Memorandum about:

• Any additional vulnerabilities or weaknesses that may currently be in place affecting FA2.
• Any additional threat-sources that can trigger the vulnerabilities or weaknesses you just identified for FA2
• Any additional risks or situations involving exposure to loss for the financial information in FA2
• Any additional controls or procedures that should be implemented to mitigate the risks just identified

1:50 Student AA feueduph-my.sharepoint.com C 1 of 1 X O periodic change, password history, lockout threshold, and complexity. Likelihood Determination Impact Impact Financial IT Area / Likelihood Probability | Magnitude Level Risk Recommended Action Application | Vulnerability Threat Source Level Assigned of Impact Value Risk Rating Control Priority Financial Information Unauthorized Very High 1.00 High 75 Users possess 75 User access Very Application Security / FA2 users privileges that privileges within High #2 (FA2) owners do not (hackers, are not FA2 are periodically terminated consistent with periodically review user employees, their job reviewed by access privileges. and insiders) functions, application allowing owners to verify unauthorized or access privileges incorrect remain modifications to appropriate and FA2's data, which consistent with could cause job requirements management decisions based upon misleading information. Information Unauthorized Very High 1.00 High 75 Terminated users 75 The security Very Security / users can gain access to administrator is High Terminated user (terminated FAZ and view or notified of accounts are not employees) modify its employees who removed from financial have been FA2. information. terminated. Access privileges of such employees are immediately changed to reflect their new status. Likelihood Determination Impact Impact Financial IT Area / Likelihood Probability Magnitude Level Risk Recommended Action Application Vulnerability Threat Source |Level Assigned of Impact Value | Risk Rating' Control Priority Change Control Unauthorized Low 0.25 High 75 FA2 changes are 18.75 Changes to FAZ Low Management / application not properly are tested and Test results for changes and authorized. approved by FA2 upgrades modifications Implementation management are not approved of such changes prior to their by management, could result in implementation prior to their invalid or in production in implementation misleading data. accordance with into production. test plans and results. Computed by multiplying the "Probability Assigned" and the "Impact Level Value."