Hands-On Project 8-10

Software skills: Spreadsheet formulas and charts Business skills: Risk assessment 8- 10

This project uses spreadsheet software to calculate anticipated annual losses from various security threats identified for a small company. Mercer Paints is a paint manufacturing company located in Alabama that uses a network to link its business operations. A security risk assessment requested by management identified a number of potential exposures. These exposures, their associated probabilities, and average losses are summarized in a table, which can be found in this learning module. Use the table to answer the following questions:

In addition to the potential exposures listed, identify at least three other potential threats to Mercer Paints, assign probabilities, and estimate a loss range.

Use spreadsheet software and the risk assessment data to calculate the expected annual loss for each exposure.

Present your findings in the form of a chart. Which control points have the greatest vulnerability? What recommendations would you make to Mercer Paints? Prepare a written report that summarizes your findings and recommendations.

Additional Information:

Software skills: Spreadsheet formulas and charts

Business skills: Risk assessment

8-10 Setting security policies and procedures really means developing a plan for how to deal with computer security. One way to approach this task is:

Look at what you are trying to protect.

Look at what you need to protect it from.

Determine how likely the threats are.

Implement measures that will protect your assets in a cost-effective manner.

Review the process continuously, and improve things every time a weakness is found.

Reports should focus most on the last two steps, but the first three are critically important to making effective decisions about security. One old truism in security is that the cost of protecting yourself against a threat should be less than the cost of recovering if the threat were to strike you. Without reasonable knowledge of what you are protecting and what the likely threats are, following this rule could be difficult.

Chapter 8 Hands-on MIS Security Vulnerabilities and Risk Assessment Tables

Management Decision Problem 2

SECURITY VULNERABILITIES BY TYPE OF COMPUTING PLATFORM

Platform Number of High Medium Low Total

Computers Risk Risk Risk Vulnerabilities

Windows Server

(corporate applications) 1 11 37 19

Windows 8 Enterprise

(high-level administrators) 3 56 242 87

Linux (e-mail and printing services) 1 3 154 98

Sun Solaris (UNIX)

(E-commerce and Web servers) 2 12 299 78

Windows 8 Enterprise user

desktops and laptops with office 195 14 16 1,237

productivity tools that can also be

linked to the corporate network

running corporate applications and

intranet