Free Essay

Threat and Risk Assesment

In:

Submitted By lyanthinel
Words 2034
Pages 9
Below is my quantitative data findings on the threats and vulnerabilities our qualitative research founded in our look into your company. First we will provide some recent attacks that have happened to other companies. Second we will let you know how likely the attack is to occur at your company. Third we will provide you the real number data to support the idea if you should spend money or not on improving your protection from this type of attack.
Spoofing: In 2006 banks were targeted by attackers with a spoofing attack. An article written by McMillan (2006) stated that the attackers were able to hack into the banks' ISP servers and redirect traffic from the legitimate banks' websites to a bogus server. The attackers were able to affect about 20 customers by being able to get them to enter in PINs and other personal information (para. 2). There is an article by Zetter (2012) in which a mathematician noticed that several technology companies and other types of companies used a weak DomainKeys Identified Mail (DKIM) that he was able to break and then use to pretend to be high up personnel in that company. In our report we noted you had in-house servers and the firewalls seem properly configured for outside attacks. In 2014, AOL had its mail service attacked, and the attackers used the email address book to send spam to everyone in the address book as the owner of the email. Spoofing is still a viable attack and even with properly configured network and validation methods human error is still a major contributing factor to spoofing. The major threat here comes from employees surfing the internet such as Facebook and answering personal emails. Under the right conditions, a spoofing attack can be extremely dangerous and the credentials stolen can lead to serious system impact. The major financial loss will come from the public perception of a spoofing attack.
Exposure Factor * Asset value = Single loss expectancy
EF has been determined to be 40% or .4
AV has been determined to be 1 in 5 customers take their revenue with them as they move to another company due to bad publicity in a spoofing attack, revenue from customers is estimated at $1,000,000 so 20% of that will be $200,000.
The SLE is now .4 * $200,000 = $80,000
The Annualized Rate of Occurrence (ARO) is estimated to occur once every one year with current employee use policies. This makes the ARO = 1
The Annualized Loss Expectancy (ALE) = SLE * ARO or 1 * $80,000 = $80,000
The proper response will be to perform training with employees four times a year to make them aware of spoofing attacks. Also to set up a firewall policy to restrict users from accessing websites considered "unsafe" due to a high volume of spoofing attacks. The costs of these implementations and for continued review of these policies is estimated at $35,000/year.
The expectation here is that by spending the $35,000 to increase your security standards to help protect from a spoofing attack you will prevent an $80,000 yearly estimated loss. This is a net saving of $55,000/year.
Further into our report we consider the repudiation attacks to your company. There have not been any known instances of repudiation attacks in the past from your company nor are there any well-known attacks in the recent news. Your company has well-documented log in controls, and you do not use a role-based authorization model. You also do not allow anonymous access to critical data and audit log-ins.
Exposure Factor * Asset value = Single loss expectancy
EF has been determined to be 10% or .1
The asset value has determined to be the cost of investigating possible repudiation attacks or $35,000/year.
The SLE is .1 * $35,000 = $3,500
The Annualized Rate of Occurrence (ARO) is estimated to occur once every ten years with current employee use policies. This makes the ARO = .1
The Annualized Loss Expectancy (ALE) = SLE * ARO or .1 * $3,500 = $350
As you already have proper protections in place, the recommendation is to continue with the current policy in place. The costs to increase security for this type of attack would be to perform daily audits by hiring one additional personnel. The costs for this hire is around $45,000/year costing $44,650/year more for a $350/year savings. Review the policy yearly.
When analyzing the information disclosure portion of our report, we looked back at 2014 when the "HeartBleed" Bug was announced. According to Heartbleed.com (2014) the bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software (para. 2). This bug was considered a big deal as it compromised secret keys, names and passwords of users, and actual content. Your company is not using OpenSSL for encryption and has a good policy regarding encryption is noticed that certain 3rd party software such as Adobe was not being updated by every user promptly. We also noticed directory indexing was possible through a mistakenly configured web server allowing an attacker to access backup files and hidden files. Recently NetGear has a vulnerability located in a service designed to interact with Netgear Genie, a remote application used on several of its wireless routers. Your company does not use NetGear routers, but the lack of immediate patching could one day lead to similar issues.
Exposure Factor * Asset value = Single loss expectancy
EF has been determined to be 30% due to the misconfigured webserver and small volume of clear text emails. The number is at 30% because there is no record of previous abuse of the system.
The asset value has determined to be the cost of data such as intellectual property being exposed or website information leading to a loss of revenue from the customer being unable to purchase services or attackers holding intellectual property for ransom is estimated at $250,000 year.
The SLE is .3 * $250,000 = $75,000
The Annualized Rate of Occurrence (ARO) is estimated to occur once every three years, ARO = .3
The Annualized Loss Expectancy (ALE) = SLE * ARO or .3 * $75,000 = $22,500/year
Updating the patching policy requires education at all levels and re-training. You will need the IT department to monitor needed patches and have communication for patching to all affected users as well as follow-up. The misconfigured webserver needs to be addressed and separate people assigned to review current configurations as well as periodic check-ins to continue to validate correct configuration. The patching follow-ups is sporadic depending on the software being patched but is estimated to costs about 20 hours/year to implement. Current IT hourly costs are $90/hour. This equates to $1800/year. The web server configuration and policy improvement will require an additional 3 hours weekly of IT time. This is 200 additional hours at $90/hour = $18,000/year. The total id $19,800/year. This results in savings of $2,700/year.
Denial of Service attacks is on the rise. They are one of the most common forms of attacks after phishing attacks. There have been several reports over the last few months in 215 of DoS attacks. The website DDoSattacks.net (2015) has listed multiple pages of attacks in 2015. TalkTalk, ProtonMail, a server that suffered 320 straight hours of DoS attacks, the Thai government website, and more have been victims of the DoS style attack this year alone. Some of the information used is provided by a DDOS Impact Survey provided by Icapsula.com (2014).
The Exposure Factor has been determined to be a 1. This type of attack cannot be understated, and the increase of DoS attacks has been growing every year.
The Asset Value is difficult to determine due to the nature of DoS attacks. The possible responses to DoS attacks by this company are good enough to bring potentially the systems back up, but a coordinated attack could cause severe issues. The AV has been determined to be around $40,000/hr with about 50% of attacks lasting 6-24 hours. This means the AV could be from $240,000 to $960,000. We will estimate $500,000.
The SLE is 1* $500,000 = $500,000
The Annualized Rate of Occurrence (ARO) is also difficult to determine however due to the current news we can estimate a concentrated attack could happen multiple times in a year. We are estimating an ARO of 2 as there is a 75% chance of an attack happening twice in a year.
The Annualized Loss Expectancy (ALE) = SLE * ARO or 2 * $500,000 = $1,000,000
Purchasing more Bandwidth than needed or Bandwidth Oversubscription combined with a DNS-based redirect service and automated mitigation should provide better than average security from DoS attacks. The costs of these services vary based on location and volume however the cost will be significantly lower than the loss of revenue from DoS attacks. This is the biggest savings the company can make totaling more potential savings than all other threats combined.
Finally, we come to Elevation of privilege. As the company uses Data Execution Prevention (DEP) for its hardware, applications are run with least privileges possible, the anti-software virus is up to date, and there is encryption of software we do not feel this is a significant threat for a Vertical privilege escalation. There is a possibility of Horizontal privilege escalation due to poor password requirements for users of the website.
Exposure Factor * Asset value = Single loss expectancy
EF has been determined to be 75% due to the password policy allowed to be used by users of the website. Strong password policies are considered an excellent first line defense.
The Asset Value is considered to be similar to a negative public perception because of users' accounts being hacked. While internally secure data may not be exposed to this type of attack user's perception can drive potential future customers away as well as have current customers leave. There will also be additional costs to make customers whole who are affected by their information being stolen and more customer service calls for lost/reset of passwords due to the new password policy you will implement. The AV is estimated to be $325,000.
The SLE is .75 * $325,000 = $243,750.
The Annualized Rate of Occurrence (ARO) is high with customer passwords being exposed, so we estimate a massive breach possibly once every other year at current policies. ARO = .5
The Annualized Loss Expectancy (ALE) = SLE * ARO or .5 * $243,750 = $121,875.
The costs to the company will be to develop a new password policy and then costs associated with the extra hours of time needed to help customers with password resets. We noticed you had an average of about 250 calls a day at seven days a week or 1,750 calls a week and 91,000 calls a year. We estimate an increase of about 25% over a one-year period or an extra 22,750 calls a year. Your calls average about 5 minutes in length which equates to an extra 1895 hours for one year worth of calls. The call center reps are paid $9/hr, so this equates to an extra $17,062.50. The password policy change could save you $121,875 - $17,062.50 = $104,812.50/year. This is a significant saving you can easily achieve by keeping passwords strong and a positive public perception of your company and its security policies.
This ends our report. We look forward to your response.
Thank you.

References:
McMillan, R. (2006). Banks Hit With New Spoofing Attacks. Retrieved November 6, 2015. Zetter, K. (2012, October 24). How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole. Retrieved November 6, 2015.
The Heartbleed Bug. (2014, April 1). Retrieved November 6, 2015.
DDoS Attacks | Latest News on DDoS Attacks. (2015). Retrieved November 6, 2015.
(2014). Retrieved November 6, 2015, from https://www.incapsula.com/blog/ddhttps://www.incapsula.com/blog/ddos-impact-cost-of-ddos-attack.htmlos-impact-cost-of-ddos-attack.html

Similar Documents

Free Essay

Threat and Risk Assesment

...Associate Level Material Appendix B Security Assessment Directions: Choose one of the Facts for Consideration sections from Ch. 3 of the text and list the page number for the section you chose. Then, complete the following table. List five threats appropriate to the environment from the section you chose. Rate the risk for each threat from 0 (low) to 10 (high). Then, list five appropriate countermeasures. Once you complete the table, write a brief explanation of the countermeasures for the two threats with the highest risk total, stating how the countermeasure reduces the risk associated with that threat. This assessment is based on the Facts for Consideration on page _92_ | | | | |THREAT |RISK |COUNTERMEASURE | | |Probability |Criticality |Total | | |Example: | | | | | |Physical assault |9 |4 |13 |Highly visible officer presence | |Taking over the Bus |5 |10 |15 |Have at least 3 guards on board...

Words: 264 - Pages: 2

Premium Essay

Rights to Contemptment

...Risk Management Principles CMGT/430 INTRODUCTION Riordan Manufacturing is a company that is commited to handling their business in an ethical and logical manner. In order to provide the proper risk management plan for the company there needs to be a conference with all of management and stakeholders to get an oversight on the company and what it needs for mitigation control and risk management. The company needs to reconsider getting input from internal auditors, external auditors and outsources. Management will also need to get all of the department heads and key people together to discuss all of the initial assessments of the risk management capabilities and how effective it can be on the network/system. This assessment will be able to decide rather to have or continue with a more in tune risk management plan. There is also the need to discuss how to make the plan stronger for the company and how the analysts should focus on the risk management mitigation for Riordan manufacturing. Risk Management Principles Riordan Manufacturing is a corporation that is consistent of many different businesses. This new plan that needs to be implemented will help each business to deal with and handle their everyday risks and teach them how to make the proper decisions on what can or could be done. In order for this new plan to be implemented, eack business will have to be able to weigh out the risks with the strategies and be able to know and choose the proper decision when responding...

Words: 1084 - Pages: 5

Free Essay

Case Scenario

...scenarios we can understand the drivers of change and have more control of the situation. 1. What are the strengths and weaknesses of scenario planning? Strenghts Allows one to project the future back into the present to help articulate the strategies necessary to achieve the point in future the scenario is conducive to success or help implement strategies to avoid the scenario in cases where it is not going to be successful - Allow a shared view of the future to be developed - Provide the oportunity for an organization to consider how they want to be positioned in that future - Promotes flexibility and responsiveness - Permit to see the mayor drivers of change: globalisation, economics, technology, - It can be used to do Risk assesment, identify early warning indicators and decide how will we respond. Weakness Simplification of the future: Difficult to predict the future as the number of variables used maybe less |than required for a better plan. Scenario planning is expensive because it requires a huge commitment of time: time consumer and there are necesary consultants Dificult to convince people about how useful could be to do the exercise, because it doesn't affect their daily job It could be too focused in the internal problems, how the participants think. A financial guy will be centered in things that affectsthe funtional area, problems that he understand and control It can be ambiguous, because it requires to think...

Words: 692 - Pages: 3

Free Essay

Business

...potential in the industry, where profit potential is measured in terms of long-run return on investment capital. The six forces driving industry competition: 1) Threat of New Entrants New entrants to an industry typically bring to it new capacity, a desire to gain market share, and substantial resources, they are therefore, threats to an established corporation. The threat of entry depends on the presence of entry barriers and the reaction that can be expected from existing competitors. Entry barrier is an obstruction that makes it difficult for a company to enter an industry. Some possible barriers to entry are: * Economic of Scale * Product Differentiation * Capital Requirements * Switching Costs * Access to Distribution Channels. * Cost Disadvantages Independent in Size * Government Policy 2) Rivalry Among Existing Firms A competitive move by one fir can be expected to have noticeable effect on its competitors and thus may cause retaliation or counter efforts. According to porter, intense rivalry is related to the presence of several factors, including: * Number of Competitors * Rate of Industry Growth * Product or Service Characteristics * Amount of Fixed Costs * Capacity * Height of Exit Barriers * Diversity of Rivals 3) Threat of Substitute Products or Services Substitute products are those products that appear to be different...

Words: 1634 - Pages: 7

Free Essay

Project Management

...PERENCANAAN MANAJEMAN RESIKO TOPIK-TOPIK LANJUTAN SISTEM INFORMASI Bayu Pratama Wibowo 1501185710 06PEM 2014 Abstract Perencanaan Manajemen Resiko adalah suatu upaya yang dilakukan untuk merencanakan penanganan terhadap sesuatu yang dapat disebut sebagai resiko. Penanganan yang dimaksud dapat diartikan sebagai antisipasi atau meminimalisir dampak dari terjadinya resiko tersebut. Dalam pembahasan ini dipaparkan sejumlah proses yang dilakukan untuk memanage resiko pada proyek Teknologi Informasi. Terkandung juga didalamnya pendekatan-pendekatan yang bersifat strategis. Kata Kunci : Resiko, Perencanaan Management Resiko, Proses Memanage Resiko Pendahuluan Resiko merupakan hal yang tidak dapat dipisahkan dari kehidupan manusia, dalam kehidupan sehari-hari dikala beraktifitas juga tidak lepas dari resiko. Sesuatu hal yang tidak pasti akan menimbulkan resiko, reiko dapat bearkibat positif maupun negatif. Resiko yang berakibat negatif ini dapat menciptakan kerugian, sebaliknya resiko yang berakibat positif dapat suatu peluang. Secara umum resiko dapat diartikan sebagai suatu keadaan yang harus dihadapi seseorang atau sebuah organisasi perusahaan dimana terdapat kemungkinan merugikan. Karena ketidakpastian yang disebabkan oleh kurangnya informasi terkait isu-isu yang berkembang akan berhubungan dengan terjadinya resiko. Menurut (Wiley & Sons, 2012) Resiko adalah kejadian yang dapat terjadi dari suatu kondisi atau proses terstentu, yang apabila terjadi...

Words: 1105 - Pages: 5

Premium Essay

Build a Web Applications and Security Development Life Cycle Plan

...review (the Final Security Review or FSR) before software is released. What are the activities that occur within each phase? Training Phase- Core Security Training Requirements Phase- Establish security requirements, create Quality Gates/Bug Bars, perform Privacy Risk assesments. Design Phase-Establish Design Requirements, perform Attack Surface Analysis/Reduction, use Threat Modeling Implementation Phase- Use approved tools, Deprecate unsafe functions perform static analysis Verification Phase- Perform Dynamic Analysis, Perform Fuzz Testing, Conduct Attack Surface Review Release Phase- Create an incident Response Plan, Conduct Final Security Review, Certify release and archive Response Phase- Execute Incident Response Plan Phase Activities Roles Tools Requirements - Establish Security Requirements -Create Quality Gates/Bug Bars -Perform Security and Privacy Risk Assessments -Project Managers -Security Analysts -Microsoft SDL Process Template for Visual Studio Team System - MSF-Agile + SDL Process Template Design -Establish Design Requirements -Perform Attack Surface Analysis/Reduction -Use Threat Modeling -Project Managers -Tester -Software Developers -Security Analysts -QA -Microsoft Threat Modeling Tool 2014 Implementation -Use Approved Tools -Deprecate Unsafe Functions -Perform Static Analysis -Software Developers -Tester -Security Analysts -QA -SDL Tools -Banned.h -Anti-XSS Library -FxCop -Code Analysis for C/C++ -CAT.NET 32-bit...

Words: 2006 - Pages: 9

Premium Essay

Danish Insurance

...Introduction 3 Problem statement 4 Delimitation 4 Methodology 5 Risk management 6 Charateristics of insurance industry 6 Risk qualification 8 Approximate cost for a threat determination 8 Probability of threat accuracy or that vulnerability will be affected 9 SWOT analyses 10 Matrix between Strengths-Threats and Opportunities-Weaknesses 11 Conclusion of SWOT analysis 13 CONCLUSION 14 Introduction Climate change is a significant and lasting change in the statistical distribution of weather patterns over periods ranging from decades to millions of years. It may be a change in average weather conditions or the distribution of events around that average. Climate change may be limited to a specific region or may occur across the whole Earth. Nowadays the impact of the climate change can be seen around the globe - seasons are shifting, temperatures are climbing and sea levels are rising. And meanwhile, our planet must still supply us – and all living things – with air, water, food and safe places to live. Weather related consequences, caused by climate change, present challenges that threaten the understanding of extreme weather and natural disaster related damages. Many natural disasters (like floods, earthquakes, tsunamis and volcanic eruptions) all around the world have showed that people are now exposed to extreme weather events. The lack of financial preparation to face the risk of extreme weather events is particular concern at the moment. Many governments...

Words: 3072 - Pages: 13

Premium Essay

Student

...Christine Lowe 3-1-14 NRS-429 Heritage Assesment The first defense against the "if" factor is to take charge of your health and learn what you need to do, and when you need to do it, to keep your body running at tiptop shape. After all, when you buy a car, you maintain it according to schedule. So why not have a similar schedule to maintain your body (Danoff 2013)? This statement makes a great point when addressing health maintenance. Health maintenance should be a priority for all of us, it allows us to do preventive medicine such as annual physicals, vaccines, safe sex, and a huge array of other health preventions. So often now primary physicians are increasing the push for maintaining healthiness. When I visit the doctor, the routine is to ask a variety of screening questions that it prompts the provider to offer health maintenance to each patient. Whether I’m over due for annual bloodwork, mammogram, or pap-smear these items are always discussed during any visits. Keeping their patients healthy hopefully will eventually allow the insurance companies to one day lower premiums. Health protection refers to "ensuring safe food and water supplies, providing advice to national food and drug safety regulators, protecting people from environmental threats, and having a regulatory framework for controlling infectious diseases in place. Ensuring proper food handling in restaurants and establishing smoke-free bylaws are examples of health protection...

Words: 1057 - Pages: 5

Free Essay

Toxicology

...Dioxin, Furans, & PCB Emission for Residential Trash Burning MOS 5425 Advanced Toxicology Dr. Brooks McPhail October 7, 2014 Dioxin, Furans, & PCB Emission for Residential Trash Burning In the United States, the Environmental Protection Agency (EPA) estimated in 2006 Americans generated 300 million tons, 12.5 percent burned in incinerators. Countless of the hundreds of thousands of tons are burned in residential backyard burn barrels in rural areas, are never accounted for. To the residential homeowner burning trash has been for centuries the means of disposing refuse in areas that do not have organized garbage collection. As the modern industrial chemical production continues to increase, making products that make everyday life in the modern world more accessible, burning that waste stream at low temperatures products highly toxic compounds releasing not only in the air via smoke but also in ash runoff, and smoke fume condensation on possible food sources. Countless toxicological studies have been conducted on dioxins, furans and polychlorinated biphenyl (PCBs). That information will be leveraged here to compliment the toxicity and pollutant effects of these chemicals, yet the emphasis is not political, environmental, nor humanitarian. It is about highlighting the non-industrial emissions, choices in some cases, and for others the realization, that these toxic chemicals are a result of disposing product we receive from the modern industrialized world. Dioxins...

Words: 1525 - Pages: 7

Premium Essay

Risk Assessment

...Information Security Management RISK ASSESMENT Information systems have long been at some risk from malicious actions or inadvertent user errors and from natural and man-made disasters. In recent years, systems have become more susceptible to these threats because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals. In addition, the number of individuals with computer skills is increasing, and intrusion, or “hacking,” techniques are becoming more widely known via the Internet and other media. Arisk assessment is not about creating huge amounts of paperwork , but rather about identifying sensible measures to control the risks in your workplace. You are probably already taking steps to protect your employees, but your risk assessment will help you decide whether you  have covered all you need to. Think about how accidents and ill health could happen and concentrate on real risks – those that are most likely and which will cause the most harm. For some risks, other regulations require particular control measures. Your assessment can help you identify where you need to look at certain risks and these particular control measures in more detail. These control measures do not have to be assessed separately but can be considered as part of, or an extension of, your overall risk assessment. Although all elements of the risk management cycle are important, risk assessments provide the foundation for other...

Words: 3691 - Pages: 15

Premium Essay

Information Security for Managers

...Assignment 2 Information Security for Managers Submitted By: Student Number: Submitted Date: January 22, 2009 Table of Contents 1. Information Security Policy (Word Count = approx. 1000) 3 1.1 Security: 3 1.2 Policy: 3 1.3 Information Security Policy and its importance: 4 1.4 Policies, Procedures, Practices, Guidelines 5 1.5 Example of good policy statement 6 1.6 Possible structure of information security policy documents 7 1.7 Strategies and techniques to implement information security policies 8 2. Developing the Security Program(Word Count = approx. 500) 9 3. Security Management Models and Practices (Word Count = approx. 500) 11 A. ISO/IEC Model 11 B. NIST Security Model 11 C. RFC 2196 11 D. COBIT 11 E. COSO 12 4. List of References: 13 1. Information Security Policy 1.1 Security: Security has been a real issue for this century. Due to the new emerging technology like RFID and wireless devices there have been various issues regarding privacy and security of person and an enterprise. Security can be understood as a condition to protect against unauthorized access. In terms of IT, security can be categorized into application security, computing security, data security, information security, and network security. Source: (Whitman & Mattord 2007, p.5) Even though all of these security fields need to be monitored in an enterprise, for instance in this document we are concerned only with information security. Information...

Words: 2401 - Pages: 10

Free Essay

Constructive Intercultural Conflict

...that CSOs number in Indonesia reached to 139.957 CSOs, which are: Number of CSO 65.577 25.406 Registered at: Ministry of Home Affairs Ministry of Social Services 48.866 108 (Foreign NGO) Ministry of Justice & Human Right Ministry of Foreign Affairs Backgrounds Civil Society Organizations represent majority of society voices.  Civil Society Organizations as a social control power in policy, in regulation, in the life of democracy.  Parallel activities among Civil Society Organizations and Media can provide the transform of the social politic condition (to reach the civil society independency and the elites as well).  CSO Problem Definitions The problems that interface Indonesia CSOs related with low capacity, low payment and high risks of CSO human resources; the result of IGI (Indonesia Governance Index) Survey in 2012 for Auditing of Good Governance Index in Indonesia shown that: Problem Definitions   The comprehensive social sufficient mobilisation that facilitate the...

Words: 1368 - Pages: 6

Premium Essay

It Audit

...IT AUDIT REPORT FOR Contents Contents 2 Contents 2 1. Introduction 4 1.1 Purpose 4 1.2 Scope 4 2. Background Information 4 3. Assets Identification 5 4. Threat Assesment 5 5. LAWS, REGULATIONS AND POLICY . 5 5.1 Hospital Policy. 5 5.2 Vulnerabilities. 5 6. PERSONNEL 5 6.2 Management. 6 6.3 Operations. 6 6.4 Development 6 6.5 Vulnerabilities. 7 7. Systems and Applications. 7 7.1 Vulnerabilities. 7 8. Information Processing Facilities (Data Centers) 7 8.1 Vulnerabilities 7 9. Systems Development 8 9.1 Vulnerabilities 8 10. Management of IT and Enterprise Architecture 8 11. Client, Server, Telecommunications, Intranets and Extranets 8 11.1 Building Vulnerabilities 8 11.1 Security Perimeter 8 11.1 Server Area 8 12. Summary 8 12.1 Action Plan 8 1. Introduction • At present the Hospital has 250 beds including 40 adult ICU and 8 Pediatric ICU beds. • The Hospital is well equipped with latest technology like 1.5 Tesla MRI, 6 Slice Spiral CT Scan, Digital X-ray, Mammography, Intense Pulse Light (Cosmetic) and Diabetic Foot Care Equipment’s in the year 2007-08, the hospital provided services to 46000 patients. So far the hospital has repaired approximately 2400 cleft lip and cleft palate...

Words: 2618 - Pages: 11

Premium Essay

Le Vlademe Eh

...El Paso Community College Syllabus Instructor’s Course Requirements I. Course Number and Instructor Information ITSY 2300- ‘Operating Systems Security’ Instructor: Danny A. Dominguez Campus and Office Number: Valle Verde Campus - Room A-1109 Office/Voice Mail Number: (915) 831-2833 Office Hours: Monday/Wednesday/Friday 8:00am – 9:00am 11:00am – 12:00pm Monday/Wednesday 3:00pm - 5:00pm By Appointment E-Mail Address: adomi146@epcc.edu II. Text and Materials A. Fundamentals of Information Systems Security 2nd Edition, Kim, David. Students have two options. They can order from the EPCC campus bookstore, or they can order from the publishers shopping portal (www.shopjblearning.com). Below are the bundle breakdowns and options: OPTION 1: Purchase at EPCC Bookstore: Printed Access Code (For Bookstore) Print Bundle: a. Print Text + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07445-1 Bookstore sets student price: eBundle: a. eBook Rental + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07444-4 Bookstore sets student price: OPTION 2: JONES & BARTLETT: E-mailed Access Code (For Student). Students can go to: www.shopjblearning.com, enter the ISBN in the Search field, and then Add to Cart- proceeding through the checkout process. Print Bundle: b. Print Text + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07440-6 Approx. cost to the student:...

Words: 1345 - Pages: 6

Premium Essay

It Risk Management Plan

...IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez TABLE OF CONTENTS 1.0 PURPOSE AND SCOPE 4 2.0 RISK PLANNING 4 2.1 ROLES AND RESPONSIBILITIES 6 2.2 RISK IDENTIFICATION 7 2.2.1 Methods for Risk Identification 7 2.2.2 Identified Risks 7 2.3 RISK ASSESMENT 28 2.3.1 Qualitative Risk Assessment 28 Probability 28 Impact 29 Threat Matrix 30 2.3.2 Quantitative Risk Assessment 33 2.4 RISK RESPONSE PLANNING 34 Avoid 35 Mitigate 35 Accept 35 Contingency 35 Transfer 35 2.5 RISK MITIGATION 35 2.6 RISK MONITORING 39 Pulse Meetings 39 Variance Reports 40 Program Reviews 41 Technical Reviews 42 Project Forecasting 43 Problem Solving 45 2.6.1 Project Management Information System 46 Management Reviews 47 Project Dashboards 48 Change Management Log 50 3.0 Computer Incident Response Team Plan 51 3.1 Have an incident response plan. 52 3.2 Pre-define your incident response team 53 3.3 Define your approach: watch and learn or contain and recover. 54 3.4 Pre-distribute call cards. 55 3.5 Forensic and incident response data capture. 56 3.6 Get your users on-side. 56 3.7 Know how to report crimes and engage law enforcement. 57 3.8 Practice makes perfect. 58 4.0 Disaster Recovery versus Business Continuity Planning 59 4.1 Define Key...

Words: 14207 - Pages: 57