In the threat assessment process, it will first try to understand possible threats to the identified assets of the organization, finding out the most dangerous threat, the cost related to recovery from the threat and the maximum expenditure for preventing the threat (Kizza, 2015).
There are a number of vulnerabilities in the existing information technology infrastructure of XYZ bank. All these vulnerabilities open up chances for exploitation and threats to the assets of the organization.
The threats to the assets of XYZ bank are listed below,
1.Phishing is an illegal attempt to capture sensitive information about some individual or organization. This is carried out by attackers by masquerading some legitimate entity of a network that has been targeted. After getting into the network, it steals information from there. Sometimes it mimics the appearance of a whole website or online presence of an organization and steals information from the legitimate users of the website. The users think the attacker as a legitimate entity. A phishing attack is usually initiated by instant messaging or email spoofing. The customer data of the bank are totally insecure in the face of various information security attacks. Attackers can steam customer information, can replicate the online presence of the bank and make the customers fool about the bank. It will harm the business severely.
2.Unpatched software related Attacks are also growing in numbers. No information systems are beyond vulnerabilities. A system is likely to have bugs, vulnerabilities etc. Developers and vendors provide time to time patching for the applications as and when they fix some existing vulnerabilities of a system. The user must keep the systems and applications updated by installing the patches and updated timely. They also should not use some outdated system that has no longer any support from the developers or vendors. But, XYZ bank don’t update their systems and applications, they don’t have used any patch for any system. So, they are exposed to the attacks related to unpatched software attacks.