Scribd
Upload
3 views

Risk and Vulnerability

The document outlines various vulnerabilities and risks associated with information management, access controls, and system security. Key issues include unauthorized disclosure of sensitive information, weak user access management, and lack of awareness leading to potential security breaches. Additionally, it highlights the need for improved incident management, technical vulnerability assessments, and enforcement of security protocols.

Uploaded by

sudhy vipi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
3 views

Risk and Vulnerability

The document outlines various vulnerabilities and risks associated with information management, access controls, and system security. Key issues include unauthorized disclosure of sensitive information, weak user access management, and lack of awareness leading to potential security breaches. Additionally, it highlights the need for improved incident management, technical vulnerability assessments, and enforcement of security protocols.

Uploaded by

sudhy vipi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 6

VulnerabilitRisk

Critical
Weak
information
backup
cannot be
management
referenced.

unauthorized
Weak
disclosure of
Storage
information

Confidential
Weak non
information
disclosure
can be
agreements
leaked

Accountabili
ty cannot be
Weak access
established
controls
in case of
theft of data

Lack of
awareness
Lack of
can lead to
clear desk
unauthorized
clear screen
disclosure of
practices
sensitive
information

Documents
Succeptible
could be
to fire
destroyed

Weak user Disclosure


access of sensitive
management information
Information
could be
misused,
stolen or
Weak non
unintentiona
disclosure
lly disclosed
agreements
and it leads
to potential
legal
liabilities.

Information
could be
Weak non
misused,
disclosure
stolen or
agreements
unintentiona
lly disclosed

Unplanned
outages,
Weak
system
Change
instability,
Management
and data
process
integrity
issues

System
vulnerabiliti
Weak
es,
Technical
compatibilit
review after
y issues, and
OS Changes
security
gaps

Exposure to
known
security
Weak patch
vulnerabiliti
management
es and
malware
attacks
Inconsistent
operations,
Weak
human
operating
errors, and
procedures
process
failures

Prolonged
system
Weak outages and
Incident delayed
Management response to
security
breaches

System
performance
Weak
degradation
capacity
and
planning
unexpected
process
service
disruptions

Weak user
access
management
Unauthorized access to sensitive systems and data
Persistent
security
Weak exposures
vulnerability and
management increased
risk of
breaches

Weak clock
synchronizat
ion
Audit trail inconsistencies and timestamp validation failures
Inability to
detect
Weak event security
monitoring incidents in
a timely
manner

Weak User
awareness
Increased susceptibility to social engineering and phishing attacks

Duties and Fraud risk,


responsibilit conflict of
ies of interest, and
employees inadequate
are not operational
segregated controls

Application
is not tested
after
operating
system
changes
Application failures, data corruption, and service disruptions

Single point
Used of
of failure
shared
leading to
hardware
service
/Hardware
unavailabilit
failure
y

Maker-
checker
restriction is
not enforced
on new
account
creation for
employees

Unauthorized account provisioning and access control violations


Extended
A BCP/ DR downtime
framework during
with roles & disasters and
responsibilit inability to
ies are not recover
defined critical
operations

Technical
vulnerabiliti
es are not
identified &
mitigated on
a regular
basis

Persistent exposure to known security weaknesses and exploits

Password is
Unauthorize
not changed
d access
after
may
termination/
continue
retirement/tr
even after
ansfer of
role
application
changes.
admin.

Retention
period for
audit logs is
not defined
Loss of evidence for incident investigations or audits.
Weak
passwords
Users are
could
not forced to
remain in
change their
use,
password on
increasing
first login
security
risks.
No second
factor
authetication
Increased likelihood of unauthorized access.

Third party
users are Confidential
granted data may be
unrestricted exposed or
access to misused.
Application

User session
is not timed
out after a
defined
period of
inactivity
Unattended sessions may lead to unauthorized access.

You might also like