Gregory Swinehart
IS 3110 Risk Management in Information Technology Security
Week 1 Assignment 1

Risk one: Application Server Host
Threat: Denial of service or distributed denial of service attack
Vulnerability: The organization doesn’t use intrusion detection system
Impact: Depending on the attack, the credibility of the company could be affected
Harmful Event or Loss: Lost of productivity due to unable to access applications and services
Likelihood of Occurrence: 24/7
Risk Management Techniques Use: Avoidance
Company should configure Firewall setting and implement both IPS and IDS to strengthen the system to avoid vulnerabilities

Risk two: Database Server
Threat: Equipment failure due to environmental disaster impact such as fire or tornado
Vulnerability: The organization does not have a data backup contingency plan
Impact: The possible loss could affect functionality of the company
Harmful Event or Loss: Lost of productivity, data availability
Likelihood of Occurrence: Likely to occur because Indiana, Nebraska and Oklahoma are in the Tornado Alley Zone
Risk Management Techniques Use: Avoidance and Transfer
Create a strategic disaster recovery plan for the company to recovery data. Store backup data on secure off-site location or use secure third party Cloud service to manage the data. Use RAID method to improve data redundancy.

Risk three: Window Vista Workstations
Threat: Social Engineer
Vulnerability: Windows Vista is vulnerable to virus attack, exploit may require user interaction.
Impact: Attacker who successfully exploited the vulnerability could gain the same user right as the logged-on user
Harmful Event or Loss: System outage, loss of data confidentiality
Likelihood of Occurrence: 24/7
Risk Management Techniques Use: Residual
Although applying security patch or upgrade operating system can help to lower the