Mis522 Risk Assessment
Title: MIS522 - Rish Assessment
Date: 2017-10-03T00:00:00
Tags: Cybersecurity, MIS522
Authors: Henry Brooks
Risk Assessment
This weeks we went over Risk Assessments guidelines posted by The Federal Risk and Authorization Management Program(fedRAMP) and we were asked to use their Security Assessment Report Template to model as risk assessment for the university.
fedRAMP lists 3 categories for the origination of threats
| Threat Origination Category | Type Identifier |
|---|---|
| Threat launched purposefully | P |
| Threats created by unintentional human or machine error | U |
| Threats caused by environmental agents or disruptions | E |
Potential threats are listed with their impact on confidentiality, integrity, and availability.
I have included the threats listed by fedRAMP that I feel are most relavent to CSUSM, and I have ordered them by their likelyhood considering the schools history and location.
| ID | Threat Name | Type Identifier | Description | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|---|
| T-1 | Phishing Attack | P | Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source. Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information.Alteration of data, files, or records. |
Disclosure | Modification or Destruction | Denial of Service |
| T-2 | Unauthorized System Access | P | An unauthorized user accesses a system or data. | Disclosure | Modification or Destruction | |
| T-3 | Unauthorized Facility Access | P | An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability. | Disclosure | Modification or Destruction | Denial of Service |
| T-4 | Power Interruptions | E | Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout). | Denial of Service | ||
| T-5 | Procedural Error | U | An error in procedures could result in unintended consequences. | Disclosure | Modification or Destruction | Denial of Service |
| T-6 | Data Disclosure Attack | P | An attacker uses techniques that could result in the disclosure of sensitive information by exploiting weaknesses in the design or configuration. | Disclosure | ||
| T-7 | Sabotage | P | Underhand interference with work. | Modification or Destruction | Denial of Service | |
| T-8 | Fire | E, P | Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires. | Destruction | Denial of Service |