Risk Assessment

I. AUDIT

DESCRIBE THE PURPOSE OF THIS RISK ASSESMENT

The purpose of Risk Assessment is to identify the hazards/threats and evaluate the risk associated with the identified hazards, and also help to prevent or
reduce it by giving recommended controls to ensure the safety and protect the integrity and credibility of the individual, Specifically the people who are using
Twitter.
Twitter brings together all kinds of people, it is said that there are 330M monthly and 145M daily active users and 500M tweets are sent out per day. In that
Millions of tweets, there is a chance or possibility that their tweets and the user itself are safe or not because anyone can follow you and anyone can see what
you are posting, and you don’t know who anyone can be.
That is why Risk Assessment should apply in order for us/user to be aware of what is happening around you, have knowledge and understanding on what and
why risk/hazards exists and how it can be manage.

DESCRIBE THE SCOPE OF THE RISK ASSESMENT

The scope of this assessment is to know what are the risk specifically the hazards that twitter brings to the user and also create and give resolution for the
identified threats.

Goals
- Identify and recognize the risk and lessen the vulnerabilities to ensure the security of the user.
- Understand the mechanism and the impact.
- To prove that twitter may become a dominant way for business to communicate with their customers and also users to communicate with other user.
- Also to prove that twitter is one of those trusted and secured social media platforms.

Objectives
- Enrich privacy and data protection services.
- Discover and Recommend controls that can be used to prevent the risk.
- Protect confidentiality, integrity and availability of information that the user has.
- Review confidential tweets and suspend dummy accounts.

LIST ALL PARTICIPANTS INCLUDING ROLE IN THE RISK ASSESSMENT (e.g. system owner, system custodian etc.)
Twitter users
- Users has important role, since they are the beneficiaries and the one who says that there is a problem being experience in twitter.

Page 1 of 6
 System Administrators
- The are the operators and one who knows and responsible of what is happening and what is the real problem in twitter.

The CEOs
- The people who knows more about the twitter since some of them are also the co-founder of twitter.

Twitter developer
- The person who have the most knowledge about what is twitter and how it works.

Those are the responsible/participants in taking up risk assessment.

DESCRIBE KEY TECHNOLOGY COMPONENTS INCLUDING COMMERCIAL SOFTWARE

Twitter
- Micro-blogging internet service, founded on year 2006.

Internet Connection
- Twitter use internet connection in order for the user to open the account and start using it.

Hootsuite Software
-Best way to manage social media networks like twitter.

MySQL
- Twitter uses it heavily for primary storage of tweets and Users, and maintains a custom fork that they recently open-source.

FlockDB
- This twitter’s in-house graph database, which they use to store social graph information.

DESCRIBE HOW USERS ACCESS THE SYSTEM AND THEIR INTENDED USE THE SYSTEM
Users can have access to twitter if they create their own account, follow other people whether it is a politician, celebrities or just an ordinary people, different
pages and groups so that users can see other’s tweet or updates.
They tend to use it to communicate and allow people to share their thoughts with a big audience at a faster pace.

II. RISK ASSESSMENT

WHAT ARE THE IDENTIFIED THREAT SOURCE AND VULNERABILITY?

Page 2 of 6
 Users fault
- Primary source of threats in twitters are the users itself. Based on my research, Social media platform, for security professionals, it would be more than just
a networking tools. Your tweets can be used against you, it can also be an additional source of valuable information on topics from vulnerability, exploits and
malware to threat actors and anomalous cyber activities.

Data leaks cause by hackers

- It is also said that fake accounts and data leaks can be a cause of concern. According to google, 44% of surveyed organizations cited the importance of
social media intelligence, solution for the digital risk.

Twitter suspends everybody’s account whether they are hacked, sports and Hollywood celebrities or Media Company because of lacks of proper humanoid
process to review suspended accounts, Lacks a real scalable platform.

Twitter bug
– It leaked iOS users’ location and data to partner.

Administrators Fault
- Twitter lacks human support and it says that the CEO of twitter lacks leadership, strategic vision and proper knowledge in order to fix twitter’s security
problems.

Phishing
– A deceitful process by which an attempt is made to acquire sensitive information such as username and password.

Bots in twitter
– accounts created by software programs pretending to be human. It said that these bots tweeted 1.4M times during the run up to the last presidential
election in Russia.

THREAT SOURCE/VULNERABILITY (Put check inside the box.)

Hardware Fault / Software Fault / Human Error / Intentional Outside Error / Intentional Insider Others:

EXISTING CONTROLS
Always check the URL of the Twitter Login Page.
- There are a lot of fake login pages like a twitter login page, it runs malicious scripts which can copy your twitter username and password and send it to an
email address.

Follow the Social Media security best practices.

- Update your security settings on all digital regularly. Enable multi-factor authentication and avoid password reuse.

Page 3 of 6
Avoid Web based Twitter apps which ask for your password.
- You don’t have to save your twitter account credentials in any third party site’s databse.

Beware of Direct Messages from users whom you don’t know.

- Scammers use clever technique. Some of these are spam links

Protect you tweets by making your account private.

- The best way to hide your twitter activity is to switch your account type to “private” mode.

RISK RATING

A. Consequence

/ High Medium Low

B. Likelihood

/ Very Likely Likely Unlikely Highly Unlikely

C. Risk Rating

/ High Medium Low

RECOMMENDED CONTROLS

Recommended controls or alternative options for reducing risk

-Do not spread out your email and password. Keep it to yourself only.
-Make sure that you are using the official twitter apps.
-Link it to your existing email so that you can easily recover it if you forgot the password or username.
-Be responsible of posting tweets, remember that there are a lot of people who can see your tweets and can use it against you.
-Do not share important information about you and rants about other people especially governmental issues that doesn’t support by the legal documents.
(THINK BEFORE YOU CLICK)

Page 4 of 6
RECOMMENDATIONS
- Use social media properly. There’s no safe on cyberspace. People make mistakes, but errors with social media can lead to terrible consequences.
- Strengthen the security of accounts,
- Lessen the inappropriate tweets to avoid suspension of accounts.
- Limit the information about yourself in your account to prevent identity theft.
- Don’t post important data to prevent data breaching.

SUMMARY

How was the risk assessment done?

+ Risk assessment was successfully identified the risk/hazard and the existing controls are effective and the recommended controls listed above would help to
reduce or eliminate the threats.
+ Those identified hazards, threats and vulnerabilities has a negatively impact to the user and also to the software. If not prevented, it will cause damage.

+ Consequences rated high because the risk identified could affect the software and also the software, if not prevented, it will cause damage. The user might
continue receiving spam messages, continue letting someone access your account secretly, spreading unlawful and inappropriate tweets and imitating
someone’s identity, will exist if the risk or threats is not taken care of. Not that totally free from risk, but at least lessen the vulnerabilities.
+ Likelihood rated very likely, because twitter is one of the big social media platform and millions of people are using it, in that millions of people, some of it
the intentions are not just to be entertain but to get rid of someone’s account and identity.
+ Risk rated high because the threats occur in twitter it is not safe and will give big problem to the software and also the user. Confidentiality, Integrity and
Availability are affected and must proactive in order for the user to use twitter well.

After assessing the risk identified the hazard/threats and vulnerability, measuring existing controls and recommended controls are very important to minimize
or eliminate the effect of those hazards. It is also highly recommended what strategy to be used to prevent the hazards and know what must be prioritize.

What further
What are the Who might be harmed What are you already Action by Action by Done
action is
hazards/risk? and how? doing? whom? When? [mm/dd/yyyy
necessary?
Defamatory Tweets Person who tweet Checking the Think before you Action by the When posting. 4/24/2020
defamatory tweets and tweets/message before click. Double check user
the people involve on the posting it. Think about the the By the admin-
post. possible outcome of your delete improper
tweet. tweets

Page 5 of 6
Identity Theft The twitter user, because Limit information to be Make it private. The users When giving info 4/24/2020
through Phishing everyone could imitate save. Use URL of twitter Check URL about you or
someone’s identity, and it because there is fake log in saving on your
can be used to do a crime page. account.
and you will be the
suspect.
Data security If account are hacked, you Secure accounts and set all Change password By the user When creating an 4/24/2020
data is not safe anymore, to Private and it must be Admin- must account and
it can be loss and can also strong. secure managing it.
be used against you. someone’s Once a month.
account to avoid
loss of account.

Page 6 of 6