IT Examiner School

hardware vendor (i.e., Dell)

Internet

All workstations currently have access to the Web

Hackers

ALL MED Multiple firewalls in place to prevent intrusion via the Internet

ALL EFFECTIVE

Employee(s) visiting Web sites that may be harmful to the bank’s network. Windows updates for Internet Explorer are not up to date

IT acceptable use policy signed and agreed upon by all employees. Microsoft releases monthly updates monitored by System Administrator.

Employees downloading viruses.

Virus software in place.

Communication System

E-mail

Hackers

ALL LOW E-mail server is protected by multiple firewalls. User name and Password required

ALL EFFECTIVE

Viruses (worms, Trojans, etc.) Disgruntled employee(s) performing unauthorized functions.

Virus protection software scans every e-mail prior to distribution to recipient. It acceptable use policy signed and agreed upon by all employees Controls (How is it protected?) Installation of locked cabinets at all locations

INFRASTRUCTURE

Description

Threats and Vulnerabilities

Inherent Risk

Effectiveness of Control

Network hardware

Physical security, networking equipment connecting CPU’s to main server

Inaccessible to all employees as well as customers. Not susceptive to “plugging in” to switched (Dell Tower) via other network devices and, allowed access to system.

MED

EFFECTIVE