| Asset Identification WorksheetForm # AID01
Page __1__ of _____ |
|||||
| Business Name: XYZ clothing lineAddress:
Fcility # 001 |
Contact:Phone Number:
E-mail: |
||||
| Asset | Quantity | Department or Location | Value | Priority | |
| Computers and printers | 10 | Main office | $ 500000 | 1 | |
| Servers and server appliances | 2 | Main office | $6000 | 2 | |
| Routers | 6 | Main office | $ 1000 | 8 | |
| Switches and hubs | 15 | Main office | $ 750 | 7 | |
| Network interface cards | 2 | Main office | $ 280 | 6 | |
| Electricity and internet connection | 5 | Main office | $ 500 | 5 | |
| Web-enabled devices including androids, iPad, iPhones | 1 | Main office | $ 28000 | 4 | |
| File backup systems | 2 | Main office | $360000 | 3 | |
| Modems | 3 | Main office | $ 2500 | 9 | |
| Business Process Identification WorksheetForm # BPID01
Page ____ of _____ |
|||
| Business Name:Address:
Facility # 001 |
Contact:
Phone number: E-mail: |
||
| Business Process | Priority | Department | Assets Used |
| Communication with the client | 1 | Customer relations department | ComputersWeb-enabled devices including androids, iPad, iPhones
Electricity and internet connection
|
| Order placement | 2 | Sales department | Computers
Web-enabled devices including androids, iPad, iPhones Electricity and internet connection
|
|
Order billing
|
3 | Sales department | Computers
Web-enabled devices including androids, iPad, iPhones Electricity and internet connection
|
| Payment verification | 4 | Finance department | Computers
Web-enabled devices including androids, iPad, iPhones Electricity and internet connection
|
| Order processing | 5 | Production department | Computers and printers
Electricity and internet connection
|
| Printing invoice and shipping label | 6 | Sales department | Computers and printers
Electricity and internet connection
|
| Communicating with the client to confirm order status | 7 | Customer relations department | Computers
Web-enabled devices including androids, iPad, iPhones Electricity and internet connection
|
| Order shipment | 8 | Logistic department | Computers |
| Threat Identification and Assessment Worksheet
Form # TIDA01 Page ____ of _____ |
||||
| Business Name:
Address: Facility # 001 |
Contact:
Phone number: E-mail: |
|||
| Threat | POC | Assets Affected | Consequence (C, S, M, I) | Severity (C, S, M, I) |
| Computer hacking and Fraud
The electronic system that supports ecommerce is susceptible to fraud that can result in direct financial loss. Financial records might simply be lost or funds might be transferred from one account to another. The illegal intrusion to customer data may lead to loss of customer confidence. E-commerce tends to experience high risk of attacks since the transactions and payment of goods and services are conducted through the internet. Computer hacking and fraud will likely lead to Loss of data Loss of funds Malicious use of data Loss of customer confidence
|
High | Servers
The physical place where fraudulent transactions occur is at the server level. The server acts as the central repository for the “E-Commerce Place of Business.” it hosts the actual website which displays business products and services, the payment mechanism and the customer database. An attack on the server may signal a potential of the business to lose everything File back-up systems Computers Web-enabled devices |
Severe | Critical |
| Theft
Both physical theft and theft of confidential, marketing, proprietary information belonging to the business might occur. An intruder might disclose such information to third parties which might result in damage to the business. Theft will likely lead to Loss of equipment Loss of valuable information Loss of customers |
Moderate | Computers
Web-enabled devices Servers Printers Modems Routers
|
Severe | severe |
| Malicious code attacks
Worms and viruses pose a threat to the system Malicious code attacks will likely lead to Disruption in normal operation of the business Loss of important data |
Moderate | Firewalls
Computer Servers Data backup systems |
Moderate | Moderate |
| Natural occurrences
They may cause Disruption of services The electronic system may be disrupted by natural occurrences such as fire and floods resulting to a disruption in business operations. Natural occurrences will likely lead to Loss of equipment Closure of business operations Financial loss
|
Low | Servers and server appliances
Routers Switches and hubs Network interface connections Web-enabled devices Modems
|
Catastrophic | Moderate |
| Threat Mitigation Worksheet
Form # TM01 Page ____ of _____ |
||
| Business Name:
Address: Facility # 001 |
Contact:
Phone number: E-mail: |
|
| Asset | Threat | Mitigation Techniques |
| Servers | Hacking and fraud
Theft
Malicious code attacks
Natural occurrence
|
There are various mitigation techniques to safeguard against hacking and fraud. Secure business accounts
Business accounts should have more advanced protection beyond passwords. Additional ways to verify the users of business accounts should be implemented before anybody can conduct business on sites. Long and strong passwords Long and strong passwords are more secure. For example, a combination of a number of symbols and numbers creates a more secure password. Additionally, having separate passwords for every account can help thwart cybercriminals. Owning the online presence: Security and privacy settings on websites can control the level of information sharing. Physical control Servers should be maintained in a safe place with limited access. Insurance
The business can make practical arrangements with an insurance agency to provide a guarantee of compensation against risks such as theft and natural occurrences.
|
| Computers | Hacking
Theft Malicious code attacks Natural occurrences
|
|
| Data backup systems | Hacking
Theft Malicious code attacks Natural occurrences
|
Firewalls
Firewalls act as filters between networks and internet to enable the securing of information from non authorized access. Access control The access to business assets should be authorized by a designated individual to prevent loss by employees. Physical measures such as locking and tracking systems should be implemented to secure assets from theft. Assets should be identified and monitored regularly and records kept. |
| Web-enabled devices
|
Hacking
Theft Malicious code attacks Natural occurrences
|
The privacy factor
Basic steps can be taken to mitigate the risks that may arise from hacking ad malicious codes. Users should enhance their privacy when online such as through sending mails through remailers, using secondary email services, using privacy applications and software utilities and installing firewall programs. Authorization and control The use of web-enabled devices should be authorized to reduce the probability of misuse. Users It is necessary for employees to be well versed with security issues and procedures when using business applications. Insurance The business should make regular payments to an insurance company to insure against loss or damage from natural occurrences
|
| Routers and modems
|
Theft | Physical controls
Physical controls over assets can help check against theft. |
References
Teresa Wu, Jennifer Vincent Blackhurst (2009) Managing Supply Chain Risk and Vulnerability: Tools and Methods Springer Science & Business Media
Poremba, S. M. (2008). RISKY Business: managing the email security risk. Econtent, 31(7), 40-44.
Willoughby, M. (2006). Security Lessons From Sun Tzu and Hannibal. Computerworld, 40(41), 46.
Bojanc R, Jerman-Blažič B. A Quantitative Model for Information-Security Risk Management. Engineering Management Journal
Ross, R. (2007). Managing Enterprise Security Risk with NIST Standards. Computer, 40(8), 88-91.
McGraw G.(2006) Software Security: Building Security Addison-Wesley Professional,
Lam J. (2003) Enterprise Risk Management: From Incentives to Controls John Wiley & Sons
Carolyn Morgan is the author of this paper. A senior editor at MeldaResearch.Com in paper college 24/7. If you need a similar paper you can place your order from custom nursing papers.
