Discussion Post: Cybersecurity
If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
1) A CRM-Server that is connected to the Internet. It has two vulnerabilities:
a) susceptibility to hardware failure, with a likelihood of 8, and
b) susceptibility to ransomware attack with a likelihood of 4.
The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and data.
1) An E-commerce server hosts the company Web site and supports customer transactions. It runs a server software that is vulnerable to a buffer overflow attack, with the likelihood of such an attack estimated at 6. The server has been assigned an impact value of 8. Assume that there are no current controls in place to protect the server, and there is a 70 percent certainty of the assumptions and data.
2) A Control-Console to monitor operations in the server room. It has no passwords and is susceptible to unlogged misuse by the operators. Estimates show that the likelihood of misuse is 2. There are no controls in place on this asset, which has an impact value of 5. There is a 90 percent certainty of the assumptions and data.
The response must include a reference list. Using Times New Roman 12 pnt font, double-space, one-inch margins, and APA style of writing and citations.