NAME : MUDASAR JAVED

EN ROLLEMENT :01-298151-052
SECTION: MS PM 2C
RISK ANAYLSIS EXERCISE
SCALE FOR RISK AND IMPACT
ASSESMENT RISK VALUE IMPACT VALUE
Denetl Hill I
Somewhat Hill I
Somewhat Low
Denetl Low
S Threat Asset Consequence Existing Controls Probabilit Impact RISK Risk , (Cause
&Risk) Effected y EXPOSUR Priority N E O 1 Corruption of Integrity of Integrity of
Antivirus software shall 54 l the files due to customer company and be installed in
the import of a and financial customer computer worm/virus on data file on and
finacial to system the desktop lost systems Business record can be Isot due to
virus 2 Accidental/inte Integrity of Crime record Back up facility of files 7 42 2
ntional delete case loss and loss on the main server or altering of investigation
data will be Access of data only to the records by records on effect high offical and
an employee the server concemecd people and only specific employee shall be
given autority to modify the data in the s stem 3 Theft of Confidentialit Personal
and Sexurity camers are 3 7 21 3
personal y of crime record installed information, personnel loss Restriction on
windows and its information in The rate of that data canot be subsequent a copy
of a crime copiedon external use in identity database activities devices theft
caused by stored increases the theft of the unencrypted laptop on the laptop
RISK ANALYSIS
The above mentioned risks are prioritized as per impact and exposure value and
now we analyse the risks
1: Corruption of the files due to import of a wormlvirus on to system
0? Probality and impact values were assigned keeping in mind the worth of the
risk and its effect on the business goals
2~ I select the a very high imapct value in this case because it impact on
business goal is very high but it chance to occur is also high ifi not installed any
antivirus software Exposure Exposure is calculated as Exposure: Risk *|mpact
Exposure=6*9=54
2: Accidental/intentional delete or altering of the records by an employee

6 Probality and impact values were assigned keeping in mind the worth of the
risk and its effect on the business goals
6' I select the high impact value in this case because any data lose due to mistake
of an employes and it effect on the integrity of organization and it also result in
bussiness loss Exposure Exposure is calculated as Exposure: Risk *lmpact
Exposure=6*7=42
3: Theft of personal information, and its subsequent use in identity theft caused
by the theft of the laptop
.3 Probality and impact values were assigned keeping in mind the worth of the risk
and its effect on the business goals
a? I select the low probality value in this case because now a days we have
security cameras and we also apply password that look the data in the system
and not possible for others to un lock the data Exposure Exposure is calculated as
Exposure=3*7=21