Question

Select a small business of which you are familiar and possibly where you may have a contact person willing to share basic information for the purposes of this assignment. Provide the name and location of the business. Provide a basic overview (a paragraph) of the business indicating the type for example retail, ecommerce, manufacturing etc. Also include the estimated size of the business by including the number of employees and annual profits. These will set the scope for the assignment and should be inserted above the worksheet table. Investigate/research the business to develop a Threat and Risk Assessment applying the worksheet (used in class) to determine the current situation of the business and provide recommendations (if applicable). Since this exercise can become quite detailed limit your analysis to hardware, software, and data if you can gain access to the information. If not, select areas which are accessible for information staying within the categories discussed in class. Each area will break down into multiple parts so it is important to carry through no more than one subcomponent for each section. As in class we considered the hardware asset of a server and worked that through the various components of the TRA worksheet.

Answer 1

Business Name: Internet Cafe

Location: Mehdipatnam, Hyderabad

Overview: This shop consists of multiple computers where people use the system for an hour and then payment process happens based on the amount of time given. And they even have a xerox machine for taking print outs.

The number of employees working in that shop is around 10, and the annual income of that business will be 100,000.

A Threat and Risk Assessment analyzes a software system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks. A vulnerability is any “flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy” (NIST SP800-30 Risk Management Guide for Information Technology Systems). The level of threat is determined from the potential for any natural, human or environmental source to trigger or exploit any identified vulnerability. The risk assessment looks at both the probability of that threat occurring, and the impact on both system and organization should it occur. An appropriate strategy can then be formulated for each risk depending on severity (such as acceptance of the risk, adoption of a mitigation plan, or implementation of an avoidance strategy).