Assessment item 1 Threat and Risk Assessment Report Task Write a Threat and Risk Assessment Report that assesses the findings of a gap analysis and articulates the most prominent risks and threats to...

1 answer below »
Assessment item 1 Threat and Risk Assessment Report Task Write a Threat and Risk Assessment Report that assesses the findings of a gap analysis and articulates the most prominent risks and threats to the subject organisation - EvolveNet. The audience of the Threat and Risk Assessment Report is the SLT and Executive team of the target organisation and should be authored to a professional standard as would be expected in typical large organisation. The report must include o An assessment of the control gaps identified in the gap analysis report (provided) and risk presented to the organisation o Possible threat scenarios that the organisation is subject to due to the identified gaps o A list of prioritised short-term (tactical) and long-term (strategic) initiatives to address the identified risks o A copy of the threat matrix used for risk level rating  A suggested heading structure is provided below 1.      Executive Summary 2.      Introduction 3.      Organisational Assets 4.      Threat Categories 5.      Vulnerabilities and Threats (table including: vulnerabilities, threat scenarios, likelihood, impact, risk level) 6.      Risk Treatment Plan (table including, recommended controls, vulnerabilities addressed, priority, owner) 7.      Risk rating matrix     Organisational Overview EvolveNet is an Australian VOIP company that supplies over-the- top VOIP services for residential and businesses customers. Our key product is the the AnyPhone VOIP service that allows customers to make low-cost phone calls across the globe. Additional services include GlobalPhone, which provides a local phone number in 20 different countries. As a world leader, EvolveNet provides the VOIP platform for over 50 domestic and global telecommunication partners. EvolveNet provides a reliable, easily-to- configure, plug and play VOIP service.   Key Information Assets and Systems - Customer database (~300,000 records) - Call records (2,000,000 records per day) - Internet-facing servers (website server, webmail, email, web service, DNS server) - Internal servers (file, print, intranet, corporate PBX, DHCP and DNS servers) - Self-service VOIP configuration website - Web development and test systems - Wholesale - Customer-facing PBX and voicemail farm - Staff workstations and laptops - VPN concentrator - Network routers and switches for corporate network - Boarder and DMZ firewall - EvolveNet Strategy
Answered Same DayDec 26, 2021

Answer To: Assessment item 1 Threat and Risk Assessment Report Task Write a Threat and Risk Assessment Report...

David answered on Dec 26 2021
117 Votes
EvolveNet

EvolveNet
Threat & Risk Assessment Report

8/1/2017
Threat & Risk Assessment Report

2

Executive Summary
The document is a threat and risk assessment report for an Australian company called
EvolveNet. It is an organization that provides VOIP services to the business and residential
users. There are many control gaps in the security of EvolveNet. It is because of this reason that
there are many security vulnerabilities that may lead to the occurrence of security threats and
risks. The report covers the introduction to the organization and provides an account of the

organizational assets. The gaps identified in the security of EvolveNet have been covered along
with the threat categories and vulnerabilities. Risk treatment plan and risk rating matrix have also
been included in the report.
Threat & Risk Assessment Report

3

Table of Contents
Introduction ................................................................................................................................................... 4
Organizational Assets ............................................................................................................................... 4
Control Gaps ................................................................................................................................................. 4
Threat Categories .......................................................................................................................................... 5
Confidentiality Threats ............................................................................................................................. 5
Integrity Threats ........................................................................................................................................ 5
Availability Threats .................................................................................................................................. 6
Vulnerabilities and Threats ........................................................................................................................... 6
Risk Treatment Plan ...................................................................................................................................... 9
Short-term initiatives .............................................................................................................................. 10
Long-term Initiatives .............................................................................................................................. 11
Risk Rating Matrix ...................................................................................................................................... 11
Conclusion .................................................................................................................................................. 13
References ................................................................................................................................................... 14
Threat & Risk Assessment Report

4

Introduction
EvolveNet is an Australian organization that supplies varied Voice over Internet Protocol (VOIP)
services for the home users as well as the business users. EvolveNet has collaborated with fifty
local and global telecommunication partners and provide them with VOIP services such as
AnyPhone, GlobalPhone, and many others. EvolveNet has managed to provide its customers
with reliable and easy to use service. The quality of service provided by the organization has
allowed it to establish a good market value.
Organizational Assets
Information is the primary asset for EvolveNet and it includes several key information sets and
systems such as call records, records of the customers, internal and internet facing servers along
with the VOIP website. Other assets such as VPN concentrator, workstations and laptops of the
staff members, networking equipment, DMZ firewall etc. also have a significant importance.
Customer database of the organization comprises of over 300,000 records. Also, the per day call
data that EvolveNet manages includes over 2,000,000 records.
All of the organizational assets comprise of private and confidential information. Exposure of
these assets and the information present within them will lead to significant damage for
EvolveNet. It has, therefore, become a primary point of concern for the organization to protect
all of its assets from the threats and risks that may damage these assets.
Control Gaps
An audit of the security control and asset management & security was carried out on EvolveNet
to understand the level of security being maintained in the organization. There were certain
major gaps that were identified in the process and have been listed below.
 Log information associated with the organization was not protected
 Logs of privileged functions were not present
 Gaps in information security policies and strategies such as infrequent reviews and
audits, insufficient analysis and absence of monitoring of the security status
 Gaps associated with the staff members of EvolveNet such as non-compliance of clear
desk and clear screen policies along with unattended systems
 No restriction on the installed software
Threat & Risk Assessment Report

5

 Test data used by the testing team was not protected
 Use of unprotected e-mail to share sensitive and critical information
 Asset management system including inventory, ownership and return of assets was found
to have security loopholes
 Inefficient induction programmes and training provided to the new employees
 Key management process was not being followed in the organization
 Absence of anti-virus and other anti-malware tools from some of the internet facing
servers
Threat Categories
There are numerous gaps in the security associated with EvolveNet and the policies that are
followed in the...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here