated.
|
|
|
1.
2.
|
1.
2.
|
1.
2.
|
1.
2.
3.
4.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|