Threat 1
number.
Risk severity. Extreme
Threat title. Network is vulnerable to virus attacks because the anti malware
software isn’t up to date and configured.
Probability. Very likely because guests and staff are surfing the internet and
receiving emails, meaning the network will pick up a virus at
some point.
Potential size Major because once the virus in installed on the network then it
of loss / could slow down the network by taking all of the storage space or
impact level. lock all the PCs depending on the type of virus.
Explanation As there is mention of anti malware / anti virus software in the
of the threat scenario, we can assume that is none in place currently. Due to
in context. the fact that users are surfing the internet and receiving emails
from clients and guests, it is likely that the system will pick up a
virus at some point if not already, because some of the emails
might be phishing attempts or users accidentally visiting an
untrusted website which downloaded malware onto the network.
Moreover, a malware might be currently in the network but
because there is no anti malware software currently installed, the
company might be unaware of that. This means all of company’s
data is under risk of being stolen.
Threat 2
number.
Risk severity. High
Threat title. Only one server available, No backups
Probability. Likely because the server will fail at some point as its
mechanical.
Potential size Major because if the server goes down, the company won’t be
of loss / able to save anything in server and any changing in the data will
impact level. be lost.
Explanation of The server stores confidential information about the company,
the threat in employees and customers. If it fails, then that means employees
context. and company will not be able to access the information that is
stored on the server and any changing in data will be lost. If the
data gets deleted either intentionally or accidentally, the company
will not be able to restore the data as there is no backup server
available. The lost data might have the company trade secrets
and other confidential information that is very vital for the
company. If data gets lost, this could lead the business to suffer
reputational and income loss as well as getting sued for not being
able to protect the customer information according to GDPR
Threat 3
number.
, Risk severity. Extreme
Threat title. Data stored on server is readable to everyone
Probability. Very Likely because if the server is hacked then the hacker can
read the data easily as its not stored in an encrypted format
Potential size Major because server has confidential information about
of loss / customers and company’s trade secrets, if these gets stolen then
impact level. the business will have to suffer several consequences
Explanation of Server stores confidential information about customer and trade
the threat in secrets of company. If this data gets stolen, then hacker can read
context. it easily due to the fact that it’s not stored in an encrypted
format. As there is no mention of encrypting the confidential data
stored on server, we can assume that its not. After stealing the
data, hacker can then use stolen data for fraudulent purposes for
financial gain or reveal the information online to damage
company’s reputation.
And because company don’t have any proper backups this means
any stolen data won’t be able to recover and any changes made
in the data will be lost. (only applies depending on scenario)
Threat 4
number.
Risk severity. High
Threat title. Files and Folders are not stored in Encrypted format
Probability. Likely because someone can get access to user’s PC using a
virus/infected links or a grudged employee may get access to
some other employee’s PC if its left unattended/unlocked
Potential size Major because if the hacker or intruder get access to a high
of loss / privileged employee’s PC then he can access all the files on the
impact level. PC as they aren’t encrypted.
Explanation of Just like the data stored on server isn’t encrypted, the files and
the threat in folders in employees and admin’s computer is not stated to be
context. encrypted either. This means if the hacker somehow gets access
to the admin or employee’s PC which can be done via infected
links that installs keylogger onto the PC when clicked or a
grudged employee getting access to another high privileged
employee’s PC, after getting access to the PC the hacker can
easily read, copy, modify or delete the files and folders on that
device as its not encrypted. Otherwise it will be hard for him to
get access to the information as it would require a decryption key
which is hard to generate.
Threat 5
number.
Risk severity. High
Threat title. Wi-Fi connection is not encrypted; Outdated Protocols Used
Probability. Likely because the data transferring through Wi-Fi would be
unencrypted and can be intercept very easily since its readable to
number.
Risk severity. Extreme
Threat title. Network is vulnerable to virus attacks because the anti malware
software isn’t up to date and configured.
Probability. Very likely because guests and staff are surfing the internet and
receiving emails, meaning the network will pick up a virus at
some point.
Potential size Major because once the virus in installed on the network then it
of loss / could slow down the network by taking all of the storage space or
impact level. lock all the PCs depending on the type of virus.
Explanation As there is mention of anti malware / anti virus software in the
of the threat scenario, we can assume that is none in place currently. Due to
in context. the fact that users are surfing the internet and receiving emails
from clients and guests, it is likely that the system will pick up a
virus at some point if not already, because some of the emails
might be phishing attempts or users accidentally visiting an
untrusted website which downloaded malware onto the network.
Moreover, a malware might be currently in the network but
because there is no anti malware software currently installed, the
company might be unaware of that. This means all of company’s
data is under risk of being stolen.
Threat 2
number.
Risk severity. High
Threat title. Only one server available, No backups
Probability. Likely because the server will fail at some point as its
mechanical.
Potential size Major because if the server goes down, the company won’t be
of loss / able to save anything in server and any changing in the data will
impact level. be lost.
Explanation of The server stores confidential information about the company,
the threat in employees and customers. If it fails, then that means employees
context. and company will not be able to access the information that is
stored on the server and any changing in data will be lost. If the
data gets deleted either intentionally or accidentally, the company
will not be able to restore the data as there is no backup server
available. The lost data might have the company trade secrets
and other confidential information that is very vital for the
company. If data gets lost, this could lead the business to suffer
reputational and income loss as well as getting sued for not being
able to protect the customer information according to GDPR
Threat 3
number.
, Risk severity. Extreme
Threat title. Data stored on server is readable to everyone
Probability. Very Likely because if the server is hacked then the hacker can
read the data easily as its not stored in an encrypted format
Potential size Major because server has confidential information about
of loss / customers and company’s trade secrets, if these gets stolen then
impact level. the business will have to suffer several consequences
Explanation of Server stores confidential information about customer and trade
the threat in secrets of company. If this data gets stolen, then hacker can read
context. it easily due to the fact that it’s not stored in an encrypted
format. As there is no mention of encrypting the confidential data
stored on server, we can assume that its not. After stealing the
data, hacker can then use stolen data for fraudulent purposes for
financial gain or reveal the information online to damage
company’s reputation.
And because company don’t have any proper backups this means
any stolen data won’t be able to recover and any changes made
in the data will be lost. (only applies depending on scenario)
Threat 4
number.
Risk severity. High
Threat title. Files and Folders are not stored in Encrypted format
Probability. Likely because someone can get access to user’s PC using a
virus/infected links or a grudged employee may get access to
some other employee’s PC if its left unattended/unlocked
Potential size Major because if the hacker or intruder get access to a high
of loss / privileged employee’s PC then he can access all the files on the
impact level. PC as they aren’t encrypted.
Explanation of Just like the data stored on server isn’t encrypted, the files and
the threat in folders in employees and admin’s computer is not stated to be
context. encrypted either. This means if the hacker somehow gets access
to the admin or employee’s PC which can be done via infected
links that installs keylogger onto the PC when clicked or a
grudged employee getting access to another high privileged
employee’s PC, after getting access to the PC the hacker can
easily read, copy, modify or delete the files and folders on that
device as its not encrypted. Otherwise it will be hard for him to
get access to the information as it would require a decryption key
which is hard to generate.
Threat 5
number.
Risk severity. High
Threat title. Wi-Fi connection is not encrypted; Outdated Protocols Used
Probability. Likely because the data transferring through Wi-Fi would be
unencrypted and can be intercept very easily since its readable to
