Risk Assessment of IT System



Risk Assessment of IT System

Introduction

The Risk management is the most crucial task to accomplish in an IT-based company. However, the core threats, which were identified, include the malware intrusion causing Denial of Service (DoS) and attaining the confidential data of the business. These were the two core concerns which are related to the equipments mentioned. In this lieu, the risk management approach is quite helpful for mitigation and complete avoidance of risk. Hence, the System Development Life Cycle (SDLC), which includes the initiation, creation, acquisition, implementation, maintenance and operation, and ultimately disposal.



Risk Assessment

Considering these five phases nine steps of risk assessment can be proposed for each SDLC phase.

System Characterization

Threat Detection

Vulnerability discovery

Control Analysis

Probability determination

Impacts investigation

Risk determination

Control Solution

Results documentation

The previous assignment has covered the first three steps and has discussed a tremendous amount of vulnerability associated with the system. In order to determine the strategy for tackling the risk, the first risk is related to confidentiality is the most serious concern of today's society. The company must have to incorporate the risk assessment at the most significant steps on the annual basis. This would give them to gain an insight about the problem beforehand and this action would help us to reduce the risk associated with both denial of service and confidentiality theft. There are three ways to mitigate or avoid the risks of being attacked. The first one is the development of the new and advanced computing systems. Most of the new hardware is more resilient as compared to older networking hardware. The second step is to promote the acquisition of production system from other vendors. This helps us to have much resilience within the information system against any attacks and will greatly helps us to prevent malware activity too. The last one is related to the enhancement of legacy system and its security features, but it is limited to the primary supporting systems as well as business processes. The supporting systems include the databases, software and hardware along with the network supporting systems which are providing support to the software end. The support domain also includes the workforce which makes use of these resources. On the other hand, business unit managers are solely responsible for the development of the risk assessment activities while taking the computer officials on-board. The team comprising of business unit and computer experts will be responsible for collection of data at various access points. The threat was identified in the previous assignment.

Risk Analysis

Starting with the first risk leading to a tremendous number of vulnerabilities. The malware intrusion is the core threat in this domain. In this context, the remote code execution is one of the vulnerability which was pinpointed during the analysis. This risk can easily be mitigated by the deployment of network filters to prevent access to malware program and the sites having suspicious coding. The malware was successful to get through the system which means that the current ...