risk assessment - alliance finance
TRANSCRIPT
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 1/47
Risk Assessment Report
Alliance Finance Co PLC.
This report is an outcome of the risk assessment conducted on Domain Controller System, at
Alliance Finance Co PLC. Ward pl. Colombo.
ICT 4009 IT Contingency Planning
Students - Registration No. Index No.
M.A.S.S Malwattha 2010/ICT/052 10020527
W.A.L.T.C Weliwita 2010/ICT/072 10020721
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 2/47
Risk Assessment – Alliance Finance
1
Acknowledgement
Firstly, we would like to thank Mr. Athula Samarasinghe for giving us the opportunity to
participate in this assessment and providing us with the knowledge, guidance and motivation
to successfully complete this task. Secondly, would like to show our gratitude to the Alliance
Finance employees who supported us in carrying out the risk assessment. Finally, our sincere
gratitude goes to all the parties who aided and motivated us in this regard.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 3/47
Risk Assessment – Alliance Finance
2
Table of Contents
Acknowledgement ..................................................................................................................... 1
List of Tables ............................................................................................................................. 3
1. Introduction ............................................................................................................................ 4
1.1 Purpose ............................................................................................................................. 4
1.2 Scope ................................................................................................................................ 4
1.3 Audience........................................................................................................................... 4
2. Risk Assessment Approach and Methodology ...................................................................... 6
2.1 Risk Assessment Process ................................................................................................. 6
2.1.1 Phase 1 - Pre-Assessment .......................................................................................... 6
2.1.2 Phase 2- Assessment .................................................................................................. 7
2.1.3 Phase 3 – Post Assessment ...................................................................................... 11
3. System Characterization ...................................................................................................... 12
3.1 Functional Description ................................................................................................... 12
3.2 System Environment ...................................................................................................... 12
3.3 System Users .................................................................................................................. 14
3.4 System Dependencies ..................................................................................................... 14
3.5 Supported Programs and Applications ........................................................................... 15
4. Information Sensitivity ........................................................................................................ 16
4.1 Sensitivity ....................................................................................................................... 16
4.2 Protection Requirements ................................................................................................ 17
4.2.1 Protection Requirement findings ............................................................................. 17
5. Identification of Vulnerabilities, Threats and Risks ............................................................ 19
6. Control Analysis .................................................................................................................. 26
7. Risk Likelihood & Impact Determination ........................................................................... 27
8. Overall Risk Determination & Recommendations .............................................................. 38
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 4/47
Risk Assessment – Alliance Finance
3
List of Tables
Table 2.1 Risk Likelihood Definitions (1) ................................................................................. 8
Table 2.2 Risk Likelihood Definitions (2) ................................................................................. 9
Table 2.3 Risk Impact Definitions ............................................................................................. 9
Table 2.4 Risk Level Definitions ............................................................................................. 10
Table 2.5 Overall Risk Rating Matrix...................................................................................... 10
Table 3.2 Host Characterization Components ......................................................................... 13
Table 3.3 Domain Controller System Users ............................................................................ 14
Table 4.1 Domain Controller Information Type ...................................................................... 16
Table 4.2 Definitions for C/I/A Ratings .................................................................................. 16Table 5.1 Vulnerabilities, Threats, and Risks .......................................................................... 19
Table 6.1 Risk Controls in place/planned for domain controller ............................................. 26
Table 7.1 Risk Likelihood & Impact ratings ........................................................................... 27
Table 8.1 Overall Risk Rating ................................................................................................. 38
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 5/47
Risk Assessment – Alliance Finance
4
1. Introduction
Information systems are vital elements in most businesses since they are essential to carry out
business operations smoothly. If there are disruptions to these information systems, the
business couldn’t be able to continue as it was. Due to the disruptions to the business, therewill be tangible losses such as financial/profit loss as well as intangible losses like loss of
customer goodwill. Thus, it is critical that these systems are able to operate effectively
without excessive interruption.
IT contingency planning supports by reactively and proactively safeguarding the information
systems and related assets from wide range of risks. IT contingency planning refers to a
coordinated strategy involving plans, procedures, and technical measures that enable the
recovery of information systems, operations, and data after a disruption. Risk assessment is
one of the critical activity in IT contingency planning where the system characteristics and
risks are identified and evaluated. Remedial measures are suggested based on the type of the
risk and their impact.
1.1 Purpose
The purpose is to identify how ‘Alliance Finance’ has implemented their IT contingency
plans. In addition, we hope to identify the existing vulnerabilities of the domain controller
system and suggest preventive controls and strategies as well as discuss their effectiveness.
1.2
Scope
This report examines the current hardware, software, operating systems and critical data in
domain controller system. Furthermore, identify the vulnerabilities and suggest remedial
measures and reflect on their effectiveness.
1.3
Audience
This document is primarily aimed for system administrators responsible for information
systems or security at system and operational levels as well as for higher level managerial
personnel who coordinate and support information system contingency planning activities.
Managers
Personnel who are responsible for overseeing information system operations or
mission/business processes that rely on information systems.
Chief Information Officers (CIOs)
Personnel who hold the overall responsibility for the organization’s information systems.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 6/47
Risk Assessment – Alliance Finance
5
System engineers and architects
Architects are responsible for designing, implementing, or modifying information systems.
System administrators
The employees who are responsible for maintaining daily information system operations.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 7/47
Risk Assessment – Alliance Finance
6
2. Risk Assessment Approach and Methodology
The risk assessment conducted followed the guidelines of NIST SP 800-30, Risk
Management Guide for Information Technology System. The assessment is aimed at
assessing the security vulnerabilities affecting confidentiality, integrity and availability ofdomain controller server at Alliance Finance.
At the end of this assessment, the risk assessment team recommends security safeguards to
address identified threats and vulnerabilities. The methodology addresses the following types
of controls:
Management Controls: The management level controls were addressed in order to
manage and accept the risks as well as to manage the IT security systems.
Operational Control: Manual security controls implemented to address the physical
access to servers and media safeguards.
Technical Controls: Automated security controls providing protection to applications
and server systems.
2.1
Risk Assessment Process
This section details the risk assessment process performed during this effort. The process is
divided into pre-assessment, assessment, and post-assessment phases.
2.1.1 Phase 1 - Pre-Assessment
Step 1: Define the nature of the risk assessment
This risk assessment effort provides an independent review of the Alliance Finance Domain
control server to help determine the appropriate level of security. On site interviews,
Questionnaires and documentation reviews were taken as the basis for this effort.
Step 2: Data collection
The data collection phase included interviewing key personal responsible for the domaincontroller server within the organization and reviewing existing documents. Interviews were
complemented with a questionnaire and focused on system characterization, operating system
and software, access control, authentication, network access control, data integrity and
security, monitoring and logging, Intrusion detection, physical security and backups. The
document review enabled the risk assessment team to evaluate compliance with guidelines
and standards that are adhered.
Step 3: Templates
The following templates were used in this risk assessment effort and are included at the
appendix of this document.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 8/47
Risk Assessment – Alliance Finance
7
Questionnaire - Carnegie Mellon Information Security Office Template
NIST Risk Assessment Template
Old Dominion University Risk Assessment Template
2.1.2 Phase 2- Assessment
Step 1: Document Review
The IT policy documents are reviewed at the beginning of the assessment provided by the
domain controller system’s administrator. Furthermore, detailed interview with the system
administrator of the domain controller was carried out to complete the system questionnaire.
This allowed, identifying the system characteristics as well as security threats.
Step 2: System Characterization
In the system characterization step, first, the boundary of the domain controller system was
defined. Then, the hardware, OS/software and network connectivity was identified in order to
describe the system. Additional data on system configuration, backup plan and recovery
related information were gathered as well.
To gather the necessary information, following data gathering techniques were used.
Questionnaire.
A questionnaire was designed to gather the information about the domain controllersystem aimed on characteristics of the system as well as the management and operational
controls planned or used for the IT system. The questionnaire was aimed for operational
employees who are designated in maintaining the domain controller system.
On-site Interviews
In order to fill out the questionnaire, on site interview was conducted with the designated
system administrator of the domain controller system. Further, it allowed the auditors to
observe and gather information about the physical, environmental, and operational
security of the IT system.
Document Review
Policy documents were reviewed in addition to the questionnaire and interview, in order
to identify the security policies related to the domain controller system. These documents
provided information about the security controls used by and planned for the IT system.
Step 3: Threat Identification
The NIST SP 800-30 standard is used as the basis for threat identification. The threats which
are more likely to occur, was identified through interviews and questionnaire. A threat isdefined as “the potential for a particular threat-source to successfully exercise a particular
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 9/47
Risk Assessment – Alliance Finance
8
vulnerability”. It is important to identify the threat sources as well as motivations and actions
of these threats that are affected to the domain controller system.
Step 4: Vulnerability Identification
After the threat identification, vulnerability identification was carried out in order to list the
vulnerabilities related to the domain controller system. The NIST SP 800-53, Revision 2,
Security Baseline Worksheet used in documenting the vulnerabilities identified through
interview and the questionnaire.
Step 5: Risk Determination (Calculation/Valuation)
The risk assessment team determined the degree of risk upon a threat being exploited by
vulnerability in this step. The risk for a particular threat was expressed as a function of
likelihood and impact.
Likelihood Analysis
Likelihood is the probability that vulnerability might be exploited in the context of the
associated threat environment.
The following tables defines the likelihood definitions used.
Table 2.1 Risk Likelihood Definitions (1)
Likelihood Likelihood Definition
High The threat source is highly motivated and sufficiently capable, and controls
to prevent the vulnerability from being exercised are ineffective.
Moderate The threat source is motivated and capable, but controls are in place that may
impede successful exercise of the vulnerability.
Low The threat source lacks motivation or capability, or controls are in place to
prevent, or at least significantly impede, the vulnerability from being
exercised.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 10/47
Risk Assessment – Alliance Finance
9
Table 2.2 Risk Likelihood Definitions (2)
Effectiveness of
Controls
Probability of Threat Occurrence
Low Moderate High
LowModerate High High
ModerateLow Moderate High
HighLow Low Moderate
Impact Analysis
The second factor determining the level of a risk is the impact resulting from a successful
exploitation of a prevailing vulnerability. The adverse impact of such successful exploitation
can result in harm to any of the main security goals (Confidentiality, Integrity, and
Availability). Loss of confidentiality can occur from the disclosure of sensitive information
stored in the server. Integrity can be harmed through unauthorized changes to the data stored
in the server. Finally, loss of availability can result from disrupt to server functionality and
operational effectiveness. The following table defines the magnitudes of impacts used.
Table 2.3 Risk Impact Definitions
Magnitude
of Impact
Impact Definition
High Exercise of the vulnerability (1) may result in the highly costly loss of
major tangible assets or resources; (2) may significantly violate, harm, or
impede an organization’s mission, reputation, or interest; or (3) may result
in human death or serious injury.
Moderate Exercise of the vulnerability (1) may result in the costly loss of tangible
assets or resources; (2) may violate, harm or impeded an organization’s
mission, reputation, or interest; or (3) may result in human injury.Low Exercise of the vulnerability (1) may result in the loss of some tangible
assets or resources; (2) may noticeably affect an organization’s mission,
reputation, or interest.
In determining the levels of risks the likelihood of a threat, the impact the threat might cause
if the vulnerability is exploited successfully and the adequacy of existing control measures
for reducing and eliminating risks were taken into consideration. According to that, the
following table defines the different levels of risks.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 11/47
Risk Assessment – Alliance Finance
10
Table 2.4 Risk Level Definitions
Risk
Level
Risk Level Definition
High There is a strong need for corrective measures. An existing system may
continue to operate, but a corrective action plan must be put in place as soonas possible.
Moderate Corrective actions are needed and a plan must be developed to incorporate
these actions within a reasonable period of time.
Low The system’s Authorizing Official must determine whether corrective actions
are still required or decide to accept the risk.
Table 2.5 Overall Risk Rating Matrix
Risk Likelihood Risk Impact
Low(1)
Moderate(5)
High(10)
High(10)
Low
1 x 10 = 10
Moderate
5 x 10 = 50
High
10 x 10 = 100
Moderate(5)
Low
1 x 5 = 5
Moderate
5 x 5 = 25
Moderate
10 x 5 = 50
Low(1)
Low
1 x 1 = 1
Low
5 x 1 = 5
Low
10 x 1 = 10
Step 6: Risk Mitigation Recommendations
The controls that can be used to mitigate or eliminate the identified risks are identified in this
step. Aim of these recommendations is to reduce the level of risk to the domain controller
system and the data contained on it to an acceptable level. The factors that are used in
recommending the controls would be,
Sensitivity of the data and the system
Effectiveness of recommended options Legislation and regulations
Organizational policy
Operational impact
Safety and reliability
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 12/47
Risk Assessment – Alliance Finance
11
2.1.3 Phase 3 – Post Assessment
Step 1: Risk Mitigation
Since the total elimination of a risk is impractical, senior management should assess control
recommendations, determine the acceptable level of residual risk, and implement those
mitigations. There are several types of risk mitigation techniques as follows.
Risk Assumption
Accept the potential risk and continue operating the IT system or to implement controls to
lower the risk to an acceptable level.
Risk Avoidance
Eliminate the risk cause and consequences to avoid the risk.
Risk Limitation
Limit the risk by implementing controls that minimize the adverse impact of an
exercising vulnerability.
Risk Planning
Develop a risk mitigation plan that prioritizes, implements, and maintains controls.
Risk Transference
Transfer the risk to a third party by using other options to compensate for the losses
Step 2: Ongoing Monitoring
The milestones to mitigate the risks will be defined and will be used to monitor the successful
completion of the milestones.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 13/47
Risk Assessment – Alliance Finance
12
3. System Characterization
3.1
Functional Description
The domain controller system is a server that responds to security authentication requests
within the server domain in order to allow host access to Windows domain resources. It runs
as a part of the Windows Server 2003 operating system. Access to the domain controller
system is only granted to a few of the selected users who maintain the system. The system
doesn’t have interfaces to other systems.
3.2 System Environment
The domain controller is a Dell Power Edge SC430 server running Windows server 2003
Service pack II. The last update to the operating system is version 5.2 build no 3790. Physical
memory of the server is 2GB; the processor is clocked at 2.8 MHz (Intel Pentium D) and the
storage capacity is 80GB. Redundant power supply is being provided to the server through an
Online UPS that can keep the server running for around 15-20 minutes. There are no network
interfaces other than the LAN. The server hardware components currently have no warranty
and a maintenance agreement is in progress.
Domain Controller is a process/service running on Windows server 2003 that contains
authentication details to respond to authentication requests made. Furthermore, the server is
housed at server room at Alliance Finance Co. PLC Wardplace, Colombo.
The users of the system are located at Alliance Finance Co PLC, Ward Pl. The remote access
is given to their client computers via remote desktop connections. The domain controller
system can only be accessed through LAN of the Alliance Finance premises. Table 3.1 lists
host characterization components for the domain controller.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 14/47
Risk Assessment – Alliance Finance
13
Table 3.1 Host Characterization Components
Host Name Location Status IP Address Platform Software Comments
Domain
Controller
Alliance
Finance Co.
PLC
Wardplace,
Colombo
Operational Not provided Windows server
2003Eset File Security -
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 15/47
Risk Assessment – Alliance Finance
14
3.3 System Users
There are only limited number users of who has been granted the access to the domain
controller system. The system administrator role is granted to the assistant manager of IT at
Alliance Finance Co PLC. Furthermore, there are two admin users who are dedicated to the
maintenance of the system.
Table 3.2 Domain Controller System Users
User Category Access Level
Read /
Write/Full
Number
(Estimate)
Home
Organization
Geographic
Location
System
Administrator
Read/Write 1 Alliance Finance Ward Pl,
Colombo
Admin User Read 2 Alliance Finance Ward Pl,
Colombo
3.4
System Dependencies
A dependency is a telecommunication or information technology interconnection or resource
on which the system under review relies for processing, transport, or storage. A relationship
between the domain controller and a dependency can directly affect it’s confidentiality,
integrity and availability since any vulnerabilities, threats and risks of the dependency will be
inherited by the domain controller itself. While there are no specific dependencies for the
domain controller the following generic information technology resources can be identified
as it’s dependencies.
Local Area Networks
Enterprise Policies
o Password policy
o IT policy
o Backup policy
Security Services
o
Firewall
o Access Control lists
o Intrusion detection system
o Antivirus System
Server room staff, Physical, and Environmental Controls
Vulnerability scanning services – an external party is responsible for carrying out
vulnerability scans annually.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 16/47
Risk Assessment – Alliance Finance
15
3.5 Supported Programs and Applications
There is an antivirus program running on the domain controller system. The antivirus is
ESET File Security and the version is 5.1.34.0. It is currently up-to date and operational.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 17/47
Risk Assessment – Alliance Finance
16
4. Information Sensitivity
This section provides details on different types of information handled and processed by the
domain controller and their sensitivity. Sensitivity of the information handled by a system is a
major factor in risk management.
The risk management team used FIPS 199 to reflect on the impact levels and magnitude of
the harm that loss of confidentiality, integrity and availability would have on the operations,
assets and individuals of at Alliance Finance Co. PLC. FIPS 199 have three potential impact
levels (Low, Mid, High) for each of the security objectives.
Domain controller handles mainly one type of information (Personal Identity and
Authentication). Table 4.1 lists information type characterization for the domain controller.
Table 4.1 Domain Controller Information Type
Information Type NIST SP
800-60
Reference
Confidentiality
Low/Moderate/
High
Integrity
Low/Moderate/
High
Availability
Low/Moderate/
High
Personal Identity and
Authentication
Volume II,
Appendix
C.2
Moderate Moderate Moderate
Overall Rating Moderate Moderate Moderate
4.1
SensitivityThe following table provides the definitions for C/I/A ratings for domain controller
Table 4.2 Definitions for C/I/A Ratings
Security Objective Low Moderate High
ConfidentialityPreserving
authorized
restrictions on
information access
and disclosure,
including means
for protection
personal privacy
and proprietary
information
[44 USC, SEC.
The unauthorizeddisclosure of
information could be
expected to have a
limited adverse effect
on organizational
operations,
organizational assets,
or individuals.
The unauthorizeddisclosure of
information could be
expected to have a
serious adverse effect
on organizational
operations,
organizational assets,
or individuals.
The unauthorizeddisclosure of
information could be
expected to have a
severe or catastrophic
adverse effect on
organizational
operations,
organizational assets, or
individuals.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 18/47
Risk Assessment – Alliance Finance
17
3542]
I ntegri ty
Guarding against
improper
information
modification or
destruction, and
includes ensuring
information non-
repudiation and
authenticity.
[44 USC, SEC.
3542]
The modification or
destruction of
information could be
expected to have alimited adverse effect
on organizational
operations,
organizational assets,
or individuals.
The modification or
destruction of
information could be
expected to have aserious adverse effect
on organizational
operations,
organizational assets,
or individuals.
The modification or
destruction of
information could be
expected to have asevere or catastrophic
adverse effect on
organizational
operations,
organizational assets, or
individuals.
Availability
Ensuring timely
and reliable access
to and use of
information.
[44 USC, SEC.
3542]
The disruption ofaccess to or use of
information or an
information system
could be expected to
have a limited
adverse effect on
organizational
operations,
organizational assets,
or individuals.
The disruption ofaccess to or use of
information or an
information system
could be expected to
have a serious
adverse effect on
organizational
operations,
organizational assets,
or individuals.
The disruption ofaccess to or use of
information or an
information system
could be expected to
have a severe or
catastrophic adverse
effect on organizational
operations,
organizational assets, or
individuals.
The sensitivity designation of information processed by domain controller is moderate. This
moderate designation is based upon the C/I/A designation of the information type for the
domain controller.
4.2 Protection Requirements
4.2.1 Protection Requirement findings
Confidentiality
Domain controller contains sensitive information that is being used to authenticate users
of different systems in Alliance Finance. This data needs protection from unauthorized
access. If this data were to be exposed to public or even within the organization it could
result in unauthorized and malicious users gaining access to data that should otherwise be
out of their knowledge. It also risks sensitive data being leaked and changed. Therefore,
the unauthorized disclosure of domain controller information could be expected to have a
serious adverse effect on organizational operations, organizational assets, or individuals
and the information and protection measures are rated as Moderate.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 19/47
Risk Assessment – Alliance Finance
18
Integrity
Domain controller system processes authentication information to grant access to a
particular server domain. The authentication information must be fully accurate in order
to grant access to the domain, thus, unauthorized modification of this information would
have a serious impact on login in to the server domain. Therefore, unauthorizedmodifications to the domain controller system’s information cause serious effects on the
Alliance Finance Co PLC’s operations and assets. The current protection measures are
rated as low.
Availability
If domain controller were unavailable even for a shorter period of time, it would have an
immediate impact and would affect the efficiency with which domain controller as well
as other systems typically operates. Therefore, the unavailability of domain controller
information could be expected to have a serious adverse effect on organizationaloperations, organizational assets, or individuals and the information and protection
measures are rated as High.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 20/47
Risk Assessment – Alliance Finance
19
5. Identification of Vulnerabilities, Threats and Risks
In order to identify the potential threats and vulnerabilities, firstly, an interview was
conducted with the personnel who maintain the domain controller system and a questionnaire
was filled out based on the outcomes of the interview. In addition, cert websites were used to
identify further details on these vulnerabilities as well as suitable remedial measures. The
Table 5.1 Vulnerabilities, Threats, and Risks, illustrates the list of vulnerabilities and threats
that the risk assessment team found.
The way vulnerabilities combine with credible threats to create risks is identified Table 5.1.
Table 5.1 Vulnerabilities, Threats, and Risks
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
1
Patches to correct
flaws in operating
system software
could fail to
successfully install.
Computer crime
Malicious use
Confidentiality
and integrity of
authentication
data.
Exploitation of flaws
in operating system
could result in
compromise of
confidentiality and
integrity of personal
identity and
authentication data.
2
Loss of firewall
protection.
Computer crime
Malicious use
System compromise
Unauthorized use
Confidentiality
and integrity of
authentication
data.
The system is
protected through
gateprotect hardware
firewall; failure of
this firewall can result
in increasing the
likelihood of other
risks being exploited.
3
Internal access to
server.
Computer crime
Malicious use
Unauthorized use
Confidentiality
and integrity of
authenticationdata
Loss or theft of
personal identity and
authentication data indomain controller
could affect the
confidentiality and
integrity of the data.
4
Hardware
Issues/Equipment
Failure or loss
System Unavailable Inability to access
the system.
Failure of hardware or
equipment may
impact the availability
of the domain
controller
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 21/47
Risk Assessment – Alliance Finance
20
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
5
Single Point of
Failure
System Unavailable Inability to access
the system.
Failure in any part of
the domain controller
could affect othersystems being
properly functioning.
6
Key Person
Dependency
System Unavailable Inability to
adequately
support the
application.
Loss of a key person
responsible for the
domain controller will
result in inability to
operate system
functionality, enhance
them or maintain the
domain controller.
7
Loss of Critical
Documentation,
Data or Software
Malicious use, System
compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Loss of data, software
or documentation
could result in
disruption of service
8
Data Disclosure Malicious use, System
compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Disclosure of
sensitive personal
information could
result in identity theft
and/or system access
control issues.
9
Software Issues
from Vendor
Malicious use, System
compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data and ability to
provide service.
Software issues by the
vendor may result in
data corruption or
mission critical
system disruption.
10
Poor Password
Practices
Malicious use, System
compromise,Unauthorized access
Confidentiality
and integrity ofauthentication
data.
Poor password
practices could allowimproper system
access which could
result in data theft,
data corruption,
application system
alteration or
disruption.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 22/47
Risk Assessment – Alliance Finance
21
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
11
System
Compromise
Malicious use,
Unauthorized access
Confidentiality
and integrity of
authenticationdata.
If the system is
compromised, it can
cause data theft,corruption, system
alteration and
disruption.
12
Lack of Sufficient
Operational
Policies
Malicious use, System
compromise,
Unauthorized access
Confidentiality
and integrity of
authentication
data.
Improper execution of
operational polices
can cause system
alteration, theft or
disruption.
13
Poor PhysicalSecurity
Malicious use, Systemcompromise,
Unauthorized access
Confidentialityand integrity of
authentication
data.
Due to poor physicalsecurity, unauthorized
personal can
physically access to
the domain controller
which would result in
data theft or
corruption.
14
Functional Lockout System unavailability Inability to access
the system.
If the infrastructure is
not accessible, the
staff will be unable to
access to the domain
controller system.
15
Natural Disaster Hurricanes, floods,
and other weather
phenomenon.
Inability to access
the system.
A natural disaster can
cause power failure in
the server farm,
which disable the
access to domain
controller system.
16
Integrity checkups
are not done
Inability to identify
Unauthorized
modification to data
Integrity of
corporate data.
Integrity of data is not
automatically tested
and unauthorized
modification of data
might go unseen.
17
Logs stored in a
central location
Loss of log data Availability of log
data, indirectly
affects integrity of
the data
Logs are kept in the
domain controller
server
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 23/47
Risk Assessment – Alliance Finance
22
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
18
The role based
access requests are
not documented
Malicious use,
Unauthorized access
Confidentiality
and Integrity of
data
Role based requests
and approvals are
only communicatedthrough emails.
Currently there is no
proper documentation
to track that.
19
Media containing
sensitive data is not
destroyed
Malicious use Confidentiality The backup media
devices containing the
restricted/sensitive
data are not destroyed
or recycled. Instead,
currently they are
locked in a safe.
20
DOS overflow System unavailability Confidentiality
and Availability
of authentication
data
The windows server
2003 service pack 2
allows local users to
obtain sensitive
information from
kernel memory and
cause a denial of
service
21
Untrusted search
path vulnerability
Unauthorized access,
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
The windows server
2003 service pack 2
allows local users to
gain privileges via a
Trojan horse cmd.exe
file in the current
working directory, as
demonstrated by a
directory that contains
a .bat or .cmd file
22
Read AV
Vulnerability
Unauthorized access,
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
The windows server
2003 service pack 2
allows local users to
obtain write access to
the PATHRECORD
chain, and
consequently gain
privileges
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 24/47
Risk Assessment – Alliance Finance
23
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
23
Race Condition
Vulnerability
Unauthorized access,
Malicious use of
system components
Confidentiality,
Integrity and
Availability ofauthentication
data
Race condition in
windows server
kernel mode driversallow local users to
gain privileges
24
IPv6 Source
Address Spoofing
Vulnerability
Unauthorized access,
Malicious use of
system components
Confidentiality
and Integrity of
authentication
data
The windows server
2003 service pack 2
allow remote
attackers to bypass
intended IPv4 source-
address restrictions
via a mismatched
IPv6 source address
in a tunneled ISATAP
packet
25
Disk Partition
Driver Elevation of
Privilege
Vulnerability
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
Windows server 2003
service pack 2 does
not properly allocate
memory, which
allows physically
proximate attackers to
execute arbitrary codeor cause a denial of
service by connecting
a crafted USB device
26
CSRSS Memory
Corruption
Vulnerability
Unauthorized access,
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
The Client/Server
Run-time Subsystem
in Windows server
2003 service pack 2
does not properly
handle objects in
memory, which
allows local users to
gain privileges via a
crafted application
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 25/47
Risk Assessment – Alliance Finance
24
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
27
OLE Property
Vulnerability
Malicious use of
system components
Confidentiality
and Integrity and
Availability ofauthentication
data
Microsoft Windows
Server 2003 SP2
allow remoteattackers to execute
arbitrary code via a
crafted OLE object in
a file
28
Remote Procedure
Call Vulnerability
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
Microsoft Windows
Server 2003 SP2
allow remote
attackers to execute
arbitrary code via a
malformed
asynchronous RPC
request
29
Backups are
unencrypted
Unauthorized access Confidentiality
and Integrity of
authentication
data
Backups are written
into optical disks
without encrypting
30
No direct network
link with the
Disaster Recovery
site
Unauthorized access Confidentiality
and Integrity and
Availability of
authentication
data
Theft, misplace of the
backup media while
physically delivering
31
Operating System
is not backed up
System unavailability Availability of
authentication
data
The Operating
System image is not
backed up. Therefore
in case of OS failure,
OS image and all the
patch updates need to
be done from the beginning
32
The Operating
System is not
updated to the
latest version
(Windows server
2012)
Malicious use of
system components
Confidentiality
and Integrity and
Availability of
authentication
data
The current operating
system that runs on
the domain controller
is Windows server
2003. Windows will
stop providing
support for this OS
from 2015 May
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 26/47
Risk Assessment – Alliance Finance
25
Risk
No. Vulnerability Threat
Risk of
Compromise ofRisk Summary
33
Accounts that are
no longer needed
are not deleted in atimely manner
Unauthorized access,
Malicious use of
system components
Confidentiality
and Integrity of
authenticationdata
The current
procedure, user sends
a request through thedepartment head to
the IT department
manager to delete
user accounts of the
employee who left the
organization. This
process is time
consuming
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 27/47
Risk Assessment – Alliance Finance
26
6. Control Analysis
Table 6.1 Risk Controls in place/planned for domain controller
Control Area In-Place/Planned
1 Risk Management
1.1 IT Security Roles & Responsibilities In Place
1.2 Risk Assessment
1.3 IT Security Audits In Place
2 IT Contingency Planning
2.1 Continuity of Operations Planning
2.2 IT Disaster Recovery Planning In Place
2.3 IT System & Data Backup & Restoration In Place
3 IT Systems Security
3.1 IT System Hardening In Place
3.2 Malicious Code Protection In Place
4 Logical Access Control
4.1 Account Management In Place
4.2 Password Management In Place
4.3 Remote Access
5 Data Protection
5.1 Data Storage Media Protection
5.2 Encryption In Place
6 Facilities Security
6.1 Facilities Security In Place
7 Personnel Security
7.1 Access Determination & Control In Place
7.2 IT Security Awareness & Training In Place
8 Threat Management
8.1 Threat Detection In Place
8.2 Incident Handling In Place
8.3 Security Monitoring & Logging In Place
9 IT Asset Management
9.1 IT Asset Control In Place
9.2 Software License Management In Place
9.3 Configuration Management & Change Control In Place
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 28/47
Risk Assessment – Alliance Finance
27
7.
Risk Likelihood & Impact Determination
Table 7.1 Risk Likelihood & Impact ratings
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
1
Exploitation of flaws in operatingsystem could result in compromise of
confidentiality and integrity of
personal identity and authentication
data.
Effectiveness of controls to applyoperating system patches is rated
moderate. This is because the
updates are applied automatically
whenever a new patch is released
without considering a risk benefit
analysis of the release. However,
the updates are applied regularly
and obtained from the vendor
only. Possibility of threat
occurrence is law since only
authorized users are given access
to the domain server.
Low Unauthorizeddisclosure or
modification
of data.
High
2
The system is protected through
gateprotect hardware firewall; failureof this firewall can result in
increasing the likelihood of other
risks being exploited.
Effectiveness of controls is low
since only one firewall is used.Possibility of threat occurrence is
low, because there is no remote
access to domain controller.
Moderate Unauthorized
disclosure ormodification
of data.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 29/47
Risk Assessment – Alliance Finance
28
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
3
Loss or theft of personal identity and
authentication data in domain
controller could affect the
confidentiality and integrity of the
data.
Access is only provided to select
few authorized personals. Thus,
the effectiveness of controls is
high. Threat probability moderate
due to human nature (writing
down passwords, social attacks,
etc.)
Low Unauthorized
disclosure or
modification of
data.
High
4
Failure of hardware or equipment
may impact the availability of the
domain controller
Effectiveness of controls is low
since there are no warranty
agreements for the hardware and
maintenance agreement is still on
progress. The probability of threat
occurrence is dependent on
hardware, software vendor and
age of the hardware.
Moderate Confidentialit
y and integrity
of
authentication
data could be
compromised.
Moderate
5
Failure in any part of the domain
controller could affect other systems
being properly functioning.
The domain controller runs on
one physical system and no
mirror systems are available. If
the system fails, it takes up to 24
hours to recover from DR site.
Thus, the effectiveness of the
controls is low. The probability of
threat occurrence is dependent on
hardware, software vendor and
age of the hardware.
Moderate Inability to
access the
system.
Moderate
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 30/47
Risk Assessment – Alliance Finance
29
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
6
Loss of a key person responsible for
the domain controller will result in
inability to operate system
functionality, enhance them or
maintain the domain controller.
Effectiveness of the controls is
low since there are only two key
persons responsible for the
domain controller and no cross
training is provided for
redundancy. There is always a
possibility for key persons to
leave the company or go on leave.
High Inability to
adequately
support the
system.
Low
7
Loss of data, software or
documentation could result in
disruption of service
All software and data are backed
up and validated daily. Software
could be downloaded through
vendor website. Thus, the
effectiveness of controls is high.
Possibility is low to moderate.
Low Confidentiality and integrity
of
authentication
data could be
compromised.
Moderate
8
Disclosure of sensitive personal
information could result in identity
theft and/or system access control
issues.
Staff is properly trained and
educated on the security policies.
Therefore, the possibility of
sensitive information disclosure is
low. Even effective controls and
training cannot stop a person with
appropriate access from doing
something which is wrong. For
that reason, this must be
considered a medium risk.
Moderate Confidentiality
of
authentication
data could be
compromised.
Moderate
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 31/47
Risk Assessment – Alliance Finance
30
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
9
Software issues by the vendor may
result in data corruption or mission
critical system disruption.
The only software used in the
domain controller is the Antivirus
program. And it is updated
regularly and automatically.
However, the software patches
are not thoroughly tested or
reviewed before applying. Thus,
the effectiveness of the controls is
low.
Moderate Confidentiality
of
authentication
data could be
compromised.
Ability to provide services
could be
compromised.
Moderate
10
Poor password practices could allow
improper system access which could
result in data theft, data corruption,
application system alteration or
disruption.
There is a password policy to
enforce standards in applying a
password, and there are security
awareness training programs
conducted to stress the proper use
of passwords. So, the
effectiveness of the control is
high.
Low Confidentialit
y and integrity
of
authenticationdata could be
compromised.
Moderate
11
If the system is compromised, it can
cause data theft, corruption, systemalteration and disruption.
There is a firewall and an Intruder
Detection System installed. Thuseffectiveness of the controls is
high. Since the domain controller
can only be accessed by the LAN,
probability of system being
compromised is low.
Low Confidentialit
y and integrityofauthentication
data could be
compromised.
Moderate
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 32/47
Risk Assessment – Alliance Finance
31
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
12
Improper execution of operational
polices can cause system alteration,
theft or disruption.
The policy statements are well
documented and there are training
programs twice a year to educate
employees. All the policies
including backup policy and
password policy is properly
maintained and executed. The
effectiveness of the controls is
high. The probability of
happening this kind of a threat is
moderate due to the human
nature.
Low Confidentiality and integrity
of
authentication
data could be
compromised.
Moderate
13
Due to poor physical security,
unauthorized personal can physically
access to the domain controller which
would result in data theft or
corruption.
The server rooms have physical
security methods implemented
and only few authorized persons
have the access. Thus, the
effectiveness of controls is high.
Probability of unauthorized
persons accessing is low.
Low Confidentialit
y and integrity
ofauthentication
data could be
compromised.
Moderate
14
If the infrastructure is not accessible,
the staff will be unable to access to
the domain controller system.
The effectiveness of the controls
is dependent on the network
resilience. Probability of the
infrastructure becoming
inaccessible is moderate.
Low Inability to
access the
system.
Moderate
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 33/47
Risk Assessment – Alliance Finance
32
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
15
A natural disaster can cause power
failure in the server farm, which
disable the access to domain
controller system.
Probability of a natural disaster
occurring is low.
Low Inability toaccess the
system.
Moderate
16
Integrity of data is not automatically
tested and unauthorized modificationof data might go unseen.
Effectiveness of controls is low
since there are no automatedmeasures to conduct integrity
checks. Possibility of
unauthorized modification of data
is low.
Moderate Availability
and Integrityof data could be
compromised.
Moderate
17
Logs are kept in the domain
controller server
Effectiveness of existing controls
is low since logs are kept in same
physical server. Possibility of
threat occurring is low.
Moderate Confidentiality and integrity
of data in the
logs could be
compromised.
Moderate
18
Role based requests and approvals
are only communicated through
emails. Currently there is no proper
documentation to track that.
Effectiveness of existing controls
is low since requests are not
documented. Possibility of threat
occurring is low.
Moderate Confidentialit
y and Integrity
of data could
be
compromised.
Moderate
19
The backup media devices containing
the restricted/sensitive data are not
destroyed or recycled. Instead,
currently they are locked in a safe.
Effectiveness of existing controls
is moderate since media is locked
on a safe. Possibility of threat
occurring is low.
Low Confidentiality of data
could be
compromised.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 34/47
Risk Assessment – Alliance Finance
33
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
20
The windows server 2003 service
pack 2 allows local users to obtain
sensitive information from kernel
memory and cause a denial of service
Effectiveness is high since regular
updates are done. Possibility of
threat occurring is low since there
are only few users granted access.
Moderate Confidentiality,
Availability of
authentication
data could be
compromised.
High
21
The windows server 2003 service pack 2 allows local users to gain
privileges via a Trojan horse cmd.exe
file in the current working directory,
as demonstrated by a directory that
contains a .bat or .cmd file
Effectiveness is high since regularupdates are done. Possibility of
threat occurring is low since there
are only few users granted access.
Low Confidentiality,Integrity and
Availability of
authentication
data could be
compromised.
High
22
The windows server 2003 service
pack 2 allows local users to obtain
write access to the PATHRECORD
chain, and consequently gain
privileges
Effectiveness of controls are high
since regular updates are done.
Possibility of threat occurring is
low.
Low Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 35/47
Risk Assessment – Alliance Finance
34
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
23
Race condition in windows server
kernel mode drivers allow local users
to gain privileges
Effectiveness of controls are high
since regular updates are done.
Possibility of threat occurring is
low.
Low Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
24
The windows server 2003 service
pack 2 allow remote attackers to
bypass intended IPv4 source-address
restrictions via a mismatched IPv6
source address in a tunneled ISATAP
packet
Effectiveness of controls are high
since the firewall protection is
available. Probability of threat
occurring is low.
Low Confidentiality
and Integrity of
authentication
data could be
compromised.
Moderate
25
Windows server 2003 service pack 2
does not properly allocate memory,
which allows physically proximate
attackers to execute arbitrary code or
cause a denial of service by
connecting a crafted USB device
Effectiveness of controls are high
since limited number of users
have access to the domain
controller. Probability of threat
occurring is low.
Low Confidentiality,
Integrity and
Availability of
authentication
data could be
compromised.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 36/47
Risk Assessment – Alliance Finance
35
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
26
The Client/Server Run-time
Subsystem in Windows server 2003
service pack 2 does not properly
handle objects in memory, which
allows local users to gain privileges
via a crafted application
Effectiveness of controls are high
since limited number of users
have access to the domain
controller. Probability of threat
occurring is low.
Low Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
High
27
Microsoft Windows Server 2003 SP2
allow remote attackers to execute
arbitrary code via a crafted OLE
object in a file
Effectiveness of controls are high
since remote access is not granted
to the domain controller.
Probability of threat occurring is
low.
Low Confidentiality
and Integrity
and Availability
of
authentication
data could be
compromised.
High
28
Microsoft Windows Server 2003 SP2
allow remote attackers to execute
arbitrary code via a malformed
asynchronous RPC request
Effectiveness of controls are high
since limited number of users
have access to the domain
controller. Probability of threatoccurring is low.
Low Confidentiality
and Integrity
and Availability
ofauthentication
data could be
compromised.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 37/47
Risk Assessment – Alliance Finance
36
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
29
Backups are written into optical disks
without encrypting
Effectiveness of controls are low
since no encryption. Probability
of risk occurring is moderate.
High Confidentiality
and Integrity of
authentication
data could be
compromised.
High
30
Theft, misplace of the backup mediawhile physically delivering
Effectiveness of controls are low.Probability of risk occurring is
low.
Moderate Confidentialityand Integrity
and Availability
of
authentication
data could be
compromised.
High
31
The Operating System image is not
backed up. Therefore in case of OS
failure, OS image and all the patch
updates need to be done from the
beginning
Effectiveness of controls are low
since the whole OS image is not
backed up. Probability of risk
occurring is moderate.
High Availability of
authentication
data could be
compromised.
Moderate
32
The current operating system that
runs on the domain controller isWindows server 2003. Windows will
stop providing support for this OS
from 2015 May
Effectiveness of controls are
moderate since patch updates aredone. Probability of risk
occurring is moderate.
High Confidentiality
and Integrityand Availability
of
authentication
data could be
compromised.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 38/47
Risk Assessment – Alliance Finance
37
Risk
No. Risk Summary Risk Likelihood Evaluation
Risk
Likelihood
Rating
Risk Impact Risk Impact
Rating
33
The current procedure, user sends a
request through the department head
to the IT department manager to
delete user accounts of the employee
who left the organization. This
process is time consuming
Effectiveness of controls are
moderate since there’s existing
process but it’s time consuming.
Probability of risk occurring is
low.
Low Confidentiality
and Integrity of
authentication
data could be
compromised.
High
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 39/47
Risk Assessment – Alliance Finance
38
8.
Overall Risk Determination & Recommendations
Table 8.1 Overall Risk Rating
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
1 Backups are written into optical disks
without encrypting High High High (Score 100)
Backups need to be written in
write once disks and must beencrypted and signed with a
message digest
2
The current operating system that runs on
the domain controller is Windows server
2003. Windows will stop providing
support for this OS from 2015 May High High High (Score 100)
OS should be upgraded to the
latest version
3
The system is protected through
gateprotect hardware firewall; failure of
this firewall can result in increasing the
likelihood of other risks being exploited. Moderate High Moderate (Score 50)
It is a good practice to use
multiple firewalls to keep
functioning even when one
firewall fails.
4The windows server 2003 service pack 2
allows local users to obtain sensitive
information from kernel memory and
cause a denial of service Moderate High Moderate (Score 50)
Scan the opened ports in the
server and close the unnecessary ports.
Fix is provided through Windows
update Windows Server 2003
KB2930275
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 40/47
Risk Assessment – Alliance Finance
39
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
5Theft, misplace of the backup media while
physically delivering Moderate High Moderate (Score 50)
Direct network link should be
implemented to connect disaster
recovery site to the Alliance
Finance premises
6
The Operating System image is not backed
up. Therefore in case of OS failure, OSimage and all the patch updates need to be
done from the beginning High Moderate Moderate (Score 50)
OS images should be backed up
on a regular basis and should beannually tested least twice.
7
Failure of hardware or equipment may
impact the availability of the domain
controller Moderate Moderate Moderate (Score 25)
Domain controller runs on one
physical server. It is
recommended to have a mirror
server in case of primary server
failure. Furthermore, Service
Level Agreements need to be
signed with the vendor.
8 Failure in any part of the domain controller
could affect other systems being properlyfunctioning. Moderate Moderate Moderate (Score 25)
Domain controller runs on one
physical server. It is
recommended to have a mirror
server in case of primary serverfailure.
9
Disclosure of sensitive personal
information could result in identity theft
and/or system access control issues. Moderate Moderate Moderate (Score 25)
Disclosure of personal data is
mitigated to an acceptable level
using existing controls.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 41/47
Risk Assessment – Alliance Finance
40
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
10
Software issues by the vendor may result
in data corruption or mission critical
system disruption. Moderate Moderate Moderate (Score 25)
Update only on need basis and
review the patches before
updating.
11
Integrity of data is not automatically tested
and unauthorized modification of data
might go unseen. Moderate Moderate Moderate (Score 25)
Implement an automated system
to check the data integrity.
12 Logs are kept in the domain controller
server Moderate Moderate Moderate (Score 25)
Logs should be kept in another
location separate from the domain
controller system.
13
Role based requests and approvals are only
communicated through emails. Currently
there is no proper documentation to track
that. Moderate Moderate Moderate (Score 25)
Proper standards and guidelines
should be created regarding
documenting role based requests.
14
Exploitation of flaws in operating system
could result in compromise of
confidentiality and integrity of personal
identity and authentication data. Low High Low (Score 10)
Even though the risk is low, it is
important to conduct regular
integrity checkups and review the
recent patch updates done.
15
Loss or theft of personal identity and
authentication data in domain controller
could affect the confidentiality and
integrity of the data. Low High Low (Score 10)
The existing controls are
sufficient enough to mitigate the
loss/theft of personal data to an
acceptable level.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 42/47
Risk Assessment – Alliance Finance
41
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
16
Loss of a key person responsible for the
domain controller will result in inability to
operate system functionality, enhance
them or maintain the domain controller. High Low Low (Score 10)
Train few employees to be
responsible for maintaining the
domain controller system (have
redundancy).
17
The backup media devices containing the
restricted/sensitive data are not destroyedor recycled. Instead, currently they are
locked in a safe. Low High Low (Score 10)
Proper procedures should be
implemented in destroying themedia containing sensitive data.
18 The windows server 2003 service pack 2
allows local users to gain privileges via a
Trojan horse cmd.exe file in the current
working directory, as demonstrated by a
directory that contains a .bat or .cmd file Low High Low (Score 10)
Use monitoring tools that
examine the software's process
as it interacts with the operating
system and the network.
Use automated static analysis
tools
Use manual penetration testing,
threat modeling
19
The windows server 2003 service pack 2
allows local users to obtain write access to
the PATHRECORD chain, and
consequently gain privileges Low High Low (Score 10)
Apply the relevant updates.
Administrators are advised to
allow only trusted users to the
system.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 43/47
Risk Assessment – Alliance Finance
42
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
20Race condition in windows server kernel
mode drivers allow local users to gain
privileges Low High Low (Score 10)
Disable the WebClient service
Fix is provided through Windows
update Windows Server 2003
KB2813170
21
Windows server 2003 service pack 2 does
not properly allocate memory, which
allows physically proximate attackers to
execute arbitrary code or cause a denial of
service by connecting a crafted USB
device Low High Low (Score 10)
Permit local access for trusted
individuals only. Where possible, use restricted
environments and restricted
shells.
Fix is provided through Windows
update Windows Server 2003
KB2998579
22
The Client/Server Run-time Subsystem in
Windows server 2003 service pack 2 does
not properly handle objects in memory,
which allows local users to gain privileges
via a crafted application Low High Low (Score 10)
Fix is provided through Windows
update Windows Server 2003
KB2820917
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 44/47
Risk Assessment – Alliance Finance
43
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
23
Microsoft Windows Server 2003 SP2
allow remote attackers to execute arbitrary
code via a crafted OLE object in a file Low High Low (Score 10)
Block external access at thenetwork boundary, unless
external parties require service
Deploy network intrusion
detection systems to monitor
network traffic for malicious
activity
Fix is provided through Windows
update Windows Server 2003
KB2876217
24
Microsoft Windows Server 2003 SP2
allow remote attackers to execute arbitrary
code via a malformed asynchronous RPC
request Low High Low (Score 10)
Fix is provided through Windows
update Windows Server 2003
KB2849470
25
The current procedure, user sends a
request through the department head to the
IT department manager to delete user
accounts of the employee who left the
organization. This process is time
consuming Low High Low (Score 10)
Accounts that are no longer
needed should be identified and
removed in a timely manner
26Loss of data, software or documentation
could result in disruption of service Low Moderate Low (Score 5)
Since it takes up-to 24 hours to
full system recovery, faster
backup/recovery plans must be
implemented.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 45/47
Risk Assessment – Alliance Finance
44
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
27
Poor password practices could allow
improper system access which could result
in data theft, data corruption, application
system alteration or disruption. Low Moderate Low (Score 5)
The existing password policy is
sufficient to mitigate this risk.
28
If the system is compromised, it can cause
data theft, corruption, system alterationand disruption. Low Moderate Low (Score 5)
Conduct regular integrity checks
and review access logs regularly.
29Improper execution of operational polices
can cause system alteration, theft or
disruption. Low Moderate Low (Score 5)
The operational policies are
practiced and executed well
enough to mitigate this type of a
risk.
30
Due to poor physical security,
unauthorized personal can physically
access to the domain controller which
would result in data theft or corruption. Low Moderate Low (Score 5)
The physical security levels of the
server farm is acceptable to
mitigate this risk.
31If the infrastructure is not accessible, the
staff will be unable to access to the domaincontroller system. Low Moderate Low (Score 5)
Implement redundancy in the
network infrastructure and have a
plan for immediate replacementof infrastructure hardware.
32
A natural disaster can cause power failure
in the server farm, which disable the
access to domain controller system. Low Moderate Low (Score 5)
Having alternative power
generators at least up to 48 hours
of operational time.
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 46/47
Risk Assessment – Alliance Finance
45
Risk
No. Risk Summary
Risk
Likelihoo
d Rating
Risk
Impact
Rating
Overall Risk
Rating
Recommendation
33
The windows server 2003 service pack 2
allow remote attackers to bypass intended
IPv4 source-address restrictions via a
mismatched IPv6 source address in a
tunneled ISATAP packet Low Moderate Low (Score 5)
Configure theDisableIPSourceRouting entry to
a value of 2
Fix is provided through Windows
update Windows Server 2003
KB978338
8/9/2019 Risk Assessment - Alliance Finance
http://slidepdf.com/reader/full/risk-assessment-alliance-finance 47/47
Risk Assessment – Alliance Finance