week 14
K1.14 Factors involved in threat assessment for the mitigation of threats and vulnerabilities:
Threat assessment involves analysing all the possible internal and external risks that may affect an organisation’s information systems. By identifying the type, source, and impact of threats, organisations can plan how to prevent or reduce them (mitigation).
These factors fall into four main categories:
Environmental Threats
Environmental threats are natural or environmental conditions that can damage or disrupt IT operations.
| Factor | Example Impact |
|---|---|
| Extreme Weather | Flooding, snow, or storms damaging on-site servers or cutting power |
| Natural Disasters | Earthquakes or fires destroying physical infrastructure |
| Humidity | High moisture damaging internal hardware components |
| Air Quality | Dust clogging cooling systems or reducing device performance |
Mitigation Example: Install temperature and humidity sensors; keep servers in a climate-controlled room.
Manmade Threats
Internal (from inside the organisation)
| Threat | Description |
|---|---|
| Malicious activity | Deliberate harm such as data theft or sabotage |
| Inadvertent activity | Accidental damage such as deleting important files |
| Contractor errors | Temporary staff misconfiguring systems or leaking info |
Mitigation: Role-based access control, staff training, clear acceptable use policies.
External (from outside the organisation)
| Threat | Example |
|---|---|
| Malware | Viruses, ransomware, spyware |
| Hacking | Brute-force attacks, network intrusions |
| Social Engineering | Phishing emails or phone scams |
| Third-party Risks | Suppliers with weak cyber defences |
| Terrorism | Cyber or physical attacks aimed at business systems |
Mitigation: Firewalls, antivirus, regular risk assessments of suppliers, staff awareness training.
Technological Threats
Technology Failures & Faults (Infrastructure)
| Example | Impact |
|---|---|
| Misconfigured Devices | Open security loopholes |
| Disk Failure/Corruption | Data loss or downtime |
| Component Failure | System crashes |
| Power Issues | Sudden shutdowns, damaged hardware |
| Network Dropouts | Loss of connectivity, productivity issues |
| VPN Not Connecting | Remote users unable to access resources |
| Inaccessible Systems | Business operations paused |
Device Failures (e.g. Laptops, Desktops, Servers)
| Fault | Effect |
|---|---|
| Hard Disk or RAM Failure | Boot issues, data loss |
| Damaged Peripherals | Inability to use printers, keyboards etc. |
| Incorrect Configuration | Security or operational risk |
| NIC/Graphics Card Problems | Connectivity or display issues |
| Server Backup Misconfiguration | Backups not running or restoring correctly |
System Failures
| Problem | Effect |
|---|---|
| Firewall Settings Misapplied | Blocking legitimate access or exposing systems |
| Software Corruption | Crashes, lost functionality |
| RAID Failure | Data redundancy and recovery failure |
Mitigation Across All: Regular updates, health checks, backups, robust IT maintenance schedules.
Impact of Technical Change
| Threat | Examples |
|---|---|
| Potential Downtime | During upgrades or migrations |
| Upgrade Requirements | For compatibility or performance |
| Misconfigured Systems | Errors post-update impacting performance/security |
Mitigation: Change management processes, testing before deployment, rollback plans.
Political Threats
| Factor | Example Impact |
|---|---|
| Changes in Legislation | New data protection laws (e.g. GDPR), requiring compliance adjustments |
Mitigation: Stay updated on regulations, consult legal experts, adjust policies accordingly.
In a Flash -
Create flash cards on one of the following topics:
Environment (for example, weather, natural disasters)
Manmade (for example, malware, virus, social engineering)
Technological (for example, faults, failures, incorrect configurations, data corruption)
Political (for example, changes in legislation)
Last Updated
2025-07-14 10:24:47
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 13←
PrevWeek 14←
PrevWeek 15←
Prev→
Next