A Risk Assessment Plan plays a big role in any company, whether it is big or small company. The risk assessment will help identify the vulnerabilities and threats to the Wells Fargo IT resources. Which will help determine the impact of those vulnerabilities, threats, and unauthorized access. Having some knowledge of what type of risks expect will help mitigate them faster. There are a several steps needed for a good risk assessment plan, which will essentially help the company be in compliance with FISMA and other federal laws. Creating teams to work on the risk assessment plan will make it that much better and easier to come up with. First step would be to identify and map Wells Fargo business processes to identify what is important. To
…show more content…
This can be one of the hardest steps because it can be difficult thinking about vulnerabilities the system might have. Today’s technology is advancing at a rapid rate, which makes it difficult to keep up with the new threats, viruses, and vulnerabilities that come with it. A few examples for Wells Fargo can be; poorly trained employees, disgruntle employee, power outage, breach on the servers, misconfigurations, natural disasters, and many others. If someone where able to breach any server, irreparable damage could be caused as well as confidential information stolen. A poorly trained employee could be one of the biggest risk imaginable. Wells Fargo can have one of the top security system in place, but if an employee is not correctly trained on the correct processes and procedures. It leaves the system wide open for any threat, vulnerability, and or risk to cause severe …show more content…
Evaluating the probability and likelihood that event might occur will better prepare the organization. Although a disgruntle employee might not feel like a commonly occurrence, it can actually happen quite often. Preparing for this type of risk should not be taken lightly. In a Wells Fargo environment, a disgruntle employee can actually cause quite a bit of damage. Since some if not most employees have access to sensitive data, in the wrong hands, in this case a disgruntle employee can leak this information. Next, we move onto evaluating the controls in place and if existing controls in place are appropriate. Making sure that new controls are created and put in the correct place to help mitigate any risk that comes up is important. An examples of controls for Wells Fargo might be antivirus software, patches to fix any vulnerabilities, periodically port scans, and annual system inventory. Some of these controls actually help mitigate multiple risk in multiple locations. Testing current controls can help determine the value of the control and if the control is actually
This can be one of the hardest steps because it can be difficult thinking about vulnerabilities the system might have. Today’s technology is advancing at a rapid rate, which makes it difficult to keep up with the new threats, viruses, and vulnerabilities that come with it. A few examples for Wells Fargo can be; poorly trained employees, disgruntle employee, power outage, breach on the servers, misconfigurations, natural disasters, and many others. If someone where able to breach any server, irreparable damage could be caused as well as confidential information stolen. A poorly trained employee could be one of the biggest risk imaginable. Wells Fargo can have one of the top security system in place, but if an employee is not correctly trained on the correct processes and procedures. It leaves the system wide open for any threat, vulnerability, and or risk to cause severe …show more content…
Evaluating the probability and likelihood that event might occur will better prepare the organization. Although a disgruntle employee might not feel like a commonly occurrence, it can actually happen quite often. Preparing for this type of risk should not be taken lightly. In a Wells Fargo environment, a disgruntle employee can actually cause quite a bit of damage. Since some if not most employees have access to sensitive data, in the wrong hands, in this case a disgruntle employee can leak this information. Next, we move onto evaluating the controls in place and if existing controls in place are appropriate. Making sure that new controls are created and put in the correct place to help mitigate any risk that comes up is important. An examples of controls for Wells Fargo might be antivirus software, patches to fix any vulnerabilities, periodically port scans, and annual system inventory. Some of these controls actually help mitigate multiple risk in multiple locations. Testing current controls can help determine the value of the control and if the control is actually