ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
AssetAttack SurfaceThreat DescriptionWhat could go wrong?ImpactLikelihoodControl EffectivenessInherent Risk Level Scale: 1 - 25Residual Risk Level Scale: 0-25Current ControlsCommentsAction/Mitigation PlanFurther Mitigation Warranted?Mitigation Activity Owner
2
Email (Data)Personnel Personal Cell PhoneThief steals cell phone and accesses data on phone, including project email that owner has checked using the device.3rd party data we're responsible for protecting is breached; we may have to inform everyone; may have to support mitigating damages, investigation, manage reputation33297Consider new policy for securing mobile devices: Password protected, encrypt data, etc.MaybeISO
3
"Project-Issued LaptopThief steals laptop and accesses data stored there, including email cached by IMAP client.3rd party data we're responsible for protecting is breached; we may have to inform everyone; may have to support mitigating damages, investigation, manage reputation33494Maintain current practice. IT sets up encryption on laptop before issuing to anyone. All laptops have remote-wipe functionality.NoIT Support Specialist
4
"Email ServerA third party exploits a vulnerability or misconfiguration in server to access emails stored on the server or observe them being received or transmitted by the server.3rd party data we're responsible for protecting is breached; we may have to inform everyone; may have to support mitigating damages, investigation, manage reputation33592Maintain current practice. Server only allows encrypted connections; all configuration changes are checked by Senior Systems Administrator before going into production; security updates to server software are applied promptly.NoSenior Systems Administrator
5
Email (Server & Service)Postfix (mail transfer agent)An attacker could use our mail server to send spam.Consumes our bandwidth, delays legitimate emails, we (our project or whole parent organization) get blocklisted and can't send email at all until resolved.4532012Server software is currently kept up to date; administrative access to the server is limited to the local network and requires two-factor authentication. However, users currently don't have to authenticate to the server for sending mail if they have received mail recently. This should be changed so that users' email clients must authenticate each connection.YesSenior Systems Administrator
6
Instrument Control SystemWeb-Based Control InterfaceAn attacker could exploit the web application we use to remotely turn our instruments' sensors on and off, causing sensors to be turned off or become unavailable when needed.Loss of valuable sensor telemetry, possibly during a once-in-a-lifetime event.523106Consider 2FA. The control server is behind a firewall, but security could be increased by using two-factor authentication instead of passwords alone, and/or making it accessible only from the VPN.MaybeISO
7
00
8
00
9
00
10
00
11
00
12
00
13
00
14
00
15
00
16
00
17
00
18
00
19
00
20
00
21
00
22
00
23
00
24
00
25
00
26
00
27
00
28
00
29
00
30
00
31
00
32
00
33
00
34
00
35
00
36
00
37
00
38
00
39
00
40
00
41
00
42
00
43
00
44
00
45
00
46
00
47
00
48
00
49
00
50
00
51
00
52
00
53
00
54
00
55
00
56
00
57
00
58
00
59
00
60
00
61
00
62
00
63
00
64
00
65
00
66
00
67
00
68
00
69
00
70
00
71
00
72
00
73
00
74
00
75
00
76
00
77
00
78
00
79
00
80
00
81
00
82
00
83
00
84
00
85
00
86
00
87
00
88
00
89
00
90
00
91
00
92
00
93
00
94
00
95
00
96
00
97
00
98
00
99
00
100
00