Questions tagged [risk]
104 questions
1
vote
1 answer
What is the risk of using Windows Phone 8.1 now?
My friend uses Microsoft Phone 8.1 mobile for a tax accountancy firm. As it hasn't received security updates for five years I believe that is a significant information security risk. However, the principal of the firm does not believe it to be a…
Darryn Brisdaz
- 111
- 4
1
vote
1 answer
Font risk in unopened email in inbox
This is obviously not from PayPal, but the font in the word account displayed using odd looking font, is this a security risk to me that Outlook.com displayed this font? See below, Outlook has preview text enabled as default
Coderxyz
- 562
- 4
- 9
1
vote
1 answer
vulnerability management, risk mitigation vs risk acceptance
I was involved in a conversation concerning the in-house vulnerability management program. One the statements made was that the management is generally not willing to accept risk and it should be aimed to mitigate it preferably in form of patching.…
user211245
- 79
- 3
1
vote
2 answers
Security of using DHCP and non-standard ports for medical devices
I recently came across this comment written in a journal article.
Lastly, medical apparatus are expected to use Dynamic Host Configuration Protocol (DHCP) for the allocation of their IP addresses and even worst [sic] use non-standard ports for…
daikin
- 999
- 1
- 6
- 8
1
vote
2 answers
Risk and probability from CVE
How can I find risk and probability from CVE (https://cve.mitre.org/)? I read an article and it says (pg 14),
The cost is derived from the attack tree, and risk and probability are
based on CVE
The article is about DoS attack and IoT networks.
hamed sharafi
- 21
- 3
1
vote
1 answer
Risk assessment Struggling with scenario
I have been given a situation (see below),The question i need to answer to complete the task is: What is the ALE for phishing emails for the company, in pounds; e.g. 203,760? When i multiply the answers i have ARO * AV * EF = 38631600. This answer…
1
vote
0 answers
Advice for carrying out risk identification in ISO27005:2011
I am currently required to carry out an information security risk assessment for an assignment, using the ISO 27005:2011 standard, for the Equifax data breach that occurred in 2017,…
2nce
- 11
- 2
1
vote
2 answers
Storing customer data securely (compliance)
I came a cross this data breach where developers of an organization stored some customer PII data on their github account. Common sense tells me that this is obviously stupid and careless thing to do.
My question is that is there any security…
MR.Elegant
- 43
- 4
1
vote
3 answers
Security Risk Register
Does anyone know of any good Risk Registers to start logging security risk that are found on the fly?
The problem that I am having is that we find so much in a day, things start to get lost in emails and we tend to forget the risks that was found…
Sublime1914
- 31
- 1
- 8
1
vote
1 answer
Does a PC with many NIC's can create vulnerabilities for each network wihich it is connected?
I wonder if installing 2 more (USB to Ethernet) NICs to my PC can be risky if I need that only my PC can access to the three networks, and no any other host in these networks... Could my PC act like a router, allowing traffic from any host to any…
Jorge_S7
- 13
- 2
1
vote
0 answers
Recommended number of ssytems under an ISSO
Is there an optimum number of systems an ISSO should be responsible for? I realize system size and complexity come into play but assuming most are large and of moderate risk, etc. is there a number that can be consideered a norm? We have ISSOs who…
Mike Murray
- 11
- 1
1
vote
1 answer
Security risks of multitenancy
Is there a security risk of using same firewall hardware as the company perimeter firewall device (providing multi-tenancy) which is already shared by other companies? Is there a possibility of being affected our firewall tenant if some other…
user145935
- 11
- 2
1
vote
1 answer
How does someone conduct a risk assessment of a B2B Integration?
I'm not very familiar with B2B integrations. No one in our small organization is, but we need to conduct some assessments. How does one assess a B2B integration? It seems like there would be gaps between a risk assessment framework like NIST or ISO…
VectorPrime
- 71
- 4
1
vote
0 answers
Multiple Frameworks for Risk Assessments?
My organization utilizes Risk Assessments as the catalyst for a lot of our Information Security efforts. Currently we assess applications using the cloud security alliance's CAIQ framework and questionnaire. However while 90% of what gets assessed…
VectorPrime
- 71
- 4
1
vote
1 answer
Reducing risk from logging
I am following the OWASP Risk methodology and have the threat "Installed software exploitation". I've created this risk based on the idea that a risk is found in say phpMyAdmin which can be exploited.
My question is how does one practically reduce…
Antony
- 115
- 4