ORM 1
Running head: ORGANIZATIONAL RISK MANAGEMENT
Organizational Risk Management (ORM) Project
Video Production Technology Department
Ossie Thomas
San Jose State University
December 02, 2015
ORM 2
Introduction
The purpose of this Organizational Risk Management Project is to identify International
Paper (IP) in-house Video Production Technology’s assets, determine the value of each asset,
and to classify the data.
IP’s in-house Video Production Technology is located at IP Corporate Office in Memphis,
TN., in the Lower Level Studio of Tower 2. The Video Production Technology is a governance
team overseeing all aspects of video, streaming media and audio content for International Paper
(internal and external). They specialize in:

Documented production and quality standards

Approved production service providers

Encoding and bandwidth standards

Formalized review and approval process for audio, video and streaming media
content

Centralized repository for managing and presenting videos
This risk management project is a two part project. Part 1 of the project will identify all
assets, information assets, and information system assets and it estimated value found at Video
Production Technology. We will define how the information assets’ data should be classified
and it value. And for the computer information system assets we will define how critical the
information system is to Video Production Technology. Part 2 of the project will identify the
threats and vulnerabilities that could damage the assets identified in Part 1, and determine a
mitigation strategy for each.
ORM 3
Part 1: Asset Identification
Table 1 shows a table of the assets located in the Video Production Technology Department.
These are assets the department wants to protect in the event of a disaster. The value of the
assets was estimated based on the replacement value.
Assets
Value (estimated)
Building / Office
Greater than $1 Million
Digital cameras - 2
$30,000.00 each
Video Cameras - 3
$5000.00 each
Camera Stands / Tripods - 4
$1000 each
25’ TV Monitors - 4
$5500.00 each
Distribution Amp
$1200.00
Speakers - 4
$500.00 each
Podcast equipment
$800.00
Lighting Kit
$1200.00
Broadcast console
$8,000.00
Stylist Credenza
$6000
Microphones - Hand held (3)
$300.00 each
Microphones – wireless (hang from
$150.00 each
ceiling)
Microphone Stands (3)
$30.00 each
Workstation for audio/video editing
$3,000.00
Workstations (Cubicle) - 9
$1200.00 each
Chairs - 9
$120.00 each
Credenza - 3
$950.00 each
Tables - 3
$60.00 each
File cabinets – 4 (5 drawers)
$50.00 each
Furniture - Waiting Room
$300.00
 Chairs – 2
 Table
Telephone – Waiting Room
$90.00
Company Stationery
$200.00
Manuals, books, and guides
$500.00
Commercial software
$200.00 - $850.00
Teleprompter
$650.00
Office Supplies
$10,000
Wall Mount On-Air Light
$100.00
Company Logo
Priceless for the Company
Table 1. Asset(s) identified and their value to the organization
ORM 4
Table 2 shows a table of information assets, classification, and their value to the Video
Production Technology Department and the company. The classifications identified are:
o Confidential - Where the access is restricted to a specific list of people
o Internal Use - Where the access is restricted to internal employees only
o Sensitive - Requires special precautions to ensure the integrity and confidentiality of
the data by protecting it from unauthorized modification or deletion
The values identified are:
o High – Items are costly to replace or time sensitive
o Sensitive – restricted access
Information Assets
Data Classification
Value (estimated)
Listing of Video Recordings Confidential
High
Equipment inventory list
Confidential
High
Operational procedures
Internal Use
High
Archived Recording
Internal Use
High
inventory list
Continuity plans
Internal Use
Sensitive
Strategic plans
Internal Use
High
Service Contracts
Confidential
High
Policies
Internal Use
High
Supplier contact data
Internal Use
High
Training materials
Internal Use
High
Intellectual property
Sensitive
High
Employee Name badge
Confidential
High
(Credential)
Project files (documenting
Internal Use
High
Video / Photo request)
Budgets
Internal Use
High
Table 2. Information assets, classification, and their value to the organization
ORM 5
Table 3 shows a table of the information system assets, criticality, and their value to the Video
Production Technology Department and the company.
Information Systems
Assets
Criticality
Value (estimated)
8 Employees
Sensitive
High
Name badge reader
Sensitive
High
Employee Name badge
Sensitive
High
scanner
Desktop computers - 8
High
High
Laptops - 8
High
High
Sound Board
High
High
Software
High
High
 Application
 Operation
System operation software
High
High
Servers
High
High
Backups and archives Hard
High
High
drive
Routers
High
High
Modems
High
High
Mobile phones (8)
High
High
Telephones (9)
High
High
Removable media (tapes,
High
High
floppy disks, CD-ROMs,
DVDs, PC card storage
devices, and USB storage)
Portable hard drives
High
High
Employee User ID
Sensitive
High
Employee personal contact
High
High
data
Network infrastructure
High
High
design
Internal Web sites
High
High
Press releases
High
High
Fax machines - 2
High
High
Copy Machine - 3
High
High
Printers - 3
High
High
Scanners
High
High
Wireless & Network
High
High
Connectivity
Power supplies
High
High
Table 3. Computer information systems assets, criticality, and their value to the organization
ORM 6
Part 2: Threats and Vulnerabilities Identification
Definitions:
Threats are any action that can damage an asset. Information security threats are events or
actions that represent a danger to information assets. These can be both natural- or humaninduced threats, and can be accidental or malicious.
Risk is the likelihood that something bad will happen.
Vulnerability is when a weakness allows a threat to be realized or to have an effect on an asset.
Table 4 lists categories of threats and provides examples of the threats.
Categories of Threat
Examples
1. Act of human error or failure
Accidents, employee mistakes
2. Compromises to intellectual property
Piracy, copyright infringement
3. Deliberate acts of espionage or
trespass
4. Deliberate acts of information
extortion
5. Deliberate acts of sabotage or
vandalism
6. Deliberate acts of theft
Unauthorized access and/or data collection
7. Deliberate software attacks
Viruses, worms, macros, denial of service
8. Deviations in quality of service by
service provides
9. Forces of nature
Power and WAN service issues
10. Technical hardware failures or errors
Equipment failure
11. Technical software failures or errors
Bugs, code problems, unknown loopholes
12. Technological obsolescence
Antiquated or outdated technologies
Blackmail or information disclosure
Destruction of systems or information
Illegal confiscation of equipment or
information
Fire, Flood, Thunderstorm, lightning
Table 4. Categories of Threat (Whitman and Mattord, 2011)
ORM 7
Risk Mitigation Strategy
Table 5 through Table 13 identifies threats to and the vulnerability of the assets of the Video
Production Technology Department and offers information to mitigate these threats. The
geographic location of the facility is in the Memphis metropolitan area and lies in what is called
a "mid-latitude, moist continental" climate (all four seasons). With cool but not bitterly cold
winters, hot and humid summers, and a high degree of variability during spring and autumn,
along with a fair amount of precipitation (thunderstorms and moderate rain) year-round.
Thunderstorms are the most severe precipitation particularly during the summer months;
thunderstorms can produce gusty straight-line winds and heavy rain (Cirrus Weather Solutions).
A recent article posted by WREG News 3 states a report from the FBI, claimed Memphis is
the third most dangerous city in the nation. The study compared crime rates of cities with
populations over 200,000. It reported based on 2013 numbers there were 124 murders, 7,200
aggravated assault, 366 arsons and more than 40,000 property crimes. With statistics such as
these it is imperative that the Video Production Technology Department have a mitigation
strategy to protect its assets.
The Video Production Technology Department is located in the Lower Level (basement) of
Tower 2. With the location of the department flooding can be a great concern. Thunderstorms
with the straight line winds can also cause a threat to the assets. The physical location of the
building is located, in what the city calls East Memphis, which is considered to be a safe area of
Memphis. However, they are not exempt from crime. The Video Department should have a
mitigation strategy in place to protect against the probability of internal and external criminal
activities.
ORM 8
Table 5 identifies threats to and the vulnerability of the building where the Video Production
Technology Department is located and it offers information to mitigate these threats.
Name of Asset:
Building
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection



Deliberate acts of sabotage or Destruction of systems or
vandalism
information
Forces of nature
Fire, Flood, Tornado,
lightning






Table 5. Risk Management - Building
Ensure there is controlled
access to building
Ensure building has
security system, motion
sensors, and Security
Guards
Ensure all employees have
an identification card to
enter the building and
must swipe their badge to
get in
Watch for tailgaters
Development a business
continuity plan with
recovery strategies
Purchase insurance (fire,
flood, casualty, business
interruption, etc.) to
reduce the financial impact
of the business
interruption, loss or
damage to the facility or
equipment
Ensure building has fire
and security alarms, fire
suppression systems, and
fire extinguishers
The building should have
noncombustible interior
equipment and adequate
controls for humidity,
temperature, ventilation,
and lighting
Plan early with warning
drills
ORM 9
Table 6 identifies threats to and the vulnerability of the Video Cameras used in the day-to-day
operation of the Video Production Technology Department and it offers information to mitigate
these threats.
Name of Asset:
Video Cameras
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes





Deliberate acts of sabotage or Destruction of systems or
vandalism
information

Deliberate acts of theft

Illegal confiscation of
equipment or information


Security awareness training
for users
Proper training on the use of
the equipment
User should safeguard
Cameras at all time
Have controls in place for the
use of the cameras, checkin/check-out
Ensure that all employees
have an understanding of
sensitive information,
common security risks, and
basic steps to prevent
security breaches
Ensure that employees have
only the privileges and
accesses they need to
perform their jobs.
Implement processes and
policies to limit access
rights/credentials of all users,
but especially privileged
users, to ensure that only the
minimum of usage amount
necessary is provided.
Develop an off-boarding
procedure for terminated
employees to ensure all
access to company
information is terminated
upon departure and company
assets are returned to the
company.
Ensure that employees have
only the privileges and
accesses they need to
perform their jobs.
ORM 10


Forces of nature
Fire, Flood, Tornado,
lightning

Technical hardware failures
or errors
Equipment failure

Technological obsolescence
Antiquated or outdated
technologies


Periodically review the
access lists for each critical
resource or system to ensure
that the right set of
individuals has authorized
access.
Ensure all visitors are
escorted at all time to a
physical security area
Ensure there is a Backup
and Restore Policies in
place
Ensure the dept.
understand the security
features of all hardware
and software products that
are purchased and ensure
that security features are
configured correctly
Ensure you stay up-to-date
with technology
Keep cameras in good
working conditions by
regular maintenance and
replace aging cameras
Table 6. Risk Management – Video Cameras
Table 7 identifies threats to and the vulnerability of the Digital Cameras used in the day-today operation of the Video Production Technology Department and it offers information to
mitigate these threats.
Name of Asset:
Digital Cameras
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes




Security awareness
training for users
Proper training on the use
of the equipment
User should safeguard
Cameras at all time
Have controls in place for
the use of the cameras,
check-in/check-out
ORM 11
Deliberate acts of sabotage or Destruction of systems or
vandalism
information

Ensure that employees
have only the privileges
and accesses they need to
perform their jobs.
Deliberate acts of theft

Implement processes and
policies to limit access
rights/credentials of all users,
but especially privileged
users, to ensure that only the
minimum of usage amount
necessary is provided.
Develop an off-boarding
procedure for terminated
employees to ensure all
access to company
information is terminated
upon departure and company
assets are returned to the
company.
Periodically review the
access lists for each critical
resource or system to ensure
that the right set of
individuals has authorized
access.
Ensure all visitors are
escorted at all time to
physical security area
Illegal confiscation of
equipment or information



Forces of nature
Fire, Flood, Tornado,
lightning

Technical hardware failures
or errors
Equipment failure

Technological obsolescence
Antiquated or outdated
technologies

Table 7. Risk Management – Digital Cameras

Ensure there is a Backup
and Restore Policies in
place
Ensure the dept.
understand the security
features of all hardware
and software products that
are purchased and ensure
that security features are
configured correctly
Ensure you stay up-to-date
with technology
Keep cameras in good
working conditions by
regular maintenance and
replace aging cameras
ORM 12
Table 8 identifies threats to and the vulnerability to the Employee Name Badge of the Video
Production Technology Department and it offers information to mitigate these threats.
Name of Asset:
Employee Name Badge
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes



Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection





Blackmail or information
disclosure

Deliberate acts of sabotage or Destruction of systems or
vandalism
information

Deliberate acts of
information extortion

Do not share name badge
with other employees
Report lose or stolen ID
badge
Employee sign a
Confidentiality Agreement
Ensure there is a second
and third, if necessary,
controlled access into the
Video Department
Ensure Video Dept. has
security system, motion
sensors, and some type of
extra security
Ensure only authorized
employees have security
access to enter the Video
Dept. and must swipe their
badge to get in
Never allow a person
without an employee name
badge (ID) to enter into a
secure area along with an
employee with an ID
Watch for tailgaters
Limit the amount of
information you share with
non-employees. For
employees, share
information on the need to
know bases
Ensure that employees
have only the privileges
and accesses they need to
perform their jobs.
Revoke all access for
terminated employees
ORM 13

Deliberate acts of theft
Illegal confiscation of
equipment or information


Periodically review the
access lists for each
critical resource or system
to ensure that the right set
of individuals has
authorized access.
Revoke all access for
terminated employees
Ensure all visitors are
escorted at all time to a
physical security area
Table 8. Risk Management – Employee Name Badge
Table 9 identifies threats to and the vulnerability to the List of Video Recordings produced by
the Video Production Technology Department and it offers information to mitigate these threats.
Name of Asset:
List of Video Recordings
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes


Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection





Employee sign a
Confidentiality Agreement
Only authorized User
should have access to the
Video Recording Listing
Ensure there is a second
and third, if necessary,
controlled access into the
Video Department
Ensure Video Dept. has
security system, motion
sensors, and some type of
extra security
Ensure only authorized
employees have security
access to enter the Video
Dept. and must swipe their
badge to get in
Never allow a person
without an employee name
badge (ID) to enter into a
secure area along with an
employee with an ID
Watch for tailgaters
ORM 14
Deliberate acts of sabotage or Destruction of systems or
vandalism
information

Deliberate acts of theft

Illegal confiscation of
equipment or information

Periodically review the
access lists for each
critical resource or system
to ensure that the right set
of individuals has
authorized access.
Ensure that all employees
have an understanding of
sensitive information,
common security risks,
and basic steps to prevent
security breaches
Ensure all visitors are
escorted at all time to a
physical security area
Table 9. Risk Management – List of Video Recordings
Table 10 identifies threats to and the vulnerability of the Intellectual Property of the Video
Production Technology Department and it offers information to mitigate these threats.
Name of Asset:
Intellectual Property
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes




Compromises to intellectual
property
Piracy, copyright infringement



Ensure all employment
contracts clearly state the
company ownership of any
intellectual property
developed for the
company
Establish a policy for all
patents, designs,
trademarks, copyrights and
domain names
Make sure workers sign an
agreement that any
inventions created by them
while working for your
business belong to the
business
Employee sign a
Confidentiality Agreement
Obtain a Patent
Copyright Protection
File for Trademark
ORM 15

Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection




Ensure employees,
contractors, and other
personnel are familiar with
the protocol for handling
sensitive information,
including IP and customer
information
Obtain a Patent
Copyright Protection
File for Trademark
Put essential security
control in place without
exception. Implement
more advanced controls as
needed.
Table 10. Risk Management – Intellectual Property
Table 11 identifies threats to and the vulnerability to the Laptops used in the day-to-day
operation of the Video Production Technology Department and it offers information to mitigate
these threats.
Name of Asset:
Laptop
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes




Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection





Deliberate acts of sabotage or Destruction of systems or
vandalism
information


Safeguard laptop at all time
Continuous User training
Prompt reporting of lose
device
Keep laptop in a secure
laptop bag to prevent
dropping it
Safeguard laptop at all time
Enforce the use of strong
password
Ensure data on laptop is
encrypted
Restrict access to detective
controls to prevent
unauthorized access
Add an authentication and
time-lock feature
Safeguard laptop at all time
Keep laptop locked in secure
area and out of view
ORM 16
Deliberate acts of theft
Illegal confiscation of
equipment or information






Deliberate software attacks
Viruses, worms, macros,
denial of service








Forces of nature
Technical hardware failures
or errors
Fire, Flood, Tornado,
lightning
Equipment failure




Technical software failures
or errors
Bugs, code problems,
unknown loopholes

Technological obsolescence
Antiquated or outdated
technologies

Table 11. Risk Management - Laptop

Back up data regularly
Safeguard laptop at all time
Enforce the use of strong
password to make it difficult
for break in
Ensure laptop is encrypt
Keep laptop locked in secure
area and out of view of
others
Disable accounts after a
certain number of
unsuccessful login attempts
Safeguard Laptop at all time
Update and patch operating
system
Install an Anti-Spam
Install virus protection
Use up-to-date anti spyware
tool
Have an up-to-date firewall
protection
Monitor logs for unusual
traffic
Allow only trusted software
to execute the operating
systems
Install an Intrusion Detection
Ensure company has proper
insurance
Control hardware that gets
connected to the company’s
network.
Ensure the dept. understand
the security features of all
hardware products that are
purchased and ensure that
security features are
configured correctly
Ensure that all software
updates are properly signed
and coming from a trusted
source
Ensure you stay up-to-date
with technology
Keep laptop in good working
conditions by regular
maintenance and replace
aging laptop
ORM 17
Table 12 identifies threats to and the vulnerability of the Mobile Phones used in the day-today operation of the Video Production Technology Department and it offers information to
mitigate these threats.
Name of Asset:
Mobile Phones
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes



Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection




Deliberate acts of sabotage or Destruction of systems or
vandalism
information
Deliberate acts of theft
Illegal confiscation of
equipment or information




Deliberate software attacks
Viruses, worms, macros,
denial of service



Forces of nature
Fire, Flood, Tornado,
lightning
Table 12. Risk Management – Mobile Phones

Safeguard mobile phone at
all time
Continuous User training
Prompt reporting of lose
device
Safeguard mobile phone at
all time
Enforce the use of strong
password
Ensure mobile phones are
secure with passwords and
the data is encrypted
Add an authentication and
time-lock feature
Safeguard mobile phone at
all time
Safeguard mobile phone
Enforce the use of strong
password to make it
difficult for break in
Keep mobile phone out of
sight when traveling
Protect mobile phone with
password and pins
Set the lock screen so the
phone will auto lock after
being left idle for a period
of time.
Ensure that all software
updates are properly
signed and coming from a
trusted source
Safeguard mobile phone at
all time
ORM 18
Table 13 identifies threats to and the vulnerability of the Employees User ID of the Video
Production Technology Department and it offers information to mitigate these threats.
Name of Asset:
Employee User ID
Threat(s):
Vulnerable to Threat(s)
Risk Mitigation Strategy
Act of human error or failure
Accidents, employee mistakes


Deliberate acts of espionage
or trespass
Unauthorized access and/or
data collection






Deliberate acts of theft
Illegal confiscation of
equipment or information



Compromises to intellectual
property
Piracy, copyright infringement


Table 13. Risk Management – Employee User ID
Do not share Employee ID
with others.
Keep ID and password in
secure place.
Ensure there is a second level
of controlled access into the
Video Department
Ensure there is a security
system and motion sensors
Ensure only employees with
needs have security access to
enter the Video Dept. using
their badge to enter
Never allow a person without
an employee ID to enter into
a secure area
Watch for tailgaters
Keep employees ID listing in
locked cabinet at all times.
Periodically review the
access lists for each critical
resource or system to ensure
that the right set of
individuals has authorized
access.
Regularly view active
accounts to make sure they
are valid, necessary, properly
configured, and given only
appropriate privileges
Restrict and monitor
privileges users
Ensure that all employees
have an understanding of
sensitive information,
common security risks, and
basic steps to prevent
security breaches
Restrict and monitor users
access
ORM 19
Conclusion
The purpose of this risk management project is to conduct appropriate activities to mitigate
risks associated with International Paper in-house Video Production Technology’s classified
valued assets identified in Table 1, its information asset identified in Table 2, and its Information
Systems Assets identified in Table 3.
International Paper is a global leader in the paper and packaging industry with manufacturing
operations in North America, Europe, Latin America, Asia and North Africa. Headquartered in
Memphis, Tenn., the company employs approximately 65,000 people and is strategically located
in more than 24 countries serving customers worldwide. The in-house Video Production
Technology is located at the Headquarters in Memphis, TN, dedicated to providing global
employees with a video library they can access at their convenience. The on-demand videos
provide employees with consistent and timely communications, enabling cost-effective
knowledge transfer and ensure best practice sharing. The press releases, national and trade news
related to International Paper products, brands and services are taped, recorded, and/or filmed in
the in-house Video Production Technology Department. This area is deemed a highly security
area because it is where the Chairman/Chief Executive Officer does recording, video, and or
taping of company earnings for NYSE and the Members of the Board of Directors, as well as,
any PR for the company. This is the repository for the history of the CEO speeches, videos,
photographs of special events.
Table 1 shows a listing of the physical valued assets located in the Video Production
Technology Department that have been identified as critical and essential for the department to
continue operations in the event of a disaster. The value of these assets was estimated based on
the replacement value.
ORM 20
Table 2 shows a listing of information assets that provides value to the Video Production
Department and poses an operational risk that can impact the overall business operations of the
Company. These items have been deemed critical and essential to the department. It also shows
the asset classification and it sensitivity to loss, disclosure, or unavailability to the Video
Production Technology Department and the company. Items were identified as Confidential,
Internal Use, and or Sensitive because they are restricted to all or only some employees in the
company and if released, can have the potential of negative consequences on the company
business mission and security stance.
Table 3 shows a listing of the information system assets, criticality, and their value to the
Video Production Technology Department and the company. These assets are critical and
essential to the department and deemed valuable because they cannot be easily replaced without
significant investment in expense, time, employee’s skill, and/or resources; and in some cases
form part of the organization’s corporate identity (Whitman and Mattord, 2011).
Table 4 shows the common threat agents identified by Whitman and Mattord, 2011.
Table 5 identifies the vulnerabilities, identifies and mitigates potential threats imposed on the
asset, and provides appropriate countermeasures to reduce risk to the building. While there are
many threats identified, awareness and an action plan can mitigate the potential threats.
Table 6 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Video Cameras. The
video cameras are of value to the department and the company because of the details that can be
found on the hard drive can be of great interest to the company’s competitors. The Video
Production Technology Department tapes the CEO when presenting internal company
information for global employees including earnings of the company, external communication to
ORM 21
shareholders, stock exchange, and general public relations information. There are instances
where there is internal information such as trade secret, product specification, manufacturing
information, marketing plans, pricing strategies, and customer information may be recorded.
Table 7 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Digital Cameras. The
digital cameras are of value to the department and the company because of the details that can be
found on the disk can be of great interest to the company’s competitors as well as anyone that
want to do harm to the CEO. The Video Production Technology Department takes photos of the
CEO during speeches, Board of Directors meetings, many of the company gatherings, company
products, and intellectual property.
Table 8 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Employee Name
Badge. The employee name badge is the ticket to many areas; some highly secure areas, of the
company. It is imperative that each employee name badge is coded with the privileges and
accesses they need to perform their jobs only and no exception. Have a policy in place for lost or
stolen ID. Revoke all access for terminated employees and make sure the ID badge is
confiscated. Most importantly do not allow tailgaters. Company assets can be stolen or
destroyed if the employee name badge got in the hands of the wrong person.
Table 9 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the List of Video
Recordings. The list of video recordings is of value to the department and the company because
of the details that can be found on the list can be of great interest to the company’s competitors.
The Video Production Technology Department tapes the CEO when presenting internal company
ORM 22
information for global employees including earnings of the company, external communication to
shareholders, stock exchange, and general public relations information. There are instances
where there is internal information such as trade secret, product specification, manufacturing
information, marketing plans, pricing strategies, and customer information may be recorded.
Table 10 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Intellectual Property.
Protecting the intellectual property is crucial to the success of any business. Intellectual property
consists of items that the company has created that are unique such as inventions, designs, and
trade secrets. The Video Production Technology Department houses the video taping of many
inventions created by the company. One of the inventions includes box designs for several
businesses.
Table 11 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Laptop. The company
laptops allow the employees to have access to the company email, documents, business
intelligence, and many other applications on the company’s system. Without proper safeguards
in place the information on the laptop is accessible by people who should not have it. Therefore,
it is imperative the laptops have adequate protections such as passcode protections preferable
with defined number of failed attempts lock-out and remote lock. The company must define
protocols for the employees to follow in the event of a lost or stolen laptop.
Table 12 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Mobile Phones. The
company has smartphone applications that allow the employees to have access to the company
email, documents, business intelligence, and many other applications on the company’s system.
ORM 23
Without proper safeguards in place the information on these devices is accessible by people who
should not have it. Therefore, it is imperative that the mobile device have adequate protections
such as passcode protections preferable with defined number of failed attempts lock-out and
remote lock. The company must define protocols for the employees to follow in the event of a
lost or stolen mobile phone.
Table 13 identifies the vulnerabilities, identifies and mitigates potential threats imposed on
the asset, and provides appropriate countermeasures to reduce risk to the Employee User ID.
The department must ensure that private information is kept secure and that unauthorized access
to the employee’s User ID doesn’t take place. Protecting the employee User ID can help reduce
risk of theft and security breaches. Employees should avoid using an automatic login feature that
saves your user name and password. The department should regularly view active accounts to
make sure they are valid, necessary, properly configured, and given only appropriate privileges.
Ensure that all employees have an understanding of sensitive information, common security
risks, and basic steps to prevent security breaches.
ORM 24
References
Ciampa, M. (2015). CompTIA security+ guide to network security fundamentals (5th ed.).
Boston, MA: Cengage
Cirrus Weather Solutions, LLC. (n.d.). Overview of Memphis and Mid-South Weather.
Retrieved from http://www.memphisweather.net/cli-overview.shtml
Rufener, K. (2015, April 10). FBI ranks Memphis as the 3rd most dangerous city. WREG
News [Memphis]. Retrieved from http://wreg.com/2015/04/10/fbi-ranks-memphis-asthe-3rd-most-dangerous-city/