Highest Voted 'risk' Questions - IT Security Stack Exchange

1

vote

1 answer

What is the risk of using Windows Phone 8.1 now?

My friend uses Microsoft Phone 8.1 mobile for a tax accountancy firm. As it hasn't received security updates for five years I believe that is a significant information security risk. However, the principal of the firm does not believe it to be a…

asked Oct 29 '20 at 12:44

Darryn Brisdaz

111
4

1

vote

1 answer

Font risk in unopened email in inbox

This is obviously not from PayPal, but the font in the word account displayed using odd looking font, is this a security risk to me that Outlook.com displayed this font? See below, Outlook has preview text enabled as default

email risk font

asked Oct 06 '20 at 17:47

Coderxyz

562
4
9

1

vote

1 answer

vulnerability management, risk mitigation vs risk acceptance

I was involved in a conversation concerning the in-house vulnerability management program. One the statements made was that the management is generally not willing to accept risk and it should be aimed to mitigate it preferably in form of patching.…

vulnerability risk-management patching risk

asked Jan 14 '20 at 13:03

user211245

79
3

1

vote

2 answers

Security of using DHCP and non-standard ports for medical devices

I recently came across this comment written in a journal article. Lastly, medical apparatus are expected to use Dynamic Host Configuration Protocol (DHCP) for the allocation of their IP addresses and even worst [sic] use non-standard ports for…

ports risk dhcp medicaldevice

asked Dec 30 '19 at 17:34

daikin

999
1
6
8

1

vote

2 answers

Risk and probability from CVE

How can I find risk and probability from CVE (https://cve.mitre.org/)? I read an article and it says (pg 14), The cost is derived from the attack tree, and risk and probability are based on CVE The article is about DoS attack and IoT networks.

denial-of-service cve risk iot

asked Jan 29 '19 at 13:42

hamed sharafi

21
3

1

vote

1 answer

Risk assessment Struggling with scenario

I have been given a situation (see below),The question i need to answer to complete the task is: What is the ALE for phishing emails for the company, in pounds; e.g. 203,760? When i multiply the answers i have ARO * AV * EF = 38631600. This answer…

risk exposure

asked Jan 27 '19 at 20:28

Luke Costello-Watkins

11
4

1

vote

0 answers

Advice for carrying out risk identification in ISO27005:2011

I am currently required to carry out an information security risk assessment for an assignment, using the ISO 27005:2011 standard, for the Equifax data breach that occurred in 2017,…

vulnerability risk-management risk threats

asked Nov 30 '18 at 21:31

2nce

11
2

1

vote

2 answers

Storing customer data securely (compliance)

I came a cross this data breach where developers of an organization stored some customer PII data on their github account. Common sense tells me that this is obviously stupid and careless thing to do. My question is that is there any security…

databases data-leakage compliance risk governance

asked Sep 10 '18 at 05:43

MR.Elegant

43
4

1

vote

3 answers

Security Risk Register

Does anyone know of any good Risk Registers to start logging security risk that are found on the fly? The problem that I am having is that we find so much in a day, things start to get lost in emails and we tend to forget the risks that was found…

risk-management risk-analysis risk business-risk risk-classification

asked Jun 08 '18 at 19:47

Sublime1914

31
1
8

1

vote

1 answer

Does a PC with many NIC's can create vulnerabilities for each network wihich it is connected?

I wonder if installing 2 more (USB to Ethernet) NICs to my PC can be risky if I need that only my PC can access to the three networks, and no any other host in these networks... Could my PC act like a router, allowing traffic from any host to any…

risk

asked Oct 04 '17 at 18:29

Jorge_S7

13
2

1

vote

0 answers

Recommended number of ssytems under an ISSO

Is there an optimum number of systems an ISSO should be responsible for? I realize system size and complexity come into play but assuming most are large and of moderate risk, etc. is there a number that can be consideered a norm? We have ISSOs who…

risk-management risk business-risk

asked Sep 28 '17 at 19:08

Mike Murray

11
1

1

vote

1 answer

Security risks of multitenancy

Is there a security risk of using same firewall hardware as the company perimeter firewall device (providing multi-tenancy) which is already shared by other companies? Is there a possibility of being affected our firewall tenant if some other…

risk multi-tenancy

asked Apr 17 '17 at 13:34

user145935

11
2

1

vote

1 answer

How does someone conduct a risk assessment of a B2B Integration?

I'm not very familiar with B2B integrations. No one in our small organization is, but we need to conduct some assessments. How does one assess a B2B integration? It seems like there would be gaps between a risk assessment framework like NIST or ISO…

risk-management risk

asked Mar 06 '17 at 19:16

VectorPrime

71
4

1

vote

0 answers

Multiple Frameworks for Risk Assessments?

My organization utilizes Risk Assessments as the catalyst for a lot of our Information Security efforts. Currently we assess applications using the cloud security alliance's CAIQ framework and questionnaire. However while 90% of what gets assessed…

risk-management risk nist

asked Feb 28 '17 at 19:24

VectorPrime

71
4

1

vote

1 answer

Reducing risk from logging

I am following the OWASP Risk methodology and have the threat "Installed software exploitation". I've created this risk based on the idea that a risk is found in say phpMyAdmin which can be exploited. My question is how does one practically reduce…

exploit risk-management risk-analysis risk anti-exploitation

asked Feb 17 '17 at 09:08

Antony

115
4

Questions tagged [risk]