Project 6 Information Security Analysis
ube, Dorothy Skowrunski, Sarah Stottsberry, Thomas Vaughn
Risk Impact Level 1 Failure: Inability to access critical systems could be repaired during 1 day.
Level 2 Failure: Inability to access critical systems that could be repaired within a week.
Level 3 Failure: Inability to access critical systems that could take an extended amount of time t
Risk Probability Low: Manually enter an estimated percentage (whole number) between 1% and 30% that repr
Medium Manually enter an estimated percentage (whole number) between 31% and 70% that
High: Manually enter an estimated percentage (whole number) between 71% and 100% that re
Risk Score: Possible Values: Impa
Green: Low Risk Low
Orange: Moderate Risk Level 1 Low
Red: High Risk Level 2 Low
Level 3 Moderate
The Risk Impact Probability
Physical Threats
1 Risk of compromising information assets by
allowing anyone to access the ODNR network Level 2 Medium
Risk to information assets due to catastrophic
unforseen events like Fire, Flood, Hurricanes,
2 Tornadoes etc. Level 3 Medium
Risk of information loss due to sudden power
3 outage Level 1 High
Logical Threats
Risk of Information Loss due to access by
4
person not having permission to log onto
network, computer, or other device or system. Level 2 Medium
Risk of sharing classified infomration to
5
inappriate individuals and/or parties. Level 2 High
Technical Threats
6
Risk of Information Loss due to unreliable
servers Level 3 High
Risk of Information Loss due to security
7
vulnerability on network, laptops, computers,
and or other devices Level 2 High
8
Risk of Information Loss due to unforseen
system failure Level 3 Medium
Infrastructure Failures
Inability to access system due to unreliable
9
hardware Level 1 Medium
10
Inability to access system due to unknown
system error during off-hours Level 1 Medium
11
Overall system failure and possibilities of a
lengthy amount of time to fix Level 2 High
Human Error
12
Risk of system failure due to unexpected
change and/or no knowledge of change Level 1 High
during 1 day.
ired within a week.
extended amount of time to repair and/or unrecoverable loss off systems
ween 1% and 30% that represents the likelihood that the risk will occur (or 15% as a default value), or
between 31% and 70% that represents the likelihood that the risk will occur (or 50% as a default value), or
ween 71% and 100% that represents the likelihood that the risk will occur (or 85% as a default value).
Impact/Probability Mapping
Medium High
Moderate High
Moderate High
High High
Initial Risk
Score Technologies Used to Control Impact Probability
Authentication Technology: Password, Access Card,
Moderate Bio-Metrics; Grouped Based Permissions Level 1 Low
Fire Protection Systems, Flood Planning (i.e.
Moving servers to higher levels in building,
High installing sump pumps etc. Level 1 Low
UPS and Backup Generators, Investment in Fault
High Tolerant Hardware. Level 1 Medium
Authentication Technology: Password, Access Card,
Moderate Bio-Metrics; Grouped Based Permissions Level 1 Low
Data Encryption Technologies, Digital Signatures,
High Interactive Proofs, Level 1 Low
RAID Technology, Backup and Disaster Recovery:
Automatic Backups, Remote Connectivity for
Repair, SAN Storage (remote data storage),
High Virtual/Cloud Backups Level 1 Low
Data Encryption, Virus Protection, Intrusion
Protection Systems(IPS), Client IP Tunneling (VPN),
Secure Sockets Layer(SSL/HTTPS), Firewall
High Technology Level 1 Low
Backup and Disaster Recovery: Automatic Backups,
Remote Connectivity for Repair, SAN Storage
(remote data storage), Virtual/Cloud Backups,
High Clone Software Level 1 Low
RAID Technology, Computer system tools like
Moderate Scandisk, Disk defragmenter Level 1 Low
Automation Technologies that could detect system
Moderate outage and restart etc. Level 1 Low
IT Infrastructure redundancy in offsite facility,
Disaster Planning including processes that should
High be taken while system is being restored. Level 1 Low
Version Control and/or Change Control technology
that will keep track of changes through versioning,
who made the change, and when.; Automation
Technologies that could prevent such wrongful
High combinations of factors and/or self heal situation Level 1 Low
Final Risk
Score
Low
Low
Moderate
Low
Low
Low
Low
Low
Low
Low
Low
Low
Compatibility Report for Risk_Register_V2_Sarah_Stottsberry.xls
Run on 9/28/2008 16:10
The following features in this workbook are not supported by earlier versions of
Excel. These features may be lost or degraded when you save this workbook in
an earlier file format.
Minor loss of fidelity # of occurrences
Some cells or styles in this workbook contain formatting that is not supported 33
by the selected file format. These formats will be converted to the closest
format available.