Cyber Security Risk
Assessment for AMC
ISTM
635-602
Akanksha Pathak
Balvaishwer Singh
David Zuniga
Pratima Purohit
Tushara Chigicherla Kamalakar
The Specialists

Aggie Code of Honor
Aggie Code of Honor
For many years Aggies have followed a Code of Honor, which is stated in this very simple verse:
An Aggie does not lie, cheat or steal or tolerate those who do.
The Aggie Code of Honor is an effort to unify the aims of all Texas A&M men and women
toward a high code of ethics and personal dignity. For most, living under this code will be no
problem, as it asks nothing of a person that is beyond reason. It only calls for honesty and
integrity, characteristics that Aggies have always exemplified.
The Aggie Code of Honor functions as a symbol to all Aggies, promoting understanding and
loyalty to truth and confidence in each other.
We have followed the strictures of Texas A&M University Aggie code of Honor throughout this
project.
Akanksha Pathak ______________________
Balvaishwer Singh ______________________
David Zuniga ______________________
Pratima Purohit ______________________
Tushara Chigicherla Kamalakar ______________________

0
Table of Contents
Executive Summary 1
Asset Identification 2
Asset Classification 6
Vulnerability and Threat Identification 9
Cybersecurity Rick Estimation 17
Cybersecurity Risk Management Strategy 26
Appendix A 29
Appendix B 30
Appendix C 40
Appendix D 40
Appendix E 41
References 44
Glossary 45
Team Work 46

1
Executive Summary
No organization is immune to cyber-attacks. However, if effective controls are in place,
we can reduce the likelihood and impact of attacks. Preventive controls keep attacks from
occurring. Detective controls aid in monitoring assets and alert the organization in case of attack.
Corrective controls help limit the impact and mitigate attacks. In this project, we analyze Aggie
Medical Center (AMC) situated in Bryan/ College Station. We gather information about assets,
management perspective of cyber security, operational view, etc. We provide risk assessment and
mitigation strategies based on the information in the case.
The initial step is to identify critical assets in AMC. Once the assets are listed down, we
score them based on financial, operational and legal impacts of asset failure. This would yield a
maximum score of 18 for each asset. Next, we select five critical assets based on the asset value
score. For each of the critical assets we give a tree analysis and identify technical, non-technical
threats, vulnerabilities and exploits. Next, we find impact scores for each of the vulnerabilities and
then calculate the likelihood of these vulnerabilities. Once we have the impact and likelihood
scores, we use the risk matrix to estimate the risk associated with vulnerabilities for each of the
assets. Based on the risk assessment we provide a risk management strategy for the same. These
are the major tasks and objectives in this project.
According to our analysis we found - Patient Database, Emergency Care Data System
Server, PMS Server, FRKS Server, Employee and department database – to be the critical assets.
Most of the vulnerabilities can be mitigated by installing software updates and security patches
regularly. And other non-technical vulnerabilities can be mitigated or avoided with providing
proper training to all workers and employing additional invigilation strategies – installing security
cameras, hiring more security guards, etc.
Accepting a risk means no action needs to be taken. The organization can simply accept
the risk and has to do little or nothing to deal with it. This would be a good strategy for risks that
are ranked low to medium. Avoiding the risk is a good strategy when a risk has a comparatively
large impact on the organization. A risk can be avoided by eliminating technologies or activities
that can cause the risk. Mitigating a risk – the impact of risk is limited. This is the most common
risk management strategy employed by organizations. Transferring the risk, here the organization
transfer the impact and management of the risk to someone else (contractors, insurance company,
etc.). Sharing the risk, we share part of the responsibility for risk management. This happens when
one department is dependent on the services provided by the other. Based on the level of risk,
financial impact of the risk and implementing control, we have devised the best strategy to accept,
avoid, mitigate, transfer or share the risk.
In this report, we bring out detailed analysis and assessment strategies to overcome the
vulnerabilities identified for the critical assets. The project aided us in understanding a. how assets
are identified, scored and ranked; b. identifying vulnerabilities and threats; c. finding the impact
scores for the vulnerabilities and assessing the probable risks and suggesting risk mitigation
strategies. The report is a consolidated cyber security risk management document that AMC can
utilize to handle vulnerabilities

2
Asset Identification
The following is a list of assets that our group identified from the case study.
Table #1: Asset Identification:
Asset
Code/
ID
Asset Name Asset Description Reason for Cybersecurity Risk Assessment
1 Workstation Workstation in
administration(W7)
with windows 7
running on it.
Windows has a lot of vulnerabilities that can be
exploited by the attackers. For instance - internet
explorer vulnerabilities (MS15-079), Redirect to
SMB Vulnerability (CVE-2015-5143), etc. Making
sure that the system is up to date is essential in
preventing any attacks. Also update and install latest
patches for all the applications (firewall, anti-virus,
etc.).
2 Personal
Computer
PC in the
labs(RH6) with red
hat Linux 6 running
on it.
These are vulnerable to phishing, spoofing attacks.
Also, malware can be easily introduced into the
system if the owner of the computer is given a
compromised USB/thumb drive. Attackers can use
social engineering attacks to gain personal
information that could help in cracking the
passwords to these machines. Unauthorized access
could lead to system failure, loss or manipulation of
critical information.
3 Personal
Computer
PC in the treatment
rooms (W8) with
windows 8 running
on it.
These are vulnerable to phishing, spoofing attacks.
Also, malware can be easily introduced into the
system if the owner of the computer is given a
compromised USB/thumb drive. Attackers can use
social engineering attacks to gain personal
information that could help in cracking the
passwords to these machines. Unauthorized access
could lead to system failure, loss or manipulation of
critical information.
4 Switch Switch that uses
Cisco SG100D-08-
NA
If attackers gain access to switches they can use it to
map the entire network of the organization, trace the
network topology, sniff to change the routing table
contents. They can also launch session hijacking
attacks.

3
5 Router The router that uses
Cisco 2951
Attackers can use spoofed ARP messages to modify
the target’s ARP table mapping. Attackers can play
man in the middle and modify packets. They can
spoof the victim’s IP address.
6 PMS Server Server that uses MS
Access 2016 for the
Personnel
Management
System
Servers are susceptible to DoS attacks. Attackers can
continuously overwhelm the server with multiple
requests leading to server crash. If default passwords
are used, attackers can gain access to the server,
enabling them to reroute, modify or delete the traffic.
There will be high impact on availability of the
server.
7 FRKS
Server
Server that uses
Oracle 10g for the
Financial Record
Keeping System
This again is a very important asset. If this asset were
to be compromised, a lot of people would have a lot
of problems. Insurance details, bank statements,
medical payment records, etc. This data can be used
to extrapolate the financial details of an individual
and attackers can use this data to extract monetary or
other favors (basically blackmail). Proper access
control needs to be put in place in order to prohibit
unauthorized access
8 ECDS
Server
Server that uses
2016 SQL Server
for the Emergency
Care Data System
Servers are susceptible to DoS attacks. Attackers can
continuously overwhelm the server with multiple
requests leading to server crash. If default passwords
are used, attackers can gain access to the server,
enabling them to reroute, modify or delete the traffic.
All the data that this server routes is highly
confidential, as it affects peoples lives.
9 MLS Server Server that uses
Solaris/AIX for the
Medical Logistics
System
Servers are susceptible to DoS attacks. Attackers can
continuously overwhelm the server with multiple
requests leading to server crash. If default passwords
are used, attackers can gain access to the server,
enabling them to reroute, modify or delete the traffic.
The data within the packets that are exchanged over
this server include details about patient medical
records. This data is personal and confidential to each
patient. Access to this server should be restricted.
10 UTP wires All lines that are
connected will use
Unshielded Twisted
Pair wires
If an attack is launched against the signal on the
wire, hackers might be able to copy information as
it flows in the form of bits. This might not be as
dangerous if an appropriate software encryption
mechanism is employed in the transmission.
Depending on the communication medium, hackers

4
might be able to steal either information or
bandwidth. Distribution and core devices must be
secured from unauthorized access. At the same
time, authorized personnel must be ready to access
to patch panels, and cables must be clearly marked
and available for visual inspection.
11 Patient
Database
Database of most of
the important
patient information,
OS10, MongoDB
The PDI System could be vulnerable if default
credentials were still in use, or if there is no proper
assessment of user access. The information stored
itself could be vulnerable to SQL or command
injection attacks. The data is vulnerable to
modification and theft, firewall breach, etc. The
attackers can also cause system failure. All these
reasons make this a highly critical asset that needs
utmost security. The availability of the system, the
integrity, and confidentiality of the data within the
system are in danger here.
12 Paper
medical
records
Complete patient
records are on
paper
Paper records are susceptible to getting lost or being
stolen. The sheer number of records make it very
easy to lose track of these records. A simple
misplacement of record can cause unforeseen
problems or chaos even. These records may contain
confidential patient information which in the wrong
hands spells disaster. The availability, integrity, and
confidentiality of the records are vulnerable.
13 Emergency
Care Data
System
Server
Diagnosis, who saw
patients, what was
done, billing
support, patient
demographics,
types of care, etc
Disclosing information stored in this system would
be trespassing into private lives of patients. For
instance - A VIP might be sick and would not want
this information out in the public. If attackers get
access to this information, it could lead to bad
publicity and public shaming of that VIP. Individuals
can use such information to vandalize the
competition. The Server is a 2016 SQL server. Due
to the type of data that it handles, there needs to be
high level access controls in place.
14 Email
Server
A common server
with important
information,
historical data
If email server is hacked into, emails would become
transparent. Any email sent or received will be at the
scrutiny of the attackers. They can read, modify or
delete the message itself. All of the historical emails
could be destroyed or manipulated. They can cause
the system to fail or play man in the middle and
read/manipulate/sell data exchanged in the emails.

5
15 Employee
and
department
database
Demographics,
work histories,
assignments, skills,
disciplinary records
Work histories, disciplinary records, demographics
are all confidential information. If attackers gain
access to these data, they can use it to threaten (or
blackmail) the individual record holders. They can
cause this system to fail. This system could be
vulnerable to DoS, command injection attacks.
16 Medical
Logistics
Database
Inventory of
Supplies, real
property,
equipment, and
medicines, etc
Information such as inventory supplies, equipment
usage, can give insight into the demand and necessity
of any organization. Attackers can sell this
information to equipment companies or pharma
companies, which in turn can use such logistics to
influence the type of equipment AMC would
purchase in the future. They can cause negative
publicity for the medicines generally prescribed by
AMC mostly by discrediting the medicines they use.
17 Pharmacy
System
database
supports automated
drug dispensing
If attackers gain control of this system, they could
control the dosage of drugs that are dispensed every
time. They could literally kill someone. Incorrect
dosage amount or wrong medication is one of the
leading causes of death in the world. Attackers could
cause mass murder (genocide) - every patient’s life
would be at the whim of the attacker. There should
be strict access control for these systems. The
personnel with access to these machines should be
well trained and well informed about all the
complications that would arise if access were to fall
in wrong hands.
18 ABC
Systems
manages all major
changes,
maintenance, and
upkeep
It is always important to check the level of access that
needs to be provided to the maintenance teams.
Unnecessary access could cause problems - attackers
could exploit this loophole to gain unauthorized
access and install backdoors into the system. Leak
confidential information and cause system failure,
thus making the system unavailable.
19 AMC Help
Desk
five PC technicians
(not part of core IT
staff
Proper Training and mandatory courses are a must
for the help desk members, because in absence of
proper cybersecurity risks that can be at times
become the mode of transferring virus and programs
through their machines and resources when they
connect their machine with other nodes.

6
Asset Classification
The next step after asset identification is classifying the assets and scoring them on various
criteria. The following tables describe the scale and the measures used to classify the assets.
1. Scale - Financial Value
Table2: Measures for classifying asset as per their financial value
2. Mission Criticality
Table3: Measures for classifying asset as per their mission criticality
3. Business Process (BP1) – Seeking Appointment
This business process starts with a patient contacting the hospital to book an appointment.
The appointments can be made via telephone, emails and in-person. Important assets are
servers/workstation that host the appointment scheduler, if the appointment scheduler is a web-
based application. It would successfully end when the patient is able to book an appointment
remotely or in-person.
4. Business Process (BP2) – Claim Insurance
This is the business process that involves claiming insurance. It involves, the hospital
submitting a request to the insurance company and then claim the required insurance amount.
5. Business Process (BP3) – Payment Processing
The process of payment processing involves billing patient after the claim deductions have
been made. The billing report is generated for each successful payment processed.
Very High (3) High (2) Medium (1) Low (0)
$3K+ $1K-$3K $500-$1K <$500
Very High (3) High (2) Medium (1) Low (0)
Critical Important Supportive No impact

7
6. Legal Protection Requirement
Table4: Measures for classifying asset as per the legal protection requirement
Table #5
Asset
ID
Financial Value Mission Criticality Protection
Requirement
Develop
$
Maintain
$
Replace$ BP1(appoi
ntment)
BP2(ins
urance)
BP3(pa
yment)
Industry
Standard
Score
1 1 1 1 2 2 1 No 8
2 1 1 1 2 0 0 N 5
3 1 1 1 2 0 0 N 5
4 0 0 1 0 0 0 N 1
5 1 1 2 1 1 1 N 7
6 2 2 3 2 3 2 Y 15
7 2 2 3 1 2 3 Y 14
8 2 2 3 0 1 1 Y 10
9 2 2 3 0 0 0 Y 8
10 1 0 3 1 1 1 N 7
11 2 2 3 2 3 2 Y 15
12 1 0 2 0 1 1 N 5
13 3 2 3 0 2 2 Y 13
14 1 0 2 1 0 0 Y 5
Very High (3) High (2) Medium (1) Low (0)
Critical Important Supportive No Impact

8
15 2 2 3 1 1 1 Y 11
16 2 2 3 0 0 0 N 7
17 2 2 3 0 1 1 Y 10
18 2 2 3 2 1 1 N 11
19 3 2 3 0 0 1 Y 10
7. Ranking Assets
Table #6
Asse
t
Rank
Asset
Code/I
D
Asset Name Asset Description Researcher
1 11 Patient Database Database of most of the
important patient
information, OS10,
MongoDB
Balvaishwer
2 13 Emergency Care
Data System Server
Diagnosis, who saw
patients, what was done,
billing support, patient
demographics, types of
care, etc
Tushara
3 6 PMS Server Server that uses MS Access
2016 for the Personnel
Management System
David
4 7 FRKS Server Server that uses Oracle 10g
for the Financial Record
Keeping System
Akanksha
5 15 Employee and
department database
Demographics, work
histories, assignments,
skills, disciplinary records
Pratima

9
Vulnerability and Threat identification
Asset 1: Patient Database
Patient database consists of the records that are specific to the patient. These records need
to be protected so that there is no misuse of the information. It needs to have:
Confidentiality - so that no source from outside office could retrieve the information when
accessed away from the hospital premise
Integrity - so that whenever required the data remain accurate and no one could change it.
Availability - so that the information remains in the server whenever needed for internal or external
purposes.
i. Documenting the Threat Statement
Table #7
Asset
Vulnerability
ID
Exploit
C I A Tech Admin Phys Exploit Insider Outsider
Yes
(Modification of
patient information)
Employees Hackers
Threats & Threat
Agents
Patient Database
CVE-2013-
3969
Employees Hackers
Employees Hackers
Employees Hackers
Stolen-
Passwords/Spe
arfishing
1.1
1.2
1.3
1.4
Asset Failure Impacts (Ref.-Note 1) Vulnerability Due to (Ref.- Note 2)
Yes Yes Yes
Lack of
training/aware
ness among
staff
Unaware about how to store logs for
PDIS
Sharing of
Passwords
DOS attack
Yes Yes
Poor design
and
implementatio
n of PDIS
application
with no Auto-
logout
mechanism
Doctors log-in to TSP’s from multiple
location without logging out.
Leaving TSPs
unattended in
public area
Unauthorized
access to
important
patient
information
NO NO Yes
CVE-2017-
14227
MongoDB libson 1.7.0 can be exploited
by attackers by miscalculating
bson_utf8_validate length argument
No
Yes Yes Yes
Execute arbitrary code via an invalid
RefDB object
No
Denial of
Service
Execute Code

10
ii. Evidence for each vulnerability
Vulnerability 1:
Under the assumption made in the class that the Patient Database Information System, the
database is mongoDb there were many potential vulnerabilities that could be exploited for this
open source software. Also, there were several concerns that were raised by the senior management
regarding the risk of intrusion from an outside attack. Ref table 2 from case study “Senior
Management Areas of concern for important assets”
Vulnerability 2:
Under the assumption made in the class that the Patient Database Information System, the
database is mongoDb there were many potential vulnerabilities that could be exploited for this
open source software. Also, the concerned raised by general staff and the senior management
regarding the dropping of connection with the PDIS points to many potential vulnerabilities that
could be exploited. Ref table 2 from case study “Senior Management Areas of concern for
important assets” and Table 10 “General Staff Security concerns for important assets”
Vulnerability 3:
Refer to Table 9 “General Staff Security concerns for important assets” where the
operational manager raises the concern about improper viewing mechanism serving as a ground
for potential vulnerabilities. In the conversation with the general staff they revealed that the doctor
may log and from one system and keep logging in from other systems without proper logging in
mechanism. This may lead to vulnerability that can be exploited with poor implementation of the
system design.
Vulnerability 4:
Refer to Table 5 “General Staff Security concerns for important assets” where the
operational manager raises the concern about too many people having access to too much
information and no proper access control management system has been devised. This leads to the
potential vulnerability of no access management and people sharing passwords. Also, in the
conversation with General Staff they mentioned the lack of training and password protection.
Asset 2: Emergency Care Data System Server
Emergency Care Data System Server consists of the records that are specific to the patient’s
medical report which are used by the insurance department and for billing purpose. These records
need to be protected so that there is no misuse of the information. It needs to have:
Confidentiality - so that no source from outside office could retrieve the information by gaining
unauthorized access

11
Integrity - so that the information that needs to be send and verified by other departments is
accurate.
Availability - so that the records are ready to be used whenever required by the respective
departments.
i. Documenting the Threat Statement
Table #8
ii. Evidence for each vulnerability
Vulnerability 1:
ECDS is an SQL server, this is evident from Figure 2 of the case. SQL server is prone to
injection attacks. Attackers could modify the queries via unspecified vectors for the 2016 SQL
server and get hold of sensitive information. The senior management specifically state that the
information on this server is highly sensitive and confidential; access needs to be granted only on
a need to know basis. Also, it is mentioned in table 5 that ECDS servers are susceptible to getting
Asset
Vulnerability
ID
Exploit
C I A Tech Admin Phys Exploit Insider Outsider
Firewall
Configuratio
n
Hackers
HackersColleagues
Colleagues Hackers
Improper
Training
Colleagues Hackers
Emergency Care
Data System
Server
2.1
2.2
2.3
2.4
Colleagues
No Yes No None
Too many people are entering the
wrong data; Multiple records for
same patient
None
Crafted byte
value in a
BRIN index
Yes Yes Yes None None
Unguarded
server room;
Lack of
security
personnel
Server
Location
Threats & Threat
Agents
Asset Failure Impacts (Ref.-
Note 1)
Vulnerability Due to (Ref.- Note 2)
Yes No No
Yes No Yes
CVE-2016-
3065
Leaving TSPs unattended in
public area
None
CVE-2016-
1035
Leaving Tablets and Smartphones
(TSPs) unattended in public area
None
Unspecified
Vectors

12
hacked because of the location. Lack of security personnel is suggested under operational practices
at AMC.
Vulnerability 2:
ECDS is an SQL server, this is evident from Figure 2 of the case. SQL Server has a
vulnerability that lets the attackers to bypass access restrictions by making use of byte index and
get hold of the sensitive data stored on the server. Confidentiality is critical for ECDS server. Also,
it is mentioned in table 5 that ECDS servers are susceptible to getting hacked because of the
location. Lack of security personnel is suggested under operational practices at AMC.
Vulnerability 3:
The operational managers have concerns that ECDS is susceptible to attacks because of its
location, firewall configuration. Evidence for this is in table 5 of the case.
Vulnerability 4:
The senior management also had a concern that the multiple employees could access, create,
overwrite patient records, which could result in incorrect or multiple records for a patient. Evidence
for this can be found in table 5 from the case.
Asset 3: PMS Server
PMS Server consists of the records that internal to the organization which is related to the
work, assignments and skills available in the organization. These records need to be protected so
that there is no misuse of the information. It needs to have:
Confidentiality - so that no source from outside office could retrieve the information when
accessed away from the hospital premise
Integrity - so that whenever required the data remain accurate and no one could change it.
Availability - so that the information remains in the server whenever needed for internal or external
purposes.

13
i. Documenting the Threat Statement
Table #8
ii. Evidence for each vulnerability
Vulnerability 1:
The senior management pointed out a concern for the important assets under table 2 in
AMC case study that “Power outages can lead to a denial of access to PMS.
Vulnerability 2:
The senior management also had a concern that the employees could create harm to the
system because they may have access and they also pointed out that “Staff could disclose
confidential patient financial information”. Reference: Table 2 - AMC case study This shows that
the data is not properly encrypted and is comprehendible by anyone who has access to the system.
Asset
Vulnerability
ID
Exploit
C I A Tech Admin Phys Exploit Insider Outsider
3.2 No No Yes
Power outages done
intentionally or
unintentionally
Lack of sufficient
power backup for
the PMS server
Denial of
Service
Workers,
Staff
Members,
Power
Suppliers
Attackers
who can
gain access
into the
power
supply room
3.3 No No Yes CVE#2019-2411
Running MS Access version
8.0.8 is vulnerable
None
Server
Location
Colleagues Attackers
3.4 Yes Yes Yes CVE #2017-10389
Allows login to anyone with the
same MS Access infrastructure None
Improper
Training
Colleagues Attackers
Attacker
who has
gained
unauthorize
d access into
the premise
PMS Server
(Personnel
Management
System)
3.1 Colleagues
Threats & Threat
Agents
Asset Failure Impacts (Ref.-
Note 1)
Vulnerability Due to (Ref.- Note 2)
Yes Yes Yes Lack of Encryption
Using laptop in public areas
and/or leaving laptop logged-in
while taking a break
Lack of physical
security in the
room from where
PMS system can
be logged into
Unauthorized
access;
Modification
of patient
information

14
Vulnerability 3:
PMS server is based on Microsoft Access 2016 as is evident from Figure 2: Infrastructure
Map, Critical Assets, and Systems of Interest in the Aggie Medical Center (AMC) case study. In
figure 2 in the case, it shows the route of the network and it displays how a Denial of Access attack
can happen in that there are many servers connected to one switch and that one switch can be
compromised because of the connection to multiple departments.
Vulnerability 4:
PMS server is based on Microsoft Access 2016 as is evident from Figure 2: Infrastructure
Map, Critical Assets, and Systems of Interest in the Aggie Medical Center (AMC) case study. In
figure 2 in the case, it shows the route of the network and it displays how this type of vulnerability
can happen. Often, and this case, companies have one route from the workstations through the
switch to the server. Also, the workstations could share the same login credentials for MS Access,
which causes a major problem if one workstation is compromised or someone shoulder surfs.
Asset 4: FRKS Server
FRKS Server is a record keeping server where information related to insurance, billing
records, patient’s confidential information, etc. is stored. Hence it has a prime placement in
security world. It is important that this asset should have:
Confidentiality - so that even the insiders who can access this record are not able to comprehend
it.
Integrity - so that the information that needs to be send and verified by other departments is
accurate.
Availability - so that the records are ready to be used whenever required by the respective
departments.

15
i. Documenting the Threat Statement
Table #9
ii. Evidence for each vulnerability
Vulnerability 1:
The senior management pointed out a concern for the important assets under table 2 in
AMC case study that “Power outages can lead to a denial of access to FRKS. We’d have to deal
with a potentially large backlog of data entry and verification to do billing and insurance”. Thus,
there is an evidence that this could occur.
Vulnerability 2:
The senior management also had a concern that the employees could create harm to the
system because they may have access and they also pointed out that “Staff could disclose
confidential patient financial information”.
Asset
Vulnerability
ID
Exploit
C I A Tech Admin Phys Exploit Insider Outsider
4.2 Yes Yes Yes Lack of Encryption
Lack of physical
security in the
room from where
FRKS system can
be logged into
Unauthorized
access
Colleagues
Attackers
who can
gain access
into the
power
supply room
4.3 Yes
Yes
(Modification
of patient
information)
Yes CVE# 2006-0272
"Using laptop in public areas
and/or leaving laptop logged-in
while taking a break
"
Buffer
Overflow
Insider with
admin
credentials Attackers
4.4 Yes Yes Yes CVE #2006-6703
If mod security is not enabled or
the latest patch is not updated
CrossSite
Scripting
User who
knows
simple SQL
coding and
has access
to the
system
Attackers
Attackers
who can
gain access
into the
power
supply room
FRKS Server
(Financial Record
Keeping System)
4.1
Workers,
Staff
Members,
Power
Suppliers
Threats & Threat
Agents
Asset Failure Impacts (Ref.-
Note 1)
Vulnerability Due to (Ref.- Note 2)
No No Yes
Power outages done
intentionally or
unintentionally
Using laptop in public areas
and/or leaving laptop logged-in
while taking a break
Lack of sufficient
power backup for
the FRKS server
Denial of
access

16
Reference: Table 2 - AMC case study This shows that the data is not properly encrypted and is
comprehendible by anyone who has access to the system. There is thus, a security requirement to
keep the data confidential.
Vulnerability 3:
FRKS Server is based on Oracle 10G as is evident from Figure 2: Infrastructure Map,
Critical Assets, and Systems of Interest in the Aggie Medical Center (AMC) case study. Oracle
10G has listed this vulnerability of high risk and criticality. This figure also shows that the FRKS
Server is placed for the administration department. It has the workstations that has windows as
an operating system. Link: https://nvd.nist.gov/vuln/detail/CVE-2006-0272
Vulnerability 4:
FRKS Server is based on Oracle 10G as is evident from Figure 2: Infrastructure Map,
Critical Assets, and Systems of Interest in the Aggie Medical Center (AMC) case study. Oracle
10G has listed this vulnerability of high risk and criticality. Link:
https://nvd.nist.gov/vuln/detail/CVE-2006-6703
Asset 5: Employee and department database
As the name indicates this database has information about the employees working in the
medical center and the various department there. Breach of this information would not only be
detrimental for the organization but would disrupt it internally. Hence, to protect this information
is deemed to be of high importance.
It needs to have:
Confidentiality- so that no outside source could take advantage of the employees in any possible
way
Integrity - so that the information is not altered and is verified on a timely basis to ensure the
trust in the organization
Availability - so that information could be retrieved whenever needed especially for auditing and
verification purposes.

17
i. Documenting the Threat Statement
Table #10
ii. Evidence for each vulnerability
Vulnerability 1:
In the operational practices, authentication and authorization survey results, the operational
manager is unclear about the access control and user authentication. The policy do not clearly
specify the authentication and authorization restrictions which might result in the introduction of
CVE-2017-5653 in the system.
Vulnerability 2:
In the operational practices, authentication and authorization results, no validation of
responses takes place when the data is committed to the database servers, due to which the CVE-
2002-0570 vulnerability may be introduced in the system.
Asset Vulnerability ID Exploit
C I A Tech Admin Phys Exploit Insider Outsider
5.1 Yes Yes Yes CVE-2002-0570
No proper
authentication of the
entity thatis encrypting
thedata, which allows
localusers to modify
encrypted datawithout
knowing thekey.
None
Sniffing datapackets on
thenetwork;
Refabricating employee
information
Employees
Hackers
5.2 Yes Yes Yes CVE-2017-5653
Notvalidating thatthe
serviceresponsewas
signed or encrypted,
thereby allowing
anyoneto spoof servers
remotely.
None
DoS attack;Refabricating
employeeinformation;
Modifying codeto
monitor thenetwork data;
Cross-SiteScripting
Employees
(Peoplewho
havebasic
knowledgeof
computers)
Hackers
5.3 Yes
Yes (Modification of
patientinformation)
Yes
Employeeand
departmentdata
stored in
unencrypted
format
Using laptops running
on publicWi-Fi/
keeping systems logged
in whileleaving the
system.
Placementof
employeedatabase
on machines that
can beaccessed by
allmembers in the
organization
Unauthorized access to
importantemployee
information
Employees Hackers
5.4 Yes Yes Yes Employee
No knowledgeof the
employeeupdatelogs in
thesystem
Inefficienttraining/
skillsetof
employees using
thedatabase
Modification of the
employeeinformation
Employees Hackers
Threats & Threat
Agents
Asset Failure Impacts (Ref.-Note 1) Vulnerability Due to (Ref.- Note 2)
Employeeand
Department
Database

18
Vulnerability 3:
As mentioned in the table 2 containing different assets for the systems, it is seen that there
is no physical security for the room to access the systems as anyone could wander and see the
confidential information displayed on the workstations.
Vulnerability 4:
As mentioned in the table 2 containing the different assets for the systems, it is seen that
due to improper training staff could intentionally enter erroneous data into the system. Hence, there
is evidence of this vulnerability being present in the system.
Cybersecurity Risk Estimation
Figure# 1
Risk assessments are used to identify, estimate, and prioritize risk to organizational operations
(i.e., mission, functions, image, and reputation), organizational assets, individuals, other
organizations, and the Nation, resulting from the operation and use of information systems.
We have identified
1. Relevant threats to the organization
2. Technical and non-technical vulnerabilities
3. Impact if those vulnerabilities are exploited
4. Likelihood of exploitation
For each non-technically we have identified its impact score and the exploitability using the
vulnerability calculator and estimating the parameters to the best of our guess. Using those score
we have identified the impact score and the likelihood.
Similarly, for the technical vulnerabilities we used the national vulnerability database to know
the impact score and the likelihood score.
Negligible Minor Moderate Significant Severe
Very Likely Low Med Medium
Medium
High
High High
Likely Low Low Med Medium
Medium
High
High
Possible Low Low Med Medium
Medium
High
Medium
High
Unlikely Low Low Med Low Med Medium
Medium
High
Very Unlikely Low Low Low Med Medium Medium

19
Qualitative Scale to Measure Threat Likelihood
TABLE: Qualitative Scale to Measure Threat Likelihood
Table #11
Table #12 - FRKS Server
Threat due to Likelihood
Power outages done intentionally or
unintentionally
Highly Unlikely (Score 0.2)
Lack of encryption Highly Unlikely (Score 0.3)
CVE# 2006-0272 Very Likely (Score 8.0)
CVE# 2006-6703 Very Likely (Score 8.6)
Table #13 - ECDS Server
Threat due to Likelihood
CVE-2016-1035 Unlikely (Score 3.9)
CVE-2016-3065 Unlikely (Score 3.9)
Unguarded server room; Lack of security
personnel
Highly Unlikely (Score 0.9)
Too many people are entering the wrong data;
Multiple records for same patient
Unlikely (Score 2.1)
Table #14 - PMS Server
Threat due to Likelihood
Power outages done intentionally or
unintentionally
Highly Unlikely (Score 0.2)
Very Likely Likely Possible Unlikely Highly Unlikely
8<Exploitability
Score<=10
6<Exploitability
Score<=8
4<Exploitability
Score<=6
2<Exploitability
Score<=4
Exploitability
Score<=2

20
Lack of encryption Highly Unlikely (Score 0.3)
CVE# 2019-2411 Likely (Score 7.6)
CVE# 2017-10389 Possible (Score 5.7)
Table #15 - Patient Database
Threat due to Likelihood
Poor design and implementation of PDIS
application with no Auto- logout mechanism
Highly Unlikely (Score 0.9)
Lack of training/awareness among staff Highly Unlikely (Score 0.9)
CVE-2013-3969 Very Likely (Score 8.0)
CVE-2017-14227 Very Likely (Score 3.9)
Table #16 – Employee and Department Database
Threat due to Likelihood
CVE# 2017-5653 Very likely (Score 10.0)
CVE# 2002-0570 Unlikely (Score 3.9)
Lack of encryption Highly Unlikely (Score 0.3)
Lack of training/awareness among staff Highly Unlikely (Score 0.9)
Qualitative Scale to Measure Final Impact Value
Estimate of Final Impact Value (FIV) Associated with Each Threat Statement
Table #17 - FRKS Server
Threat Due to Asset Value Score
(/19)
(AVS)
CVSS V3 Impact
Score (/10)
(CIS)
Final Impact Value
(FIV)
AVS+CIS
Power outages done 14 (FRKS Server)/19 4/10 = 0.4 1.14

21
intentionally or
unintentionally
=0.74
Lack of encryption 14 (FRKS Server)/19
=0.74
4.7/10 = 0.47 1.21
CVE# 2006-0272 14 (FRKS Server)/19
=0.74
10/10 = 1 1.74
CVE# 2006-6703 14 (FRKS Server)/19
=0.74
6.4/10 = 0.64 1.38
Table#18 - PMS Server
Threat Due to Asset Value Score
(/19)
(AVS)
CVSS V3 Impact
Score (/10)
(CIS)
Final Impact Value
(FIV)
AVS+CIS
Power outages done
intentionally or
unintentionally
15 (PMS Server) / 19
= .79
4/10 = 0.4 1.19
Lack of encryption 15 (PMS Server) / 19
= .79
4.7/10 = 0.47 1.26
CVE# 2019-2411 15 (PMS Server) / 19
= .79
7.6/10 = 0.76 1.55
CVE# 2017-10389 15 (PMS Server) / 19
= .79
5.7/10 = 0.57 1.36
Table #19 - Patient Database
Threat Due to Asset Value
Score (/19)
(AVS)
CVSS V3 Impact
Score (/10)
(CIS)
Final Impact Value
(FIV)
AVS+CIS
Poor design and
implementation of PDIS
application with no Auto-
logout mechanism
15 (PDS)/19
=0.78
6/10 = 0.6 1.38
Lack of training/awareness
among staff
15 (PDS)/19
=0.78
6.7/10 = 0.6 1.38
CVE-2013-3969 15 (PDS)/19
=0.78
6.4/10 = 0.64 1.42

22
CVE-2017-14227 15 (PDS)/19
=0.78
3.6/10 = 0.36 1.14
Table#20 - ECDS Server
Threat Due to Asset Value Score
(/19)
(AVS)
CVSS V3 Impact
Score (/10)
(CIS)
Final Impact Value
(FIV)
AVS+CIS
CVE-2016-1035 13/19 = 0.68 7.5/10 = 0.75 1.43
CVE-2016-3065 13/19 = 0.68 5.2/10 = 0.52 1.2
Unguarded server room;
Lack of security personnel
13/19 = 0.68 5.9/10 = 0.59 1.27
Too many people are
entering the wrong data;
Multiple records for same
patient
13/19 = 0.68 3.6/10 = 0.36 1.04
Table #21 – Employee and Department Database
Threat Due to Asset Value Score
(/19)
(AVS)
CVSS V3 Impact
Score (/10)
(CIS)
Final Impact Value
(FIV)
AVS+CIS
CVE# 2017-5653 11/19 = 0.58 2.9/10 = 0.29 0.87
CVE# 2002-0570 11/19 = 0.58 3.9/10 = 0.39 0.97
Lack of encryption 11/19 = 0.58 4.7/10 = 0.47 1.05
Lack of
training/awareness
among staff
11/19 = 0.58 6.7/10 = 0.67 1.25
Qualitative Scale to Measure the Impact of a Cybersecurity Threat
Table #22
Severe Significant Moderate Minor Negligible
1.6<FIV<=2 1.2<FIV<=1.6 0.8<FIV<=1.2 0.4<FIV<=0.8 FIV<=0.4

23
Table #23 - FRKS Server
Threat due to FIV
Power outages done intentionally or
unintentionally
Moderate (Score 1.14)
Lack of encryption Significant (Score 1.21)
CVE# 2006-0272 Severe (Score 1.74)
CVE# 2006-6703 Significant (Score 1.38)
Table #24 - Patient Database
Threat due to FIV
Poor design and implementation of PDIS
application with no Auto- logout mechanism
Severe (1.38)
Lack of training/awareness among staff Severe (1.38)
CVE-2013-3969 Severe (1.42)
CVE-2017-14227 Moderate (1.14)
Table #25 - PMS Server
Threat due to FIV
Power outages done intentionally or
unintentionally
Moderate (1.19)
Lack of encryption Significant (1.26)
CVE #2019-2411 Significant (1.55)
CVE #2017-10389 Significant (1.36)
Table #26 - ECDS Server
Threat due to FIV
CVE-2016-1035 Significant (1.43)

24
CVE-2016-3065 Moderate (1.2)
Unguarded server room; Lack of security
personnel
Significant (1.27)
Too many people are entering the wrong data;
Multiple records for same patient
Moderate (1.04)
Table #27 - Employee and Department Database
Threat due to FIV
CVE# 2017-5653 Moderate (Score 0.87)
CVE# 2002-0570 Moderate (Score 0.97)
Lack of encryption Moderate (Score 1.05)
Lack of training/awareness among staff Significant (Score 1.25)
RISK ESTIMATION
Table #28
VULNERABI
LITY ID
LIKELIHOOD IMPACT RISK
1,1 Highly Unlikely Severe Medium
1.2 Highly Unlikely Severe Medium
1.3 Very Likely Severe High
1.4 Very Likely Moderate Med Hi
2.1 Unlikely Significant Medium
2.2 Unlikely Moderate Low Med
2.3 Highly Unlikely Significant Medium
2.4 Unlikely Moderate Low Med

25
3.1 Highly Unlikely Moderate Low Med
3.2 Highly Unlikely Significant Medium
3.3 Likely Significant Med Hi
3.4 Possible Significant Med Hi
4.1 Highly Unlikely Moderate Low Med
4.2 Highly Unlikely Significant Medium
4.3 Very Likely Severe High
4.4 Very Likely Significant High
5.1 Very likely Moderate Med Hi
5.2 Unlikely Moderate Low Med
5.3 Highly Unlikely Moderate Low Med
5.4 Highly Unlikely Significant Medium
Cyber Security Risk Management Strategy
Table #29
Threat ID Mitigation Strategy
1,1 Replace the vulnerable MongoDB 2.4.0 with the stable release 2.6.1 so that the
exploitability for the invalid pointer reference to the RefDb can be avoided.
This comes free of cost since the source code of MongoDb is an OSS.
Regular updates and patches of the software needs to be installed.
1.2 To protect the organization from this threat, an updated most stable version of
MongoDB libson needs to be installed replacing the 1.7.0 in order to stop the
attacker to execute remote commands and cause DDOS. This strategy also does
not cost since the source code of MongoDb is an OSS.
Regular updates and patches of the software needs to be installed.
1.3 To deal with this threat the design of the application needs to be redesigned.
The entire application needs to be redesigned taking into consideration the log-
out mechanism when the user is inactive for 20 minutes or a user login from
multiple locations.

26
1.4 This threat can be controlled by implementing a policy of updating passwords
every 6 months and the employees need to be trained in regard to cyber security
practice and the IT team need to know how to store and access the logs of the
PDIS serves
Cost of training is estimated to be $290K per year for large enterprises with
employees between 1000 - 5000(1).
2.1 Since the asset is at medium risk due to this vulnerability we mitigate this risk.
Adobe Server has released a hotfix for this vulnerability. Update to the latest
version of the server at no additional costs. Install regular updates and security
patches.
2.2 Since the asset is at Low - Medium risk due to this vulnerability we mitigate
this risk.
The vendor has released a software patch for this vulnerability. Installing
security patches regularly should help mitigate such vulnerabilities.
2.3 This vulnerability is due to human behavior and error. It can be avoided by
having guards work in shifts and placing security cameras and enabling remote
invigilation of the premises. However, this would incur additional cost to the
organization - extra guards, security cameras.
It is advised to avoid, because we cannot mitigate such risks.
2.4 The organization should avoid this risk.
To avoid this vulnerability there must be strict read-write access controls in
place. For instance - allowing only one person to modify the records or
disabling multiple writes.
3.1 The organization should mitigate this risk. There is a lack of encryption within
the server and although encryption helps to better secure it, there is not a way to
totally fix this problem due to the constant danger of attackers. A way to
mitigate this is to add an encryption software to the server.
3.2 The organization should mitigate this risk. They should do so by constant and
regular backups. Training can also be done to help the employees backup data
properly. Regular reminders would also help.
3.3 The organization should avoid this risk instead of mitigating. The server should
be updated with the latest version as early as possible. This should come of no
cost to the company, but it does take some time. Also, implementing backups
for the servers when the updates take place would be beneficial in data
retention. The cost for backing up depends on the amount of data that is backed
up. Manual backups can cost around $100.
3.4 The organization should mitigate this risk instead of avoiding it. Instead, they
could obtain different logins for MS Access instead of using the same login.

27
When they figure out that one login has been compromised, then they should
alert others to not use that login anymore and to get more. Also, backing up
their data is a good way to not lose their progress if and when the login is
compromised. Manual backups can cost around $100.
4.1 This vulnerability depends on the risk of the power outages. This concern could
be addressed by two ways. The first is there should be a backup storage power
like UPS for the main server, that supports it for a short time in case of power
outage. Second could be restricting any unauthorized access to the power
house.
4.2 This vulnerability could be addressed by proper training with the employees
who plan to use their personal asset outside to not use it in public places. Also,
unauthorized access to the system should be restricted. Along with this, the
confidential data should be encrypted so that it is not comprehensible even if it
is accessed.
4.3 This vulnerability could be addressed if no one can access or edit the source
code. Before any code movement it needs to test, validated in the quality
system and only then moved to the production environment.
4.4 Since this vulnerability is related to cross scripting we need to make sure that
no data from the data source should be allowed to make changes to the
JavaScript used. We could use the also implement a security policy for the
content.
5.1 The organization should update the system with the latest v3 patches to reduce
the risk associated with the vulnerability. This will not only reduce the risk of
attacks due to unencrypted data but also reduces the impact score to 1.4 from a
significant 2.9.
5.2 This risk can be avoided by the organizations by introducing encryption and
certificate management that verifies the authenticity of the service response
obtained sent by the receiver. This will prevent the remote spoofing of servers.
5.3 This can be avoided by introducing systems having software like Symantec
Encryption which performs end to end encryption of all the connected devices.
This will not only eliminate the risk due to unencrypted data but also prevent the
data loss, data corruption and data interception on the way
5.4 This vulnerability is due to human staff intentionally trying to introduce
erroneous data into the database. This can be avoided by performing background
check of all the employees. Also conducting security checks and having thorough
check throughout the premises where the sensitive data is stored.

28
Appendix A
Measurement scales used for Asset Classification
1. Scale - Financial Value
Table2: Measures for classifying asset as per their financial value
2. Mission Criticality
Table3: Measures for classifying asset as per their mission criticality
3. Business Process (BP1) – Seeking Appointment
This business process starts with a patient contacting the hospital to book an appointment.
The appointments can be made via telephone, emails and in-person. Important assets are
servers/workstation that host the appointment scheduler, if the appointment scheduler is a web-
based application. It would successfully end when the patient is able to book an appointment
remotely or in-person.
4. Business Process (BP2) – Claim Insurance
This is the business process that involves claiming insurance. It involves, the hospital
submitting a request to the insurance company and then claim the required insurance amount.
5. Business Process (BP3) – Payment Processing
The process of payment processing involves billing patient after the claim deductions have
been made. The billing report is generated for each successful payment processed.
6. Legal Protection Requirement
Table4: Measures for classifying asset as per the legal protection requirement
Very High (3) High (2) Medium (1) Low (0)
$3K+ $1K-$3K $500-$1K <$500
Very High (3) High (2) Medium (1) Low (0)
Critical Important Supportive No impact
Very High (3) High (2) Medium (1) Low (0)
Critical Important Supportive No Impact

29
Appendix B
Vulnerability-Threat identification tree(s)
Tree analysis: - FRKS Server
Figure# 2

30
Tree Analysis PMS Server
Figure# 3

31
Tree Analysis for Patient Database:
Figure# 4

32
Tree Analysis for ECDS Server:
Figure# 5

33
Tree Analysis Employee and Department Database
Figure #6

34
Vulnerability Matrix for FRKS Database Threats:
Figure# 7
Figure# 8

35
Figure# 9

36
Vulnerability Matrix for Patient Database Threats:
1. Poor design and implementation of PDIS application with no Auto- logout mechanism
Figure #10

37
2. Lack of training/awareness among staff
Figure #11

38
3. CVE-2013-3969
Figure #12
4. CVE-2017-14227
Figure #13

39
Vulnerability Matrix for ECDS Server Threats:
Figure #14
Figure #15
Figure #16

40
Figure #17
Vulnerability Matrix for Employee and Department Database Threats:
Figure #18

41
Figure #19
Figure #20

42
Figure #21
Appendix C
Qualitative Scale to Measure Threat Likelihood
TABLE: Qualitative Scale to Measure Threat Likelihood
Table #11
Qualitative Scale to Measure the Impact of a Cybersecurity Threat
Table #22
Very Likely Likely Possible Unlikely Highly Unlikely
8<Exploitability
Score<=10
6<Exploitability
Score<=8
4<Exploitability
Score<=6
2<Exploitability
Score<=4
Exploitability
Score<=2
Severe Significant Moderate Minor Negligible
1.6<FIV<=2 1.2<FIV<=1.6 0.8<FIV<=1.2 0.4<FIV<=0.8 FIV<=0.4

43
Appendix D
Qualitative Scale to Measure the Impact of a Cybersecurity Threat
Table #22
Appendix E
Cybersecurity risk matrix and risk management strategy
Risk Matrix
Risk Management Strategy
Threat ID Mitigation Strategy
1,1 Replace the vulnerable MongoDB 2.4.0 with the stable release 2.6.1 so that the
exploitability for the invalid pointer reference to the RefDb can be avoided.
This comes free of cost since the source code of MongoDb is an OSS.
Regular updates and patches of the software needs to be installed.
1.2 To protect the organization from this threat, an updated most stable version of
Severe Significant Moderate Minor Negligible
1.6<FIV<=2 1.2<FIV<=1.6 0.8<FIV<=1.2 0.4<FIV<=0.8 FIV<=0.4
Negligible Minor Moderate Significant Severe
Very Likely Low Med Medium
Medium
High
High High
Likely Low Low Med Medium
Medium
High
High
Possible Low Low Med Medium
Medium
High
Medium
High
Unlikely Low Low Med Low Med Medium
Medium
High
Very Unlikely Low Low Low Med Medium Medium

44
MongoDB libson needs to be installed replacing the 1.7.0 in order to stop the
attacker to execute remote commands and cause DDOS. This strategy also does
not cost since the source code of MongoDb is an OSS.
Regular updates and patches of the software needs to be installed.
1.3 To deal with this threat the design of the application needs to be redesigned.
The entire application needs to be redesigned taking into consideration the log-
out mechanism when the user is inactive for 20 minutes or a user login from
multiple locations.
1.4 This threat can be controlled by implementing a policy of updating passwords
every 6 months and the employees need to be trained in regard to cyber security
practice and the IT team need to know how to store and access the logs of the
PDIS serves
Cost of training is estimated to be $290K per year for large enterprises with
employees between 1000 - 5000(1).
2.1 Since the asset is at medium risk due to this vulnerability we mitigate this risk.
Adobe Server has released a hotfix for this vulnerability. Update to the latest
version of the server at no additional costs. Install regular updates and security
patches.
2.2 Since the asset is at Low - Medium risk due to this vulnerability we mitigate
this risk.
The vendor has released a software patch for this vulnerability. Installing
security patches regularly should help mitigate such vulnerabilities.
2.3 This vulnerability is due to human behavior and error. It can be avoided by
having guards work in shifts and placing security cameras and enabling remote
invigilation of the premises. However, this would incur additional cost to the
organization - extra guards, security cameras.
It is advised to avoid, because we cannot mitigate such risks.
2.4 The organization should avoid this risk.
To avoid this vulnerability there must be strict read-write access controls in
place. For instance - allowing only one person to modify the records or
disabling multiple writes.
3.1 The organization should mitigate this risk. There is a lack of encryption within
the server and although encryption helps to better secure it, there is not a way to
totally fix this problem due to the constant danger of attackers. A way to
mitigate this is to add an encryption software to the server.
3.2 The organization should mitigate this risk. They should do so by constant and
regular backups. Training can also be done to help the employees backup data
properly. Regular reminders would also help.

45
3.3 The organization should avoid this risk instead of mitigating. The server should
be updated with the latest version as early as possible. This should come of no
cost to the company, but it does take some time. Also, implementing backups
for the servers when the updates take place would be beneficial in data
retention. The cost for backing up depends on the amount of data that is backed
up. Manual backups can cost around $100.
3.4 The organization should mitigate this risk instead of avoiding it. Instead, they
could obtain different logins for MS Access instead of using the same login.
When they figure out that one login has been compromised, then they should
alert others to not use that login anymore and to get more. Also, backing up
their data is a good way to not lose their progress if and when the login is
compromised. Manual backups can cost around $100.
4.1 This vulnerability depends on the risk of the power outages. This concern could
be addressed by two ways. The first is there should be a backup storage power
like UPS for the main server, that supports it for a short time in case of power
outage. Second could be restricting any unauthorized access to the power
house.
4.2 This vulnerability could be addressed by proper training with the employees
who plan to use their personal asset outside to not use it in public places. Also,
unauthorized access to the system should be restricted. Along with this, the
confidential data should be encrypted so that it is not comprehensible even if it
is accessed.
4.3 This vulnerability could be addressed if no one can access or edit the source
code. Before any code movement it needs to test, validated in the quality
system and only then moved to the production environment.
4.4 Since this vulnerability is related to cross scripting we need to make sure that
no data from the data source should be allowed to make changes to the
JavaScript used. We could use the also implement a security policy for the
content.
5.1 The organization should update the system with the latest v3 patches to reduce
the risk associated with the vulnerability. This will not only reduce the risk of
attacks due to unencrypted data but also reduces the impact score to 1.4 from a
significant 2.9.
5.2 This risk can be avoided by the organizations by introducing encryption and
certificate management that verifies the authenticity of the service response
obtained sent by the receiver. This will prevent the remote spoofing of servers.
5.3 This can be avoided by introducing systems having software like Symantec

46
Encryption which performs end to end encryption of all the connected devices.
This will not only eliminate the risk due to unencrypted data but also prevent the
data loss, data corruption and data interception on the way
5.4 This vulnerability is due to human staff intentionally trying to introduce
erroneous data into the database. This can be avoided by performing background
check of all the employees. Also conducting security checks and having thorough
check throughout the premises where the sensitive data is stored.
References
● National Vulnerability Database Website
○ https://nvd.nist.gov/
● Lucidchart
○ https://www.lucidchart.com/documents
● Common Vulnerability Scoring System
○ https://www.first.org/cvss/calculator/3.0
● Aggie Medical Center Case
○ https://tamu.blackboard.com/bbcswebdav/pid-5479845-dt-content-rid-
43604608_1/courses/ISTM.635.1911.M1/Aggie%20Medical%20Center-
ISTM635.pdf
● Risk Mitigation Strategies
○ https://www.infosecurity-magazine.com/news/cost-of-user-security-training/
○ https://www.thesslstore.com/blog/cyber-risk-assessment/

47
Glossary
• AMC - Aggie Medical Center
• TSPs - Tablets and Smartphones
• CVE - Common Vulnerabilities and Exposure
• PC - Personal Computer
• PMS - Personal Management System
• FRKS - Financial Record Keeping System
• ECDS - Emergency Care Data System
• MLS - Medical Logistics System
• UTP wires - Unshielded Twisted Pair wires
• BP - Business Process
• Switch - device for controlling the connection in an electric circuit
• Router - device that routes data from LAN to network connection
• Server - computer that provides data to other devices
• UTP - copper cabling used in for wiring in LANs
• Buffer Overflow - coding mistake in a program’s software that allows an attacker to gain
• access into your system
• Cross Site Scripting - allows attackers to inject client side scripts into web pages
• Denial of Service Attack - occurs when users are unable to access devices and network
• resources due to malicious actions of a malicious cyber party
• Encryption - translates data into a code so that people with the access key can read the
• data
• Vulnerability - weakness that can be exploited by attacker to perform unauthorized
• actions
• Exploit - software or code that takes advantage of vulnerability to cause unintended
• behavior
• Threat - possible danger that can exploit the vulnerability to breach security
• Threat agent - the thing that is the origin of threat

48
Team Work
Each team member worked equally in identifying all the assets in AMC. Assets were
divided equally amongst members for scoring based on impact to business processes, financial
impact, etc. After identifying five critical assets, each member was assigned one asset to work
upon. The tasks in final report were dividing equally among team members for content and
consolidation.
Team Member Contribution
Akanksha Pathak 20%
Balvaishwer Singh 20%
David Zuniga 20%
Pratima Purohit 20%
Tushara Chigicherla
Kamalakar 20%