SlideShare a Scribd company logo

1. Written assignmentscommunication must demonstrate professional.docx

Download as DOCX, PDF
P
paynetawnya

The document outlines formatting and communication standards for written assignments, emphasizing professionalism and proper grammar. It also details various vulnerabilities and threats along with suggested mitigation steps, presenting a comprehensive risk assessment framework for technology systems. Key aspects include adherence to formatting rules, the importance of security measures, and the need for continuous employee training to mitigate risks.

Education
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
1. Written assignments/communication must demonstrate professionalism, proper grammar, spelling and clarity of communication. Assignments handwritten or single-spaced will not be accepted. Poorly written assignments will receive a lowered grade. Do not let the power of your ideas be affected by poor grammar, spelling or clarity. Here are the formatting requirements for the files: · Must have a cover page showing the title of the paper, due date, authors of the paper and class# · In doc or docx format only (submissions other file formats will receive no credit) · Margins1”,top, bottom, right and left · Acceptable fonts: Arial or, Times new roman · Font color: black – Using other colors on the cover page is allowed · Font height: 12 pts. · Line spacing: double Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne Ranking The Pairs
Vulnerability Threat Probability Impact Suggested Mitigation Steps Activity Monitoring Security scans and Intrusion deception systems 3 (High) 3(High) (6) Firewall and Security System monitoring will be up-to-date and logs will be looked at once a week unless others needed Patch levels Unnecessary exposure to known attack vectors 3 (High) 3 (High) (6) Use of vulnerability scanning tools to monitor unpatched systems. A policy that includes the governance, standards and schedule of patching. Employment of best practice patch methods and procedures. Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees) Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 3 (High) 3 (High) (6) Ensure company security policy is in effect immediately following a terminated employee.
Poor implementation of file export capability in business enterprise software. Asset leakage which can happen through brute force attacks and even guesswork. 3 (High) 3 (High) (6) Enterprise Resource Planning (ERP). Use of session cookies to maintain state over HTTP browsers. The cookies could be reverse engineered and leading to attackers identifying loopholes in the logic. 2 (Med) 3(High) (5) Store no sensitive or secure data in cookies or other headers, insure you have an expirations time OS command execution in function modules. An attacker could have the ability to execute OS commands even without authorization. 2 (Med) 3 (High) (5) CALL 'SYSTEM'/ SAP authorizations Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, were found to be vulnerable to password sniffing and replay attacks. A captured command can be replayed later to open the locks. Giving access to Highly Secured Areas. - Loosing Critical Information and Data within Organizational systems. 2 (Med) 3 (High) (5) Ensure latest door lock and padlock software, along with all drivers are updated. Susceptibility to dust, heat and humidity - Hardware failure 2 (Med)
3 (High) (5) Prepare and initiate proper preventive maintenance techniques on equipment. Properly weatherproof all locations with IT equipment. Data centers in geographical locations prone to natural disasters - Full-scale service outage 2 (Med) 3 (High) (5) Evaluate and implement measures that support Disaster Recovery (DR) capabilities in geographical locations not prone to natural disasters. The use of tokens in conducting authenticated application Profile extractions using these tokens 2 (Med) 3 (High) (5) Enterprise IT Policy/Standard Statement Unsecured administrative interfaces Open attack or abuse broadsides to mission critical systems 2 (Med) 3 (High) (5) Properly secure administrative interfaces, assign IP access lists and install SSL certificates. User Account Management Restrictions on Folders, Directories - Read or Modified 2 (Med) 3(High) (5) Only people that need access to certain groups will have access to files for RW modification Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating
thermostat functionality. 2 (Med) 3(High) (5) Training of employees will be 6-12 months with employees that are 1-5 years’ new hires will be trained for 6 months and then again at end of year. Firewalls Access from an IP that is not blocked on network 1(Low) 3 (High) (4) Firewalls will have the latest Firmware and will be Pen tested regularly Inadequate continuity planning Extended outages and business loss 1 (Low) 3 (High) (4) Develop a concise Business Continuity Plan (BCP) that covers all business processes. Access Control w/ Auditing Un-authorization to a controlled area 2 (Med) 2 (Med) (4) Badge employees only match with PIN access. Violation and Security Activity Reports . Manipulation of logs 2 (Med) 2 (Med) (4) Logs will be checked and backed up in different locations and more than one person will have access to them Physical access to critical equipment (Data Center) Damage or unauthorized access to enterprise assets 1(Low) 3 (High) (4) Properly secured physical data center access points. The use of NFC key cards, access lists and controlled access hours.
Default credentials on network devices Unauthorized of unintended access to network devices 1 (Low) 3 (High) (4) Policy and procedure regrading password policy on network devices as well as policy or procedure for the installation that addresses changing the default password. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Wheelchair Technology A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. Using technology in highly populated areas, and hacking medical devices etc. 1 (Low) 3 (High) (4) Configure security settings on wheelchair technology to prevent access. Social engineering attacks. Employees are a weak link that can be exploited. They could click on infected links and download infected files. They could infect computer systems or even create backdoors that could be used later to access the company networks 3 (High)
1 (Low) (4) Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks. Inadequate video surveillance (internal) - Internal threats; stolen secrets or product; physical activities not reviewable 1 (Low) 2 (Med) (3) Implement surveillance cameras in all locations holding products or sensitive equipment. Inadequate video surveillance (external) - External threats; competitor surveillance; staff safety; physical activities not reviewable 1 (Low) 1 (Low) (2) Implement surveillance cameras covering entrance and exit points, as well as early/late staff parking. Compromise of user credentials due to inadequate user training. Damage to the CIA triad 2 (Med) 1 (Low) (3) Proper role based access and adequate user training will prevent or significantly limit the impact of this threat. Overlooking non-traditional IP devices I.E. building controls, POS, medical equipment Unsecured unmonitored devices on the network 1 (Low) 1 (Low) (2) Ensuring that non-essential building controls or equipment resides on its own physical and logical network.
Thermostat Vulnerability A thermostat from Trane used a weak plain text protocol. - Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 1 (Low) 2 (Med) (3) Secure capabilities of thermostat functionality via plain text protocol. Running head: RANKING THE PAIRS 1 RANKING THE PAIRS 4 Running head: RANKING THE PAIRS 1
Ranking The Pairs Team "A" CMGT/430 September 29 , 2016 Richard Zinne Running head: RANKING THE PAIRS 1 Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne

More Related Content

DOCX
Riordan Network VulnerabilitiesVulnerabilityThreatProbabil.docx
joellemurphey
 
PPT
Cyber crime with privention
Manish Dixit Ceh
 
PPTX
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
PPTX
Attacker scenarios and threats description.pptx
amare63
 
PPTX
Enterprise IT Security| CIO Innovation and Leadership
RedZone Technologies
 
DOCX
Part 3 ApplicationEnd-User Security Recommendations.docx
danhaley45372
 
PPTX
Presentation1 A.pptx
RabinBidari
 
PPTX
Tsc2021 cyber-issues
Ernest Staats
 
Riordan Network VulnerabilitiesVulnerabilityThreatProbabil.docx
joellemurphey
 
Cyber crime with privention
Manish Dixit Ceh
 
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Attacker scenarios and threats description.pptx
amare63
 
Enterprise IT Security| CIO Innovation and Leadership
RedZone Technologies
 
Part 3 ApplicationEnd-User Security Recommendations.docx
danhaley45372
 
Presentation1 A.pptx
RabinBidari
 
Tsc2021 cyber-issues
Ernest Staats
 

Similar to 1. Written assignmentscommunication must demonstrate professional.docx (20)

PDF
BEST CYBER SECURITY PRACTICES
Happiest Minds Technologies
 
PDF
IS Risk Assessment example
Ramiro Cid
 
PPTX
HIPAA Safeguard Slides
projectwinner
 
DOCX
Policy for PDO
Hajer alriyami
 
PDF
Information Security Risk Management
ipspat
 
PPT
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
PDF
Azstec cyber-security-workbook
Yulia Dianova
 
PPTX
Privacies are Coming
Ernest Staats
 
PPTX
A guide to Sustainable Cyber Security
Ernest Staats
 
PDF
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
PPTX
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
DOCX
Discuss how a successful organization should have the followin.docx
salmonpybus
 
DOCX
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
PDF
Optimizing The Healthcare Stack for Performance_Protected Harbor eBook
Protected Harbor
 
PPTX
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
technext1
 
PPTX
Critical Controls Of Cyber Defense
Rishu Mehra
 
DOCX
Cst 630Education Specialist / snaptutorial.com
McdonaldRyan79
 
PDF
CIA-Triad-Presentation.pdf
BabyBoy55
 
PDF
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
PPTX
Privacies are coming
Ernest Staats
 
BEST CYBER SECURITY PRACTICES
Happiest Minds Technologies
 
IS Risk Assessment example
Ramiro Cid
 
HIPAA Safeguard Slides
projectwinner
 
Policy for PDO
Hajer alriyami
 
Information Security Risk Management
ipspat
 
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Azstec cyber-security-workbook
Yulia Dianova
 
Privacies are Coming
Ernest Staats
 
A guide to Sustainable Cyber Security
Ernest Staats
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Discuss how a successful organization should have the followin.docx
salmonpybus
 
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
Optimizing The Healthcare Stack for Performance_Protected Harbor eBook
Protected Harbor
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
technext1
 
Critical Controls Of Cyber Defense
Rishu Mehra
 
Cst 630Education Specialist / snaptutorial.com
McdonaldRyan79
 
CIA-Triad-Presentation.pdf
BabyBoy55
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
Privacies are coming
Ernest Staats
 

More from paynetawnya (20)

DOCX
YThis paper is due Monday, 30 November. You will need to use at leas.docx
paynetawnya
 
DOCX
You  have spent a lot of time researching a company.  Would you inve.docx
paynetawnya
 
DOCX
ZXY Corporation has relocated to a new building that was wired and s.docx
paynetawnya
 
DOCX
Zero Describe the system (briefly!).  As in I’m going to talk ab.docx
paynetawnya
 
DOCX
Youre the JudgeThis week, you are a judge in a federal district c.docx
paynetawnya
 
DOCX
Your Week 2 collaborative discussion and the Ch. 2 of Introduction.docx
paynetawnya
 
DOCX
Your thesis statement will explain the ambiguity of why Prince hal b.docx
paynetawnya
 
DOCX
Your textbook states that body image—how a person believes heshe .docx
paynetawnya
 
DOCX
Your textbook discusses various cultural models in terms of immigrat.docx
paynetawnya
 
DOCX
Your team has been given the land rights to an abandoned parcel of.docx
paynetawnya
 
DOCX
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docx
paynetawnya
 
DOCX
Your RatingGroup DiscussionDelinquency Prevention Please .docx
paynetawnya
 
DOCX
Your report due in Week 6 requires you to look at tools of liquidity.docx
paynetawnya
 
DOCX
Your Project Sponsor pulls you aside and admits that he has no idea .docx
paynetawnya
 
DOCX
Your progress on the project thus far. Have you already compiled i.docx
paynetawnya
 
DOCX
Week 6 - Discussion 1Evaluate the characteristics of each mode o.docx
paynetawnya
 
DOCX
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
paynetawnya
 
DOCX
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
paynetawnya
 
DOCX
Week 5 eActivityRead the Recommendation for Cryptographic Key.docx
paynetawnya
 
DOCX
Week 5 DiscussionNetwork SecuritySupporting Activity Netw.docx
paynetawnya
 
YThis paper is due Monday, 30 November. You will need to use at leas.docx
paynetawnya
 
You  have spent a lot of time researching a company.  Would you inve.docx
paynetawnya
 
ZXY Corporation has relocated to a new building that was wired and s.docx
paynetawnya
 
Zero Describe the system (briefly!).  As in I’m going to talk ab.docx
paynetawnya
 
Youre the JudgeThis week, you are a judge in a federal district c.docx
paynetawnya
 
Your Week 2 collaborative discussion and the Ch. 2 of Introduction.docx
paynetawnya
 
Your thesis statement will explain the ambiguity of why Prince hal b.docx
paynetawnya
 
Your textbook states that body image—how a person believes heshe .docx
paynetawnya
 
Your textbook discusses various cultural models in terms of immigrat.docx
paynetawnya
 
Your team has been given the land rights to an abandoned parcel of.docx
paynetawnya
 
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docx
paynetawnya
 
Your RatingGroup DiscussionDelinquency Prevention Please .docx
paynetawnya
 
Your report due in Week 6 requires you to look at tools of liquidity.docx
paynetawnya
 
Your Project Sponsor pulls you aside and admits that he has no idea .docx
paynetawnya
 
Your progress on the project thus far. Have you already compiled i.docx
paynetawnya
 
Week 6 - Discussion 1Evaluate the characteristics of each mode o.docx
paynetawnya
 
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
paynetawnya
 
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
paynetawnya
 
Week 5 eActivityRead the Recommendation for Cryptographic Key.docx
paynetawnya
 
Week 5 DiscussionNetwork SecuritySupporting Activity Netw.docx
paynetawnya
 

Recently uploaded (20)

PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Trump Administration's workforce development strategy
Mebane Rash
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 

1. Written assignmentscommunication must demonstrate professional.docx

  • 1. 1. Written assignments/communication must demonstrate professionalism, proper grammar, spelling and clarity of communication. Assignments handwritten or single-spaced will not be accepted. Poorly written assignments will receive a lowered grade. Do not let the power of your ideas be affected by poor grammar, spelling or clarity. Here are the formatting requirements for the files: · Must have a cover page showing the title of the paper, due date, authors of the paper and class# · In doc or docx format only (submissions other file formats will receive no credit) · Margins1”,top, bottom, right and left · Acceptable fonts: Arial or, Times new roman · Font color: black – Using other colors on the cover page is allowed · Font height: 12 pts. · Line spacing: double Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne Ranking The Pairs
  • 2. Vulnerability Threat Probability Impact Suggested Mitigation Steps Activity Monitoring Security scans and Intrusion deception systems 3 (High) 3(High) (6) Firewall and Security System monitoring will be up-to-date and logs will be looked at once a week unless others needed Patch levels Unnecessary exposure to known attack vectors 3 (High) 3 (High) (6) Use of vulnerability scanning tools to monitor unpatched systems. A policy that includes the governance, standards and schedule of patching. Employment of best practice patch methods and procedures. Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees) Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 3 (High) 3 (High) (6) Ensure company security policy is in effect immediately following a terminated employee.
  • 3. Poor implementation of file export capability in business enterprise software. Asset leakage which can happen through brute force attacks and even guesswork. 3 (High) 3 (High) (6) Enterprise Resource Planning (ERP). Use of session cookies to maintain state over HTTP browsers. The cookies could be reverse engineered and leading to attackers identifying loopholes in the logic. 2 (Med) 3(High) (5) Store no sensitive or secure data in cookies or other headers, insure you have an expirations time OS command execution in function modules. An attacker could have the ability to execute OS commands even without authorization. 2 (Med) 3 (High) (5) CALL 'SYSTEM'/ SAP authorizations Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, were found to be vulnerable to password sniffing and replay attacks. A captured command can be replayed later to open the locks. Giving access to Highly Secured Areas. - Loosing Critical Information and Data within Organizational systems. 2 (Med) 3 (High) (5) Ensure latest door lock and padlock software, along with all drivers are updated. Susceptibility to dust, heat and humidity - Hardware failure 2 (Med)
  • 4. 3 (High) (5) Prepare and initiate proper preventive maintenance techniques on equipment. Properly weatherproof all locations with IT equipment. Data centers in geographical locations prone to natural disasters - Full-scale service outage 2 (Med) 3 (High) (5) Evaluate and implement measures that support Disaster Recovery (DR) capabilities in geographical locations not prone to natural disasters. The use of tokens in conducting authenticated application Profile extractions using these tokens 2 (Med) 3 (High) (5) Enterprise IT Policy/Standard Statement Unsecured administrative interfaces Open attack or abuse broadsides to mission critical systems 2 (Med) 3 (High) (5) Properly secure administrative interfaces, assign IP access lists and install SSL certificates. User Account Management Restrictions on Folders, Directories - Read or Modified 2 (Med) 3(High) (5) Only people that need access to certain groups will have access to files for RW modification Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating
  • 5. thermostat functionality. 2 (Med) 3(High) (5) Training of employees will be 6-12 months with employees that are 1-5 years’ new hires will be trained for 6 months and then again at end of year. Firewalls Access from an IP that is not blocked on network 1(Low) 3 (High) (4) Firewalls will have the latest Firmware and will be Pen tested regularly Inadequate continuity planning Extended outages and business loss 1 (Low) 3 (High) (4) Develop a concise Business Continuity Plan (BCP) that covers all business processes. Access Control w/ Auditing Un-authorization to a controlled area 2 (Med) 2 (Med) (4) Badge employees only match with PIN access. Violation and Security Activity Reports . Manipulation of logs 2 (Med) 2 (Med) (4) Logs will be checked and backed up in different locations and more than one person will have access to them Physical access to critical equipment (Data Center) Damage or unauthorized access to enterprise assets 1(Low) 3 (High) (4) Properly secured physical data center access points. The use of NFC key cards, access lists and controlled access hours.
  • 6. Default credentials on network devices Unauthorized of unintended access to network devices 1 (Low) 3 (High) (4) Policy and procedure regrading password policy on network devices as well as policy or procedure for the installation that addresses changing the default password. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Wheelchair Technology A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. Using technology in highly populated areas, and hacking medical devices etc. 1 (Low) 3 (High) (4) Configure security settings on wheelchair technology to prevent access. Social engineering attacks. Employees are a weak link that can be exploited. They could click on infected links and download infected files. They could infect computer systems or even create backdoors that could be used later to access the company networks 3 (High)
  • 7. 1 (Low) (4) Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks. Inadequate video surveillance (internal) - Internal threats; stolen secrets or product; physical activities not reviewable 1 (Low) 2 (Med) (3) Implement surveillance cameras in all locations holding products or sensitive equipment. Inadequate video surveillance (external) - External threats; competitor surveillance; staff safety; physical activities not reviewable 1 (Low) 1 (Low) (2) Implement surveillance cameras covering entrance and exit points, as well as early/late staff parking. Compromise of user credentials due to inadequate user training. Damage to the CIA triad 2 (Med) 1 (Low) (3) Proper role based access and adequate user training will prevent or significantly limit the impact of this threat. Overlooking non-traditional IP devices I.E. building controls, POS, medical equipment Unsecured unmonitored devices on the network 1 (Low) 1 (Low) (2) Ensuring that non-essential building controls or equipment resides on its own physical and logical network.
  • 8. Thermostat Vulnerability A thermostat from Trane used a weak plain text protocol. - Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 1 (Low) 2 (Med) (3) Secure capabilities of thermostat functionality via plain text protocol. Running head: RANKING THE PAIRS 1 RANKING THE PAIRS 4 Running head: RANKING THE PAIRS 1
  • 9. Ranking The Pairs Team "A" CMGT/430 September 29 , 2016 Richard Zinne Running head: RANKING THE PAIRS 1 Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne