Security Assessment

To: JMZ Senior Management
Date: March 5, 2011
Re: Security Risk Assessment
Security Assessment Findings

The purpose of this memorandum is to provide our senior management with a security risk assessment of the JMZ Adventure Ecotours network and systems. Management may also use this memo as a guide to prioritize our approach to mitigating security risks. Our company data, our network, and the systems are the most valuable assets of our organization. It is the responsibility of our management team to provide adequate security of these assets.
This security assessment lists the top nine vulnerabilities that should be considered by our management team as the most likely to happen with the greatest cost to our organization. This list includes damage to our company reputation/loss of business opportunities, threats from hackers, sabotage by employees, force majeure or acts of God, embezzlement, virus attacks, data loss, improper use by employees and user errors. The majority of these are primarily cause by people, which is part of security defenses and they are our first line of defense. People are the key to our defenses.
By no means is this list a complete list. There are other vulnerabilities that still should be addressed at some point later in time. Some of the other vulnerabilities include servers not configured properly, SPAM, spoofing, denial of service and brute force attacks.
The following is a table that represents the data found by the security assessment. The charts below show the probability of occurrence of each exposure, the average loss, and expected potential loss of each exposure. The chart also graphically identifies the expected potential losses, by exposure.
  | Exposure | Probability of Occurrence | Average Loss per Occurrence | Expected Potential Loss |
1 | Damaged company reputation/
loss of business opportunities | 75% |   $   200,000.00 |   $   150,000.00 |
2 | Threats from Hackers | 80% |   $...