Free Essay

Risk Assessment Plate

In:

Submitted By basherbear
Words 1455
Pages 6
Richman Investments Risk Assessment Plan There are currently 5000 Employees at Richman Investments. There are 2000 computers spread out between the 7 locations across the United States and the one sight in Canada. After having a security audit I have come to realize there are many security risks at Richman. I will go over a few risks and hopefully from this presentation I will have the ability to start a companywide project to correct all of these risks.
List of Risks:
1. Wireless mice and keyboards
2. Bluetooth being enabled on Laptops
3. Wireless network signals reaching outside of buildings
4. Passwords Policies
5. No NAT between the internal and external networks.
6. Too many/the wrong people have admin rights.
7. Cell phones
8. Out of date security policy
9. Different types of computer programs
10. To many active directory forests
11. No policy on removal able media.

How to Handle the Risks of Wireless Devices A lot of employees will say they cannot work without their wireless keyboards and mice. This will probably be the hardest policy to enforce. Knowing what can happen from a simple wireless mouse and keyboard set up I do not think it would be wise to allow the use of these devices within Richman Investments. If an employee is using a certain wireless keyboard and mouse set there is a chance of someone else using the same type and being able to control their computer form up to a football field’s length away. When a key is pressed on the keyboard or a button is pressed on the mouse it is transmitted to the receiver through and RF (Radio Frequency) signal, a signal similar to that of a wireless network except a lot less secure. Data transmitted over a wireless network is automatically encrypted. The signal sent to a wireless peripheral receiver has little to no encryption on it. With the proper software a hacker could easily gain access to your network from that radio frequency. People will argue that the signal from wireless peripherals is too low for anyone farther away than 10 feet will not be able to gain access. In some cases this may be true but even if that is true not all hackers are people outside of the company. In this line of work I do not think we should chance it. The cost to replace all wireless devices with wired devices is going to be a lot less than the cost of repairing all the damage that one hacker can do to this system.

How to handle the risks of Bluetooth Devices When dealing with Bluetooth devices all the vulnerabilities that exist in a conventional wired network apply to this wireless technology. Most people do not think that the range of a cell phones Bluetooth device is wide enough to propose a security risk. This is not accurate. Hackers can gain access to all the data on your cell phone through that Bluetooth connection. They would have your entire contact list and if you have a smart phone with your email linked up to it then they will have access to all of your emails. Even if you do not think you have anything important in your email, to the right hacker that information is golden. On top of stealing all your information on your phone the hacker can also corrupt the data so that you will not be able to use it anymore. Also a lot of laptop computers have Bluetooth built into them. This works almost the same way as the cell phone Bluetooth except they will have access to your PC rather than your phone. Obviously you do not want a hacker roaming around your pc. If that PC is connected to a file server with the login name and password saved then they now have access to the entire file server and everything on it. The employee can just as easily use a wired headset to talk hands free. The bottom line is that Bluetooth devices are not safe and should not be used on any company cell phone.

How to handle wireless signals reaching outside buildings
Another issue that is very common is the range of the wireless signals broadcast from wireless routers. Most businesses need wireless access throughout their building. The problem is that terminating the wireless signal before it reaches outside the building is not a very easy process and is usually best discussed before the building is built. Almost any type of metal wall will terminate wireless signals. But unless metal sheets are put into the walls when the building was first built then ripping out walls in order to install metal sheets is not really an option. So in order to solve this problem we have to take in to account the range of the wireless signal and the strength of the password to get on the wireless network. We should not rely on what the router says is the max range of the wireless signal. The router should be deployed then have someone go just outside the building and test for the wireless signal. If the wireless signal can be picked up then the range on the router should be dialed back a step then tested again. If the signal is too weak inside the building then we will turn the router strength back up and discuss a STRONG password for the wireless network. This password should be at least 25 characters and should also be alphanumerical. This password should only be known by the IT department. If an employee has lost connection to the network then they will have to call IT to come and type in the password to get them back on. This is to prevent the password being written down on a sticky note and posted on some ones monitor or under the keyboard.

Password Policies Password Policies have to be put into place and ENFORCED. Passwords should expire every 90 days. The following is a example calculation done by www.hitachi-ID.com:
• Assumptions: o Encrypted passwords are not available to an attacker and consequently passwords can only be guessed at a rate of 100/second (this number is high / conservative for an over-the-network attack). o An attacker can make an unlimited number of guesses without being detected (this is easy to fix). o Passwords are changed, at most, every 90 days.
• Objective: the attacker's probability of success should be no more than 1%.
• Technical constraints: passwords may only contain lowercase letters, uppercase letters and digits.
• Calculation: o An attacker can make 90 x 24 x 60 x 60 x 100 = 777,600,000 guesses before a password will expire. o There should be 77,760,000,000 possible passwords -- about 8e10. o From the above table, a 7 character password is sufficient, so long as users don't pick easily guessed values (e.g., their name or a dictionary word).
When you think of someone guessing your password you tend to think of them sitting in front of your computer for hours trying to get it right. However, there is such a thing as a Brute Force attack which is when a person or a program just keeps trying different combinations until it gets one right. The hacker does not need to be anywhere near your computer. They can launch this attack remotely and still succeed.
NAT between Internal and External networks According to farpost.com “NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses”. Without NAT in place people who can get on the public network can also gain access to our network resources. Of course all of our network resources have passwords in place but that may not stop a dedicated hacker in time. Our main goal with this proposal is to secure our data in every way possible. In order to do that we must seal or prevent any security holes. This would be a huge hole in our security that can easily be fixed. It may require some additional hardware if the routers that are in place now do not have NAT then we will need to purchase some that do. We would need at least 1 router with NAT at each location in order to keep the our network away from the public view.

Similar Documents

Premium Essay

Risk Assesment

...Running Head: RISK ASSESSMENT PLAN Risk Assessment Plan Therese Kress MGT. 401 Hazardous Materials Management Instructor Stephen Griffith October 6th, 2014 RISK ASSESSMENT PLAN Risk Assessment Plan Holding the position of ‘Risk Manager” can be a daunting task. Their role is to advise their company of any potential risks that might exist within the organization, its employees, customers, and even its reputation. A risk managers job tasks depend on the industry in which they work in, and the level at which they are working at. Their major job duties are to identify and assess hazards, put safety plans in place, and determine how to avoid, reduce, or eliminate the risks altogether. That is why in the 1970’s the “Occupational Safety and Health Act (OSHA) established three permanent federal agencies to help with accessing such issues. The Occupational Safety and Health Administration (OSHA) to set and enforce standards, the National Institute for Occupational Safety and Health to conduct research on workplace hazards, and the Occupational Safety and Health Review Commission (OSHRC) to referee any workplace challenges” (Matthews, P.2011). These three departments were established to set guidelines by which companies both large and small, could follow to minimize the potential risks within the workplace. At my place of employment, Generator Services, we do have a Risk Assessment Plan that observes a safe...

Words: 2043 - Pages: 9

Premium Essay

Risk Oversea

...HIGH RISK POLICY INTRODUCTION 1 RISK ASSESSMENT 3 RIGHT TO DECLINE 4 EMERGENCY PLANNING - CRISIS MANAGEMENT 4 RESPONSIBILITIES 6 VIOLENCE 13 INTRODUCTION The BBC has special arrangements in place for high risk work. This includes deployments to hostile environments, undertaking activities such as covert filming of dangerous groups, and covering events such as terrorist incidents, natural disasters or pandemic diseases.  High Risk is defined more fully below. Definition of High Risk & Travel Advisory terms High Risk is defined as a significantly higher than normal risk of death or serious injury resulting from: • Hostile Environments – a country, region or specified area subject to war, insurrection, civil unrest, terrorism or extreme levels of crime, banditry, lawlessness or public disorder; or areas with extreme climate or terrain. • High Risk Activities - investigations involving covert surveillance or filming and/or confrontation of terrorist, serious criminal, extremist or violent political groups. • High Risk Events -riots, civil disturbance or extreme public disorder, terrorist or armed criminal incidents such as hi-jacking or sieges, any event involving chemical, biological or radiological (CBR) substances, extreme climatic events and natural disasters such as hurricanes, severe floods, earthquakes, volcanic eruptions, etc. or outbreaks of serious diseases and pandemics. Travel Advisory Areas are countries that have specific safety or security...

Words: 4334 - Pages: 18

Premium Essay

Analysis of the Regency Plaza Case Study

...Analysis of the Regency Plaza case study 4.0 Risk Evaluation and Management of Regency Hotel Project Any project will presents risk elements that represent opportunities or threats that can undermine the smooth running or even completion of the project. Similarly the Regency Plaza project with its high stake of the deliverables, careful managing of risk should be top priority. Using the four stages of Risk Management framework, we shall attempt to evaluate how well risk was managed in the case Regency Plaza project. 4.1 Risk Identification: Sources of Risk Identifying the sources of risk is paramount; detect as many as possible and should be directly related to the project objectives. Uncertainties will happen during the project runtime; hence identification of all possible of risk elements should be meticulously specified, and in the case of Regency Plaza, it can be associated with the design, development, quality, staffing, schedule and budget. Since the Regency Plaza was a mixed use project, and being the first of its kind undertaken by the Group, they may lack the experience in running this project. This was further compounded by the complication of the size and layout of the floor plate in terms of the difficulty of designing a structure to accommodate condominiums over the hotel rooms, seated over a parking garage. Elevator core location and column spacing were essentially fixed by these constraints. At the same time issues such as length of the hallways, floor...

Words: 1267 - Pages: 6

Free Essay

Third Edition

...Laboratory biosafety manual Third edition World Health Organization Geneva 2004 WHO Library Cataloguing-in-Publication Data World Health Organization. Laboratory biosafety manual. – 3rd ed. 1.Containment of biohazards - methods 2.Laboratories - standards 3.Laboratory infection - prevention and control 4.Manuals I.Title. ISBN 92 4 154650 6 (LC/NLM classification: QY 25) WHO/CDS/CSR/LYO/2004.11 This publication was supported by Grant/Cooperative Agreement Number U50/CCU012445-08 from the Centers for Disease Control and Prevention (CDC), Atlanta, GA, USA. Its contents are solely the responsibility of the authors and do not necessarily represent the official views of the CDC. © World Health Organization 2004 All rights reserved. Publications of the World Health Organization can be obtained from Marketing and Dissemination, World Health Organization, 20 Avenue Appia, 1211 Geneva 27, Switzerland (tel: +41 22 791 2476; fax: +41 22 791 4857; email: bookorders@who.int). Requests for permission to reproduce or translate WHO publications – whether for sale or for noncommercial distribution – should be addressed to Publications, at the above address (fax: +41 22 791 4806; email: permissions@who.int). The designations employed and the presentation of the material in this publication do not imply the expression of any opinion whatsoever on the part of the World Health Organization concerning the legal status of any country, territory, city or area or of its authorities, or concerning...

Words: 50038 - Pages: 201

Premium Essay

Business at It's Best

...Management Fall 2009 Non-financial risk assessment in mergers, acquisitions and investments Identifying sources of business risk in the ICT industry Bachelors thesis Erik Allenstr¨m, 1984-11-26 o Fredrik Njurell, 1984-01-30 ¨ Tutor: Osten Ohlsson January 14, 2010 Abstract The number of company mergers and acquisition activities has increased dramatically the last two decades. The reasons for conducting these activities are many and the uncertainties of their results are high. To reduce the uncertainties when making an investment, merger or acquisition it is vital to do a thorough assessment of the risks involved with the activity. This thesis focuses on a specific part of this risk assessment, namely the non-financial risks. Mergers and acquisitions are done in almost all industries around the world and the reasons for and benefits of these activities can vary between industries. We have chosen to investigate the risk assessment of non-financial risks in the Information and Communication Technology (ICT) industry. The thesis aims at investigating what business characteristics, for companies in the ICT industry, that give rise to non-financial risks that must be assessed when doing investments, mergers or acquisitions. Further on we present a risk pattern that points out what business characteristics that are the most important when conducting a risk assessment of non-financial risks on companies in the ICT industry. From a literature study we find evidence that ten different...

Words: 24602 - Pages: 99

Premium Essay

Purchasing a House Risk Paper

...Running head: PURCHASING A HOUSE RISK PAPER Purchasing a House Risk Paper Keller Graduate School of Management Project Risk Management PROJ 595 Dr. Susan Orr August 04, 2013 Purchasing a House Risk Paper INTRODUCTION The many advantages to owning a home have been well publicized. However, the above satistics make it clear that owning a home is not without risk. To form a complete picture, you, the prospective buyer, need to consider the potential risks and disadvantages of home ownership as well. Understanding these disadvantages beforehand will give you a better chance of minimizing their impact and avoiding the fate suffered by these homeowners. RISKS IDENTIFICATION There are many risks in buying a new house such as: • The opportunity cost of investing in an alternative investment is very high because the entire cash and future income stream is tied up into one asset a home, which may or may not appreciate. • The house is an undiversified investment, so if the market tanks as it has, game over. • Knowing that we do not own our home, the bank does. • A lot of cost connected to home ownership, such as repairs and insurance and fees and potential hazards I have not considered. • If I lose my job, game over, this will put a lot of stress on me. • There is a chance that your new home will lose value. Luckily, in general, the longer you own your home, the less likely a loss becomes. Loss of value is typically a short-term problem, possibly due to the local...

Words: 1117 - Pages: 5

Premium Essay

Risk Management Overview

...Risk Management Overview February 21, 2011 FIN/415 Risk Management Overview Paper Risk management is a systematic process of managing the exposure of the organization to a variety of risks. This process has become increasingly important for the success of any organization in current competitive markets. The successful identification of threats and opportunities is crucial in risk management as it allows to create the processes and procedures allowing the company to maximize opportunities and minimize threats. Many organizations treat risk management seriously and create separate department responsible solely for risk management. Royal Caribbean Cruise Line incorporated risk management department into its structure. This step allowed this organization to improve the risk assessment procedures and introduce the necessary processes to minimize the impact of threats. The organizational risk relates to the organizational governance, operations, and information systems. The organizational risk management “provides assurance for reliable and accurate financial and operational information and reporting, effectiveness and efficiency of operations, and safeguarding of assets, as well as compliance with regulations, contracts, and the organization’s code of ethics” (Aghili, 2010, p. 23). Organizational risk management treats the relates to the organization as one entity and...

Words: 940 - Pages: 4

Premium Essay

Internal Control Checklist

...management take quick and appropriate action as soon as there are any signs that a problem may exist? Management fosters and encourages an agency culture that emphasizes the importance of integrity and ethical values. This may be achieved through oral communications in meetings, via one-on-one discussions, and by example in day-to-day activities? Are there formal job descriptions or other means of identifying and defining specific tasks required for job positions established and up-to-date? Phase II-Assessment Risk Assessment N/A YES NO Comments Does management provide a sound basis for setting realistic and achievable goals and does not pressure employees to meet unrealistic ones? Are formal unit-wide mission or value statements established and communicated throughout the organization? Are employees at all levels represented in establishing objectives? Are risk management program in place to monitor and help reduce exposures? Are measures in place to identify and react to technological changes in the functional requirements of the organization? Does management promote continuous improvement and solicit input and feedback on significant changes? Phase III-Testing Control Activities N/A YES NO Comments Are employees aware of what kind of behavior is...

Words: 458 - Pages: 2

Premium Essay

Risk Assessment

...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies and...

Words: 4331 - Pages: 18

Premium Essay

Auditing Ethics Challenge

...A class website will be established and maintained throughout the course on Blackboard (go to http://www.unt.edu/ and click the link at the top for “Blackboard”). Course materials such as notes will be available on Blackboard. You are responsible for anything that I note through Blackboard emails and announcements. Course Description: Introduction to auditing and the professional responsibilities of a career in any specialty of the accounting profession. Topics include the legal and ethical responsibilities of accountants; professional auditing standards; the audit risk model; the acquisition, evaluation and documentation of audit evidence; reports on the results of the audit engagement. Learning Objectives: When you complete this course, you should:  Understand the audit process, including audit procedures, and audit reports  Understand the professional responsibilities of CPAs  Understand audit risk assessments and planning  Be able to research auditing standards  Be able to identify fraud red flags Methods of Instruction: Lecture, discussion, and application. Course...

Words: 1658 - Pages: 7

Premium Essay

Third Party Relationship Policy

...for a maximum benefit with the least amount of risk. Senior management must ensure that all risks have been taken into consideration along with the benefits to the CU and its members, and that the risks and returns are acceptable. Careful consideration must be given to the potential risks of these relationships and how best to manage them in specific regard to the amount of control given to the vendor vs. related risks in a given situation. The length of time ___FCU has worked with a vendor will directly influence the components and depth with which a relationships in which our expectations have been met. Critical Vendor The Board has defined a “Critical Vendor” as a vendor that provides a unique service of high importance to ___FCU that cannot be easily replaced in the event the vendor is no longer able to perform. Planning and Assessment ___FCU will use the Service Provider spreadsheet to document all risk assessments. Critical vendors: There must be planning and an initial risk assessment prior to entering into any new critical vendor relationship. Multiple vendors (at least 2) must be considered. Senior management should review all the information in detail before making its final choice. The initial review should take into consideration at a minimum as applicable, the following risks areas: credit, interest rate, liquidity, transaction, compliance, strategic, and reputation, with the main focus being the risk to membership...

Words: 456 - Pages: 2

Premium Essay

Zzhcs 334

...Risk Management Assessment Survey Prairie Lakes Hospital serves the northeastern area of South Dakota. Prairie Lakes measure the progress made by accounting for all goals meet and adding additional goals for each care management initiative. This focus will improve the quality of health care provided to clients. At one time risk management meant the management of any potential claims from potential malpractice, workers’ compensation, casualty, and property losses. This basically includes protection and prevention of accidents in any organization (MHHS, 2011). Currently risk management must take on a more global definition that includes the enterprise of financial management (McGuire, 1995). Prairie Lakes Hospital has taken steps to prevent losses by predicting potential problems and creating an action plan and teams of individuals to track any changes in a given area. Risk managements purpose in health care is to protect patient safety, quality of services, staff and visitor protection, financial losses, risk detection and prevention (MHHS, 2011). Prevention of financial losses can be found done by evaluation of the hospitals finances on a regular basis. Overall risk management protects the organization’s assets and continually identifies and addresses the sources of all risks and losses of an organization. Risk management’s goal is to protect the assets of an organization and work to identify and fix all areas and sources of risk. In the case of Prairie Lakes Hospital...

Words: 914 - Pages: 4

Premium Essay

Fraud Triangle

...AC572 You Decide Jan. 24, 2011 When evaluating this case using the three elements of the fraud triangle I have concluded that the potential pressures for Chris to commit fraud are greater than for others. The pressure is from Chris himself because he wants what others have or what he doesn’t have. This is due to the fact that Chris is young and impressionable may feel as though he doesn’t make enough money to obtain the material possession he desires or see others with. He may also be of the mindset that “he wants it now” it being the latest technology. This younger generation seems to feel entitlement instead of working and earn it. This may be due to their upbringing. Although my generation had things we worked for them and with our parents/families help we were able to obtain those things we wanted. We live in a technology savvy society so if you don’t have the last gadget then you may be looked upon as not having the means to acquire these things or not technologically savvy enough to want or have these items. Having the latest gadgets is a societal status symbol, the more you have…. the more you have meaning money. Chris may have friends that have the latest and greatest technology and he maybe envious of them and desire to acquire those things as well but not on his salary in his mind. So he must find a way to get either more money or a way to acquire the latest and the greatest in technology. The potential opportunities for Chris to commit fraud are great...

Words: 1080 - Pages: 5

Premium Essay

Risk Managment

...RISK PM595 Initial information used in phase 1 of the assessment process is based on project documents and the request for tender itself. Information for Phase 2 is derived from individual tenderer’s response. In phase 1, an appropriate system or element structure for examining the tender is developed and semi-quantitative approach is used to assess the likelihood of risks arising in each element and their consequences and then derive a baseline priority for each element and the project. In phase 2, the evaluation is modified according to the detailed approach each tenderer intends to adopt, and that tenderer’s capabilities. According to the text book some of the objectives of the risk assessment in tender evaluation are to provide an initial indication of where the major risks might arise in the project, prior to receipt or detailed examination of tender responses, based on a set of credible assumptions about how the project might be conducted. It also develops a risk baseline against which individual tender responses can be compared. It assist the project team to focus on potential risk areas, it provides a risk profile for each tender offer submitted and provides a documented audit trail. In Phase 1 a baseline is established against which tenders can be assessed before bids are received. In Phase 2 each submitted tender offer is compared with the baseline to develop a comparative risk assessment for each one. In phase 1 the structured and documented risk assessments...

Words: 844 - Pages: 4

Premium Essay

Chapter 8,9, 10 Study Guide

...software and other programs that end users interact with? Application Question 3 Identify the configuration that is best for networks with varying security levels, such as general users, a group of users working on a secret research project, and a group of executives. Multilayered firewall Question 4 Identify a security objective that binds a message or data to a specific entity and adds value to relationships between businesses. digital signature Question 5 A(n) ________ addresses gaps or weaknesses in controls that could otherwise lead to an exploit. safeguard Question 6 A _________ can be a situation or method that might accidentally trigger a vulnerability. threat source Question 7 What does risk management directly affect? Security controls Question 8 Identify the primary advantage of IPv6 over IPv4. Larger address space Question 9 Which of the following is a weakness of WLANs? SSID beaconing Question 10 Identify the configuration that is best for hosting a public Web site or your own e-mail server, for which you need to allow inbound connections on a limited basis. Screened subnet firewall Question 11 Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature. Nonrepudiation Question 12 Which of the following is a cipher that shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back...

Words: 400 - Pages: 2