[ skip to content ]

Information Systems Risks

Common Information Systems Risks


Risk No.
Vulnerability Threat Risk of Compromise of Risk Summary
1 Patches to correct flaws in application software not installed. Computer crime malicious use system comprimis unauthorized access
Confidentiality and integrity of <what> data. Exploitation of flaws in application software could result in compromise of confidentiality and integrity of <what> data.
2 Patches to correct flaws in operating system software not installed.Computer crime Computer crime Malicious use Confidentiality and integrity of <what> data. Exploitation of flaws in operating system software could result in compromise of confidentiality and integrity of <what> data.
3 Remote access to server console not properly monitored. System compromise Unauthorized acess
Confidentiality and integrity of corporate data. Remote access currently set to... <specify current controls>. If these controls are not in place, unauthorized access could result in compromise of confidentiality and integrity of <what> data.
4 Loss of firewall protection. Computer crime malicious use System compprimise Unauthorized use
Confidentiality and integrity of corporate data. This system sits <where relative to campus firewalls>, failure of this (or these) firewalls can result in increasing the likelihood of other risks being exploited.
5 Internal access to server. Computer crime Malicious use Unauthorized use
Confidentiality and integrity of corporate data Loss or theft of data from server could result in compromise of confidentiality and integrity of <what> data.
6 Hardware Issues/Equipment Failure or loss System Unavaliable Inability to access the system. Loss of hardware or equipment would result in the entire system or some portion of the system being unavailable.
7 Single Point of Failure System Unavailable Inability to access the system. Loss of any portion of the system would result in the entire system or some portion of the system being unavailable.
8 Poor Systems Administration Practices External to <my administrator(s)> Computer crime, malicious use, system compromise, unauthorized access Confidentialty and integrity of corporate data. Poor administration practices could result in compromise of the system and expose <what> data to a risk of loss of availability, confidentiality or integrity.
9 Key Person Dependency System Unavailable Inability to adequately support the application. Loss of key person could result in system downtime if a software issue occurred, or the inability to enhance or maintain this system's functionality.
10 Loss of Critical Documentation, Data or Software Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Loss of documentation, software or data could result in data compromise and temporary disruption in service, or inability to restore services which have been lost.
11 Clear Text Transmission of Critical Data Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Capture of clear text data could result in identity theft and /or system access control issues.
12 Data Disclosure Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Disclosure of sensitive personal information could result in identity theft and/or system access control issues.
13 Inadequate Customer Practices Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Data corruption or loss, or implementation of applications with errors could result from improper or incomplete testing of system or application changes
14 Inadequate Database Support Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data, inability to access and recover corporate data. Data corruption or loss could result from improper or incomplete testing of system changes or system management /monitoring.
15 Inadequate Applications Support Computer crime, malicious use, system compromise, unauthorized access Inability to adequately support the application. Data corruption or loss could result from improper or incomplete testing of the application changes.
16 Software Issues from Vendor Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data and ability to provide service to the campus. Software issues caused by the vendor could lead to data corruption or mission critical system disruption or dysfunction.
17 Poor Password Practices Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Poor password practices could allow improper system access which could result in data theft, data corruption, application system alteration or disruption.
18 System Compromise Computer crime, malicious use, unaurhorized access Confidentiality and integrity of corporate data. Compromise system could result in data theft, data corruption, application system alteration or disruption.
19 Lack of Sufficient Operational Policies Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Lack of or the improper execution of sufficient operational polices could result in data theft, data corruption, application system alteration or disruption.
20 Poor Physical Security Computer crime, malicious use, system compromise, unauthorized access Confidentiality and integrity of corporate data. Poor physical security could allow personal access to staff workstations or Computer Center assets which could result in data theft, data corruption, application system alteration or disruption.
21 Functional Lockout System unavailablity Inability to access the system. The inability of staff to access the computing infrastructure or applications could result in the inability to access the system.
22 Enviornmental Issues Loss AC or power Inability to access the system Environmental issues could result in the inability to access and maintain server hardware.
23 Natural Disaster Hurricanes, floods, and other weather phenomenon. Inability to access the system. Natural disasters could interrupt power to the Computer Center and make it impossible for staff to support the server environment thus disabling access to <what>.