Identify company risk assignment

https://www.epa.gov/sites/production/files/2015-09…

https://www.epa.gov/office-inspector-general/repor…

Reference Sample Risk:

   

Organization/Agency Selected:

Organization/Agency Mission:

 

Identifier

Source

Threat ID

Risk Description

Business Impact

Recommended Corrective Action

Likelihood

Impact

Risk Level

 

Audit

T-1,

T-8,   T-23, T-24,

T-36

Notification   is not performed when account changes are made.

The lack of notification allows   unauthorized changes to individuals who elevate permissions and group   membership to occur without detection. 

Enable auditing of all activities   performed under privileged accounts in GPOs and develop a process to allow   these events to be reviewed by an individual who does not have Administrative   privileges.

Medium

Medium

Medium