SECURITY RISK ASSESSMENT
Executive Summary
A detailed Information security risk assessment was carried out on Fiji Directories Limited (FDL) during October 15th 2018 to October 24th 2018.
FDL, an ATH group company, is a Directory Listing Service Provider who is responsible for printing the yearly Yellow Pages Fiji Directory as well as maintaining a web accessible search engine.
The Assessment outlined some high risk finding in the area of Computer Security risks in terms of lack of email, computer, and network security measures.
To mitigate these risks, Management need to have appropriate measures on all computing related security risks. For email security, install a security gateway such as Barracuda. Implement a Firewall for network security e.g Fortigate and for computer security, install heavy-duty antivirus software such as ESET.
Purpose
The main purpose of this risk assessment report is to basically identify and outline all threats, weaknesses and vulnerabilities in regards to Fiji Directories Limited (FDL).
This assessment report will then be used to outing all areas of improvement and risk mitigation strategies associated to FDL.
FDL is a potential high-risk organization as it hosts one of the largest databases in Fiji with customer data, business and individual with the added advantage of having accurate and timely data.
4. Vulnerability Statement
[Compile and list potential vulnerabilities applicable to the system assessed].
Vulnerability Description
[List vulnerabilities] [Describe vulnerability and its impact]
5. Threat Statement
[Compile and list the potential threat-sources applicable to the system assessed].
Threat-Source Threat Actions
[List threat sources] [List and/or describe actions that can be taken by threat source e.g., identity theft, spoofing, system intrusion]
6. Risk Assessment Results
[List the observations (vulnerability/threat-source pairs). Each observation should include-
- Observation number and brief description of observation (e.g., Observation 1: User system passwords can be guessed or cracked)
- A discussion of the threat-source and vulnerability pair
- Identification of existing mitigating security controls
- Likelihood discussion and evaluation (e.g., High, Medium, or Low likelihood)
- Impact analysis discussion and evaluation (e.g., High, Medium, or Low impact)
- Risk rating based on the risk-level matrix (e.g., High, Medium, or Low risk level)
- Recommended controls or alternative options for reducing the risk].
Note: Need section 4,5 and 6 complete
Attachment:- Assignment Report.rar