Student name:

When securing the modern enterprise, consider that IT systems do not operate alone. Securing them involves securing their interfaces with other systems as well. It is important to know the different interconnections each system may have.

Fill out the table below for four IT systems. Include the following:

• Note two enterprise systems they connect with and their connection type.
• Note two security vulnerabilities the connection may have and 2 to 4 ways each vulnerability could be potentially exploited.

Consider the following as you build your table:

• Two example rows have been entered into the table.
• Keep in mind that enterprise systems cover a certain task in the enterprise (HR, CRM, identity management, etc.). They are not the components of a system (such as servers).
• Connections can often be a direct connection/pipe, a file, a common database or something else.
• The vulnerability is what would make the connection vulnerable to an attack.
• The related risk is an attack that could target the weakness.

IT System	Target System	Connection Type	Possible Security Vulnerability	Related Risk
Example HR System	Identity Management System	Feeder File	File could be modified.	User rights might not be correctly updated.
Example Customer Relationship Management (CRM)	1. Sensitive Data 2. System Data	Web communications (https)	TCP/IP (denial-of-service attacks) Cross-site scripting (XSS or CSS)	Mail bombs Temporarily cease operation Theft of data and information Content spoofing Not to be in compliance Control of user browser Deliver malware or warm Execute arbitrary commands Control of user account on vulnerable web application