Thesis

IT Security Risk Assessment

Name: IT Security Risk Assessment
SKU: doc_485851
Rating: 4.25 (4 reviews)
Author: titanium

Rating

4.3

(4)

Sold

Pages

Uploaded on

11-12-2018

Written in

2018/2019

This particular assignment is the cumulative project which deals with assessing risk within an organization in an information technology environment. This report explains the assessment of different areas (risks) of concern and an analysis of those risks. It gives an idea of what a risk assessment looks like in the real world. When I have written this 10 page report, it was a massive and a very intense project. I have spent 13 hours a day for 8 days straight working on this analysis report, but in the end, I have receive a 74 out of 75 points on this project.

Show more Read less

Institution

Course

Whoops! We can’t load your doc right now. Try again or contact support.

Report Copyright Violation

Connected book

Douglas Landoll The Security Risk Assessment Handbook

Edition:2011
ISBN:9781466509177
Edition:Unknown

Written for

Institution: Central Washington University
Course: IT438 - IT Risk Management (IT438)

All documents for this subject (3)

Document information

Uploaded on: December 11, 2018
Number of pages: 47
Written in: 2018/2019
Type: Thesis
Supervisor(s): Unknown
Year: 2011

Subjects

Content preview

Port of Seattle IT Security Risk Assessment

Joseph Sanchez
Central Washington University

December 4, 2018



,Table of Contents
Executie Summary.....................................................................................................................................4
Oieriiew of Assessment..........................................................................................................................4
Identied Risks and Common Risk hndemes..............................................................................................4
Summary of Proposed Mitiaton Actiites.............................................................................................4
Risk Assessment Report...............................................................................................................................4
Oieriiew of Risk Assessment..................................................................................................................5
Risk Measurement Criteria......................................................................................................................5
Scope of Assessment...............................................................................................................................6
Security Controls Assessed......................................................................................................................6
Areas of Concern (or Risks)......................................................................................................................8
Disiruntled employee may access and release employee’s account informaton..............................8
Hacker iain access to employee’s account informaton.....................................................................9
An intruder could iain access to an access panel at tde kiosk macdine..............................................9
An intruder interceptni tde Wi-Fi siinal to obtain informaton.......................................................10
A tdief iainini access to tde locked container...................................................................................12
Risk Heat Map....................................................................................................................................13
Risk Mitiaton.......................................................................................................................................14
Risks to Accept...................................................................................................................................14
Risks to Defer.....................................................................................................................................14
Risks to hnransfer................................................................................................................................14
Risks to Mitiate................................................................................................................................14
Reference List............................................................................................................................................18
Octaie Alleiro Worksdeets.......................................................................................................................19
Worksdeet 1..............................................................................................................................................19
Worksdeet 2..............................................................................................................................................20
Worksdeet 3..............................................................................................................................................21
Worksdeet 4..............................................................................................................................................22
Worksdeet 5..............................................................................................................................................23
Worksdeet 6..............................................................................................................................................24
Worksdeet 7..............................................................................................................................................25
Worksdeet 8..............................................................................................................................................26

,Worksdeet 9a............................................................................................................................................28
Worksdeet 9b............................................................................................................................................30
Worksdeet 9c.............................................................................................................................................32
Worksdeet 10............................................................................................................................................34
Worksdeet 10............................................................................................................................................36
Worksdeet 10............................................................................................................................................38
Worksdeet 10............................................................................................................................................40
Worksdeet 10............................................................................................................................................43
Octaie Alleiro Questonnaires..................................................................................................................46

, Executive Summary
Overview of Assessment
When the assessment took place, I interviewed Oscar Segura who works for Port of Seattle.
During our interview, the information asset we assessed was employee account information. The
assessment took place on November 7, 2018. The purpose of assessing employees’ account
information was to see what are the chances that the employee’s account information would be
compromised.

Identified Risks and Common Risk Themes
There were some area of concerns that I have discovered while the assessment was in-progress.
One of those concerns was a disgruntled employee may release an employee’s account
information. Other areas that were also a concern was a hacker may gain access to employee’s
account information in the following ways. An intruder could gain access to the access panel on
the parking garage fare kiosk and plug a hacking device such as a keyboard or a flash drive. The
Wi-Fi connection from the internal network to the parking garage fare kiosk machine could be
intercepted by an unauthorized individual. Finally, an unauthorized individual could access the
room where the locked containers are stored.
These are the different risk areas that I found within my assessment at the Port of Seattle.

Summary of Proposed Mitigation Activities
The common thing to do when you are mitigating risks is to first start with the basic assessment.
A basic assessment can be something like evaluating the systems settings that has been set by
default; such as a type of encryption, is the computer’s hard drive encryption enabled or
disabled, internet security settings configured or not, etc. these are the general things that would
need to be examined before deciding which security controls to implement to the computer
system.
The proposed mitigation methods are dependent on the area of concerns and findings that were
found during the assessment. For example, an intruder using Wi-Fi to try to obtain information
from the kiosk machine is an area of concern. So, this is the area that will be assessed and
findings that were found would be the evidence to determine which security control would be
appropriate to implement that will resolve this area of concern. Generally, you would first figure
out what basic security controls are in place and possible vulnerabilities that may occur when
evaluating computer system and its infrastructure.

Risk Assessment Report

$8.49

Get access to the full document:

Purchased by 2 students

100% satisfaction guarantee

Immediately available after payment

Both online and in PDF

No strings attached

Get to know the seller

titanium

4.4

(12)

Reviews from verified buyers

Showing all 4 reviews

luther2480 · 5 reviews

4 year ago

harrisonwhitmyre · 4 reviews

5 year ago

morganford-roberts Information And Communications Technology

5 year ago

dangdongnghi315 It Network Engineering And Administration

5 year ago

4.3

4 reviews

Trustworthy reviews on Stuvia

All reviews are made by real Stuvia users after verified purchases.

Get to know the seller

titanium Central Washington University

View profile

Sold

Member since

8 year

Number of followers

Documents

192

Last sold

2 year ago

IT Emporium: Accelerate Your Technical Success

My name is Joseph, I have a Master's in cybersecurity management and a Graduate Certification in Data Analytics. I also have received my Bachelor's degree in Cybersecurity as well as have obtained several IT certifications. All of the coursework assignments (undergraduate and graduate) have been uploaded to my Stuvia store. The purpose of me sharing my course assignments and study guides is to help other students get a better understanding of the IT-related subject areas that they are pursuing. All study materials I have built contain questions and answers to the courses I have taken. My university degrees are a combination of business and Information Technology. Some of the course study materials are business and administrative management related with two specializations which are cybersecurity and data analytics.

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their exams and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can immediately select a different document that better matches what you need.

Pay how you prefer, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card or EFT and download your PDF document instantly.

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying this summary from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller titanium. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy this summary for $8.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews) 46153 documents were sold in the last 30 days Founded in 2010, the go-to place to buy summaries for 15 years now

IT Security Risk Assessment

Connected book

Written for

Document information

Subjects

Content preview

Reviews from verified buyers

Get to know the seller

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Didn't get what you expected? Choose another document

Pay how you prefer, start learning right away

Frequently asked questions

What do I get when I buy this document?

Satisfaction guarantee: how does it work?

Who am I buying this summary from?

Will I be stuck with a subscription?

Can Stuvia be trusted?