Tentative risk assessment
According to Whitman and Mattord (2012), risk assessment is a procedure that is utilized to identify particular hazards facing an organization. Also, the risk assessment process highlights the risks associated with hazards. Organizations conduct risk assessment procedures to avoid and control risks. The correct identification of risks requires an organization to develop protective measures that will prevent the organization from incurring losses (Whitman & Mattord, 2012). At the workplace, the risk assessment conducted was aimed at identifying the risks associated with customer application processes over the internet. The risk assessment team used a risk assessment questionnaire to collect data about the possible risks from participants. Secondly, the team used several security tools to identify the potentially vulnerable areas during the application process. It used AppScan and Nmap as the desired assessment tools. Thirdly, the risk assessment team used vulnerability sources to identify common vulnerable areas. The team used the Microsoft Security Advisory source.
The risk assessment squad decided to assess the threat likelihood through three main weight factors (High, Medium and Low). After the risk assessment, it discovered that serious threats that affect the organization include the loss of company assets, financial loss, the inability of the company to achieve its mission and vision. Lastly, the loss of life of the company’s employees during work was also a high-risk factor. Medium risk factors included damage to the organizational assets, harm to company employees, and a decrease in the company’s earnings.Low-risk factors include minor physical harm to employees, minimum financial loss, and organizational assets. During the assessment, the team discovered that the main critical areas that might generate high, medium, and low risks are access of company data by third parties. The organization needs to upgrade its firewall to prevent malicious hackers from sensitive information.
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology.