Question

1. What is the function of risk assessment? How is it conducted for information systems?.

2. Why are computer systems so vulnerable? Describe the most common threats against contemporary information systems.

Answer 1

Answer1:

Risk assessment has several functions, as :

1. Identifying Risks of different types in the system so that it can be dealt with the logic.

2. Analyzing Risks of the same kind, it helps inefficiency because rectifying the risks of the same type helps in reducing the level of complexity

3. Judge the Risks based on their level of damage in the system

4. Collection of information, here the information means the risks of different types and the level of damage they could do in the order.

• Risk Assessment is conducted for information systems; the purpose of it is to keep away the threats and attacks away from the system.
• The first collection of data related to risks
• Then the threats are identified based on many parameters like type of attack: Cross-Site Scripting Attack, SQL injection, and so on.
• Then the evaluation of the risks based on many professional tools.

Answer 2:

Well, there are many reasons for systems being so vulnerable. First of all, it is partially depends on the user's education about systems and networks. He/She can be fooled on Phishing attacks or downloading some malware. Plus, security is expensive nowadays, and it is hard for frequent users to look at it.

Common threats against contemporary information systems

• Risks can be on both sides: Server and Client or it could be across the medium of communication
• Threats in servers may include the SQL injection and extract the sensitive information
• Manipulation of data
• Malware like keylogging or RAT which may be installed remotely