Asset Evaluation

Sno. Asset Confidentiality Integrity Availability Asset Value

1 File Sharing High High High High

2 Vmware Server High High Medium High

3 Active Directory High High Low High

4 Firewall(software) High High High High

5 Gmail High High Medium High

6 Switches High medium Medium Medium

6 Switches High medium Medium Medium
 Risk Identification
Threat
Unauthorised Access
Data Leakage
Malware/Virus
Pishing Attacks
Weak Passwords
Insider Threats
Out-dated Softwares
Man in the middle attack
Unauthorised Access to server rooms
Malwares
Physical Damage(Accidents)
Data Theft
Overloading
Power Outage
Human errors
outdated software
Natural disasters
Insider Threats
Pishing Attacks
outdated patches
Week Encription
Unauthorized Access
Malware
Bruteforce Attacks
Unauthorized Access
Malware
Outdated Softwares
Pishing Attacks
Insider Threats
Denial of Service(DoS) Attacks
Pishing Attacks
Malware/ Virus
Man in the middle attacks
Unauthorized access
weak encryption
Brute force Attacks
Data leakage/ loss
Physical damage

MAC Address spoofing

Insider Threats
Configuration errors
unauthorized physical access
Denial of Service (DoS) Attacks
Unauthorized firmware updates
 Risk Identification
Vulnerability Business Impact Probability of Occurance
Lack of Antivirus/Antimalware Software High medium
Insecure password policies High medium
stolen credintials High high
Lack of employee Awarness training High medium
Manipulating staff to reveal sensitive information High medium
Inadequate Data loss prevention measures High medium
medium low
medium medium
Unauthorized users gaining access to the server High low
Failure to update VMware software and patches High medium
Data loss due to misconfiguration High medium
Lack of Antivirus/Antimalware Software High medium
Lack of proper physical safety High high
Inadequate backup procedures medium low
No plan for server recovery in case of a disaster medium medium
Lack of user awareness about security risks medium medium
Inadequate User Training High low
Leaving Inactive user access High medium
High no. of Admin access High high
Fail to update patches medium medium
poor employee trainings medium medium
lack of Multi-factor Authentication High medium
poor monitoring of directory High high
Users with non expiring passwords and weak passwords High medium
Fail to update patches High medium
week Passwords High high
Misconfigured rules medium medium
Poor Access control policies High high
weak encryption High medium
High medium
Connecting to unsafe networks High high
Lack of security Awarness Trainings High high
Lack of multi factor Authentication High high
Lack of Anti virus softwares High medium
Lack of secure password policy medium medium
Accidental sharing of sensitive information High medium
High medium
Inadequate Security Policies medium medium

Firmware Vulnerabilities High medium

Lack of Monitoring medium medium

Lack of proper physical safety High medium
Port Security Misconfiguration High medium
without proper logging and monitoring High high
High medium
 Risk Treatment
Risk value 4 T's

high Treat

high Treat

high Treat

high Treat

high Treat

medium Treat
medium Treat
 Risk Treatment
Controls
maintaining good Access control policies
good data encryption
using firewalls
proper awerness to be given about clicking to unsafe mails
strong password policies
Employee Awarness trainings, Agreements
Regularly update patches and softwares
good data encryption
Access control policies
using better Firewalls, Anti-virus
implementing proper physical security policy
connecting to safe networks
blocking unwanted incoming traffic using firewalls
maintaining UPS, Generators, PDU's
hiring capable employees, proper monetoring and proper procedurs
Regularly update patches and softwares
organization location, proper physical security to the server rooms
Employee Awarness trainings, Agreements
proper awerness to be given about clicking to unsafe mails
Regularly update patches and softwares
implementing strong password policies
maintaining good Access control policies
using better Firewalls, Anti-virus
implementing multi factor Authentication, better password policies
maintaining good Access control policies
using better Firewalls, Anti-virus
Regularly update patches and softwares
proper awerness to be given about clicking to unsafe mails
Employee Awarness trainings, Agreements
good Network security, implementing better firewalls
proper awerness to be given about clicking to unsafe mails
using better Firewalls, Anti-virus
good data encryption
maintaining good Access control policies
implementing strong password policies
implementing multi factor Authentication, better password policies
good data encryption

Network Monitoring,implementing Network Access Control, Port security settings on

network switches can be configured
Employee Awarness trainings, Agreements

maintaining good Access control policies

good Network security, implementing better firewalls