Executive Summary
This brief discusses takes an inside look of Bluebird hospitals infrastructure with a Risk Assessment Report (RAR). Information is provided to leadership on the potential threats our network could fall prey to if action is not taken. A system characterization was given to give in sight on Bluebird’s information system as a whole. A breakdown of the hardware, software, system interfaces, users, and databases used to protect the system. There were 4 observations that was discovered when conducting the assessment. Each observation will be reviewed through description, existing mitigating controls, vulnerability, and recommendation. The report measures vulnerabilities using a risk level matrix. Each vulnerability is measured on a scale of low to high risk level.
Purpose
The purpose of this Risk Assessment Report (RAR) is to inform Bluebird Hospital’s board of directors about the security assessment that was performed on the organization network system. The organization network system was scanned by using Wireshark-network protocol analyzer and Nmap-security scanner tools. These tools exposed several vulnerabilities in our system. The vulnerabilities identified by these tools could make our information system infrastructure target to multiple cyber-attacks if not fixed.
Scope
The scope of this risk assessment assessed the use of controls to eliminate vulnerabilities that were exploited by potential threats internally and externally. If exploited, these vulnerabilities could result in unauthorized disclosure of data, denial of service, significant financial loss, and web defacement.
Threats
Cyber security experts around the world has predicted that due to the lack of security control measures that many organizations have security breaches will be at an all-time high (Dobran, 2018). Due to the continued advancement of technology cyber-attacks will grow if Bluebird’s information network is not updated. Threats to our system are expected if Bluebird’s IT management does not educate themselves on potential cyber-attacks. Spoofing/ cache poisoning exploits vulnerabilities in the system by distracting internet domain name system by diverting internet traffic to a fake server system (Hoffman, 2016). Packet Analysis/Sniffing is a tool that is used by cyber criminals to spy on the network of potential suspects and collect their passwords (O’Donnel, 2018). A DDoS attack is when the network system is compromised and users are not able to get access to the system. The distributed denial of service is used by attackers as blackmail (Florentino, 2018). Insider threats can range from to a disgruntled employee or an employee not being properly trained and falling victim to email phishing attacks. For example a Bluebird employee’s email was infected with a malware virus known to infect users via phishing emails containing malicious links. Over 1,000 patients PHI was compromised in the breach.
System Characterization
In assessing an information technology system, the first step is to characterize your system. Bluebird hospital is composed of several components to make it a whole. Policy and procedures are put in place as guideline rules for all personnel and patients at Bluebird Hospital. In Figure 1 gives a system characterization of Bluebird’s system.
Component |
Description |
Hardware |
PC computer, printer, scanners, wireless internet hardware, CAT card, keyboard, mouse, |
Software |
OS Windows, Linux, Microsoft Office, Patient Administration System, TCP/IP,HTTP |
System Interfaces |
Magnetic card strip readers, fingerprint scanner |
Databases |
RDBMS (Microsoft SQL Server) |
Users |
Bluebird Patients, Bluebird Employees, shareholders |
Figure 1. System Characterization of Bluebird Hospital
In Figure 2 a flow chart is provided of the scope of the risk assessment efforts that were made during this risk assessment report.
Figure 2. Input and Output flowchart of the scope of the risk level assessment effort
Risk Assessment Approach
The approach Bluebird’s management takes to protect our system is detrimental to our information network. The participants that were involved in the risk assessment were the database administrator, IT department, security administrator, network manager, and system custodian. The techniques that were used to gather the information were operating systems such as MBSA and OpenVAS and network monitoring tools such as wireshark and Nmap. In the risk assessment matrix table in Figure 3 our IT team has compiled information that shows the risk level each vulnerability has on our system.
Severity
Likelihood
0-5= Low risk 6-10= Medium Risk 11-15= High Risk 16-25=Extremely High Risk |
Insignificant 1 |
Minor 2 |
Moderate 3 |
Major 4 |
Catastrophic 5 |
Almost certain 5 |
5 |
10 |
15 |
20 |
25 |
Likely occur 4 |
4 |
8 |
12 |
16 |
20 |
Possible occur 3 |
3 |
6 |
9 |
12 |
15 |
Remote possibility 2 |
2 |
4 |
6 |
8 |
10 |
Extremely Unlikely 1 |
1 |
2 |
3 |
4 |
5 |
Figure 3. Risk Assessment Matrix of likelihood of Bluebird’s system be susceptible to vulnerabilities (MVROS, 2004)
In Figure 4 there is a description of the risk level matrix scale.
Impact Score |
Description |
16-25=Extremely High Risk |
Have severe impact on organization, can result in total loss of information system, cost effect can be greater than $20 million, total loss of CIA, web defacement |
11-15= High Risk |
Chance of law issues, damage to organization reputation, cost effect of $10 million or more, network compromise |
6-10= Medium Risk |
Minimal financial loss, some data exfiltration |
0-5= Low risk |
The loss of CIA but with a limited effect on the organization. Low cost effect on organization |
Figure 4. The risk level scale description (MVROS, 2004)
Risk Assessment Results
As technology continues to advance it is imperative for organizations take the necessary steps to ensure the systems are secure. If there are weaknesses our system to be susceptible to data exfiltration. Our organization could suffer from a major financial impact and cause trust issues for customers in the future. After scanning Bluebird’s network several observations were identified using the multiple vulnerability tools such as wireshark, Nmap, OpenVAS, identity management and MBSA. Evaluating the vulnerabilities to get a better understanding of their level of impact is important for upper management to understand. In Figure 5 the risk assessment results of observation that were identified from running scans on our network are identified and rated according the risk level matrix displayed in Figure 3:
Observation no. |
Observation description |
Vulnerability |
Likelihood |
Impact |
Risk-level matrix |
Recommended controls |
Existing security controls |
1 |
Multiple user accounts on one computer |
No authentication verification method |
5 |
6 |
6 |
Having multi factor authentication to access the computer |
None. Allows users to have multiple log ins |
2 |
Users have non expiring passwords |
Password effectiveness |
8 |
8 |
8 |
Have system alert employees every 30 days to update password |
Users change passwords every 30 days |
3 |
Firewall connections are off |
Weak firewall connection |
21 |
21 |
21 |
Make sure Windows are not blocking firewall connections |
Vulnerability scanning |
4 |
Port 3306 is exploited by Nemog and W32.Spybot. |
Weak firewalls |
25 |
25 |
25 |
Have the proper firewalls in place to block trojan attacks |
Basic malware protection |
Figure 5. Risk Assessment results identified through vulnerability tools (MVROS, 2004)
Summary
There were 4 observations that were identified in this risk assessment report. Observation 1 was multiple user accounts on one computer. This was given a level 6 on the risk level matrix because this is one of the ways our system could be exposed to insider threats. The recommendation for this observation would be to have individualized common access cards that only allows one user on a computer at a time. Observation 2 user having non expiring passwords. This observation was given an 8 on the risk level matrix because hackers could easily guess the users password and infiltrate the system. The recommendation would be for employees to change their passwords every 30 days. The information system will have automatic updates that will require user to update their passwords before moving forward. Observation 3 was fire wall connections were turned off. This was given a 21 on the risk level matrix because firewalls are one of Bluebird’s first line of defense against cyber-attacks. It is recommended that all firewalls connections be turned on at all times and constant updates of the firewall system so the system is constantly protected. Observation 4 is port 3306 is method exploited by nemog and W32.Spybot. This was given a 25 on the risk level matrix because nemog is a backdoor trojan horse virus. Our system could be fully comprised and all access could be lost. It was recommended that an update of malware protection be installed to prevent and remove any viruses.
Conclusion
In conclusion, technology will continue to be updated and therefore threats to any organization network infrastructure needs to be in the fore front of leadership concerns. Using the information provided in this risk assessment report should provide leadership on the areas of concern in our network. Understanding the cost consequence and damage that could possibly be done to the information infrastructure is detrimental. Improving on multi factor authentication and outsourcing a cyber-security company is heavily advised.
References
- Dobran, B. (2018) Cybersecurity Trends 2018: 32 Experts Make Predictions. Found at: https://phoenixnap.com/blog/cybersecurity-experts-threats-trends
- Florentino, N., (2018) Impact of cyber security incidents on financial institutions. Found at: https://static1.squarespace.com/static/555f9696e4b0767a7f0769b3/t/5ab1ae2d8a922dca86e30ee8/1521593911874/The+Impact+of+Cybersecurity+Incidents+on+Financial+Institutions+WHITE+PAPER.pdf
- O’Donnell, A. (2018). What are Packet Sniffers and How Do They Work? Found at:
- https://www.lifewire.com/what-is-a-packet-sniffer-2487312
- Hoffman, C. (2016). What is DNS Cache poisoning? Found at: https://www.howtogeek.com/161808/htg-explains-what-is-dns-cache-poisoning/
- MVROS. (2004). Detailed risk assessment report. Found at: https://itsecurity.uiowa.edu/sites/itsecurity.uiowa.edu/files/sampleriskassessmentreport.pdf
Cite This Work
To export a reference to this article please select a referencing style below:
Related Content
All TagsContent relating to: "risk assessment"
Risk assessment is the valuation of the harm or disease that could be caused by an object or the environment and this harmful substance is labelled a hazard and the level of harm that hazard can cause will affect how the hazard is controlled.
Related Articles