Free Essay

Network Risk Assessment

In:

Submitted By caml
Words 700
Pages 3
If I were hired as a consultant to secure all network devices for a large firm, there are a few things that I would have to do to determine the needs of an organization. I would have to examine a few aspects in regards to the employees, software and hardware. Identifying software and hardware assets that need to be safeguarded, as well as what is required to defend personnel is also necessary. Many establishments prefer that most or all procedures could be mechanized, but there are still certain things that must be done manually.
Ensuring network security should not be taking as an expense that will not help an organization to produce more and be more efficient. As an alternative of thinking about network security as a technical concern, companies must consider it a business continuity concern. Networks have developed to be a rudimentary part of undertaking a business in the present day. This makes security planning as serious and as important to a business as sales and marketing.
As a consultant, I will review all of the processes and devices and try my best to make them automated. There will also be steps taking to have backups in the event of automated failures. The review of customer data, business data and property would also be something to do. I would also have to examine were this data and information are stored and how easily it can be accessed. A Disaster Recovery Plan is another thing that I will have to put together.
With this in place it will make sure that servers and other devices are safeguarded and are in a location where it will not be impacted by a disaster. After looking at the potential risks that were discovered in a risk analysis, I would have to take measures in order for mitigation. A very effective way in doing this would be by Pen-Testing.
This is a very good option to discover weak points in the firm. I would of course have to clear this with the upper management of course and explain the reason why I would conduct these tests. If everything is cop-esthetic, it will be helpful in reducing risks and effective mitigation.
By doing this you will have an opportunity to mitigate and reduce the risks. When the testing is done it is an effective way to see if systems can be brought down within the business and will aid in determining efficient ways to put in place countermeasures and controls.
Other effective ways in testing the security of the business would be application testing and transaction testing. A Gap analysis is also an option to consider. Conducting a Gap analysis will help in finding cracks in the business compliance guidelines. The test identifies changes among what is required and what is in place.
As a consultant, I will have to will measure the resources and what they are actually worth. Examining where the assets are and exactly how they are retrieved is another thing that will have to be done. I would also find out all who have access to these effects. This is a good time to examine disturbance protection, content security, wireless networks as well as firewalls.
The Virtual Private Network or VPN of the business is also a very important thing to examine. Reviewing policies and procedures such as privacy agreements, consumer agreements and other policies which relate to the business is imperative in conducting this process. Tracing inventory will also be necessary in respects to countermeasures. We would also need to monitor the access of employees closely for a good period of time. A way to describe this would be when a worker is transferred to a different area of the business and to make sure that they only have access to information needed in that job area.
When all controls and protocols have been applied, we will have to make sure that they all work accordingly.

References
Check Point (2011). Five Tips for Intelligently Securing Networks. Retrieved from http://www.checkpoint.com/securitycafe/readingroom/general/securing_networks.html Cisco (2013). Network Security Checklist. Retrieved from
http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_my_business/network_security_checklist/index.html

Similar Documents

Premium Essay

Risk Management

... Rivers October 19, 2013 Project 1 Part 1: Risk Mgmt. Plan 1. Introduction Risk Mgmt. Plan Well for starters the purpose of this risk management for DLIS (Defense Logistics Information Service) plan will be similar to the purpose of any organization would be and that would be how to better protect and secure the company’s IT environment. The importance of this is major since there is all kind of important data that is on and transmitted throughout our networks on a daily basis. DLIS we must ensure that we implement all necessary preventative security measures as well as policies and procedures. We must do this by first of all ensuring that we have really good antivirus software installed on all of our systems and ensuring that it is always up to date. The next thing is extensively configuring our firewalls making it more difficult for our networks to be hacked. Another thing is data encryption which is very vital in securing all important data for our company and clients especially when we are performing data transmission over the networks. The last thing I want to mention which will be part of policies and procedure is implementing various password and logon policies and procedures for security purposes as well. As I stated the purpose of the development of this plan is to reduce the risk of threats and vulnerabilities on our networks. This is vital because threats and vulnerabilities definitely present risk(s) to any important company and client data. We...

Words: 2058 - Pages: 9

Premium Essay

Risk Assessment Paper

...Risk Assessment Paper CMGT 579 September 26, 2011 Kyrstal Hall Every organization is faced with some risk or potential threat that could cause an interruption to the organization’s operations. These risks and threats can come from within or outside of the organization. To prepare for the worst that could happen, organizations must focus their attention on how to assess different types of risks to protect the organization from the possible negative effects to the daily operations. Performing a risk assessment is one of the most important steps in the risk management process (eHow, 2011). A Risk Assessment is periodic assessment of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. A risk assessment should include a consideration of the major factors in risk management: the value of the system or application, threats, vulnerabilities, and the effectiveness of current or proposed safeguards. Many organizations perform risk assessments to measure the amount of risks that could affect their organization, and identify ways to minimize these risks before a major disaster occurs. Department of Defense Information Systems Agency (DISA) follows guidelines and policies governed by processes by which the organization assesses and manages exposure to risks. In this paper the subject to identify...

Words: 1263 - Pages: 6

Free Essay

Network Administrator

...Security Risk Analysis of time in expansion of network IT projects can be many times a daunting task to both the contracted IT Company and the clients. With some short deadlines, there is usually a small window of opportunity to present skills and produce positive results. As a network administrator, the pressure to deliver top notch and a robust system is a priority. U.S. industry Inc is just a young company that has both the quality and skills and knowledge to produce excellent work considering previous contracts that have been undertaken by the company. The US government department aims to expand its network infrastructure to enlarge the capacity and enable it provide quality services. The cost estimation of the contract is approximately three $3 million dollars lasting for a period of six months. A network administrator’s roles include: Ø setting up of the network Ø Designing and planning of the network Ø Expanding the network Ø Network maintenance Designing and planning of the network a network administrator is tasked with identify the US government departments requirement that necessitates the kind of system to set up. The US department may require certain special specification of their particular network depending on its purpose and objectives. It marks the first phase of the contract. Setting up a network The second phase is where the physical is setting up, and configuration of the network begins. Hardware installation and files, data...

Words: 1088 - Pages: 5

Premium Essay

Btech Lab System: The Identification Of Threat

...Assessment Phase1: The System Description In this step we will be looking at the whole Btech Lab system as described above analysing the current boundaries of the system, and also looking at the elements that define the system along with the resources that are in the Btech lab. Phase 2: The Identification of Threat This step looks at the current threats that are a risk to the security of the Btech Lab and ways to limit the risk of occurrence. One threat that is identified is the unauthorized users that utilize the Lab, the current security access used is a finger print system (Biometrics system) but students bring their friend and open for them which the increases the risk of theft and damage of equipment. Phase 3: The Vulnerability...

Words: 937 - Pages: 4

Premium Essay

It Communications

...company invested in the network designed it to be fault tolerant and resilient from any other network failures. However, although the company’s financial status has matured and its network has expanded at a rapid pace, its network security has not kept up with company growth (NIST, 2012). GFI’s network is fairly stable as it has not experienced many outages due to network failures. Global Finance Inc. has hired three network engineers to keep up with the network growth and bandwidth demand by the company employees and the clients. However, this company has not hired any security personnel who can take care of the operational security responsibility. The trusted computing base internal network in the Global Finance Inc. hosts the company’s mission critical systems without which the company’s operation and financial situation would suffer. The Oracle database and email systems are among the most intensively used application servers in the company. Global Finance Inc. cannot afford system outages because its cash flow and financial systems heavily depend on the network stability. This company has experienced denial of service attacks (DOS) twice this year and its Oracle database and email servers has been down at one point for over a week. Concern at hand is the recovery process required Global Finance Inc. to use $25,000 to restore its operations back to normal. Global Finance Inc. estimated the loss from these network attacks at more than $100...

Words: 1073 - Pages: 5

Premium Essay

Business at It's Best

...Management Fall 2009 Non-financial risk assessment in mergers, acquisitions and investments Identifying sources of business risk in the ICT industry Bachelors thesis Erik Allenstr¨m, 1984-11-26 o Fredrik Njurell, 1984-01-30 ¨ Tutor: Osten Ohlsson January 14, 2010 Abstract The number of company mergers and acquisition activities has increased dramatically the last two decades. The reasons for conducting these activities are many and the uncertainties of their results are high. To reduce the uncertainties when making an investment, merger or acquisition it is vital to do a thorough assessment of the risks involved with the activity. This thesis focuses on a specific part of this risk assessment, namely the non-financial risks. Mergers and acquisitions are done in almost all industries around the world and the reasons for and benefits of these activities can vary between industries. We have chosen to investigate the risk assessment of non-financial risks in the Information and Communication Technology (ICT) industry. The thesis aims at investigating what business characteristics, for companies in the ICT industry, that give rise to non-financial risks that must be assessed when doing investments, mergers or acquisitions. Further on we present a risk pattern that points out what business characteristics that are the most important when conducting a risk assessment of non-financial risks on companies in the ICT industry. From a literature study we find evidence that ten different...

Words: 24602 - Pages: 99

Premium Essay

Term Papers

...Toussaint Chivars IS3110/Lab2 8/16/2014 Align Risks, Threats & Vulnerabilities to COBIT Lab 2 1. List indentified threats & vulnerabilities Risk Factors from Lab1 a. Unauthorized access from public Internet High risk b. User destroys data in application and deletes files High risk c. Hacker penetrates your IT infrastructure and Medium risk gains access to your internal network d. Intra-office employee romance gone bad High risk e. Fire destroys primary data center Low 2. PO9.2 IT Establishment of Risk Context; PO9.3 Event Identification; PO9.4 Risk Assessment. 3. a. Unauthorized access from public Internet Integrity b. User destroys data in application and deletes files Availability c. Hacker penetrates your IT infrastructure and Confidentiality gains access to your internal network 4. The risks potential, the current protection level and the mitigation steps needed to prepare or reduce the risks/damages. 5. a. Threat vulnerability 1: unauthorized from public internet Information---firewall and encryption. Applications---only from recommended sources (applications with encryption, antivirus protection will be used. Infrastructure—Firewalls People---IT awareness training for all employees, monitoring from IT manager b. Threat or...

Words: 719 - Pages: 3

Free Essay

Week Two Assignment

...Scott J. Straw Risk Management in Information Technology Security Summer 2014 6/29/14 Week 2 Assignment – Risk Assessment In regards to the projected expansion of bandwidth and storage, I feel I should start by addressing some of the present and future potential risks. There are inherent risks to adding new nodes in the network, and some of these can be mitigated by installing and properly configuring new hardware firewalls and proper installation and configuration of Intrusion Detection Systems. In addition to the new hardware, we will also need an additional system administrator, that is not only qualified for the position, but also needs to pass a background check to ensure he/she is not a threat to the federal government’s data and in turn US Industries as a company. A qualitative risk assessment finds the following risks for the network expansion: QUALITATIVE ANALYSIS SURVEY CATEGORY PROBABILITY IMPACT RISK LEVEL Loss of Data Availability 100 100 100 From DoS/DDoS Attack Loss of data from 100 100 100 Unauthorized access Loss of data from Malware 50 100 50 Loss of data from Fire/Natural Disaster 10 100 10 Stolen/corrupt data From lack of access Controls and improper Configuration 10 100 10 Noncompliance with...

Words: 931 - Pages: 4

Free Essay

Mini Case 1 – Belmont State Bank

...we need a secure network. Once major risk we need to ensure is the bank transaction are being transferred securely. Developing a secure network means developing controls that reduce or eliminate threats to the network. Here are some of the preventions we need to review when creating preventive measures to maintain compliance Compliance Methods - All virus definition and DAT file in the organization must be up to date by performing inventory of all employees machine by using a Tool such as SCCM to ensure all machine have the correct version. Push will be performed remotely to ensure all machine have the proper version. Wireless Access- In order to access wireless within the organization all employees will be required to have a SSL certificate to enable access to wireless network. Only authorized authentication will be permitted online Desktop Firewall- To assist in protecting again spywares or a predator using employees machines as a BOT employee must ensure their Desktop firewall are activated or a Group Policy (GPO) can be setup on the administrator side to ensure they are active and restrict any modification from users. All machines will have Desktop firewall enabled to reduce the risk of remote penetration to assist in avoiding Denial-of-Service (DoS) attacks. Router restriction- We need to implement Access Control List (ACL) in the router to control network traffic. The router will look at the internal and external packages process via the Network layer of the OSI...

Words: 525 - Pages: 3

Premium Essay

Iram 2

...struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. The ISF’s Information Risk Analysis Methodology (IRAM) enables organizations to access business information risk and select the right set of security controls to mitigate that risk. IRAM2 Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management by developing best practice methodologies, processes and solutions that meet the business needs of its Members. ISF aims its products at large public and private sector organizations, and produces an annually updated Standard of Good Practice for Information Security. This approach has three phases: a business impact assessment which determines the security requirements of the business, a threat and vulnerability assessment, and control selection. IRAM2 is a simple, practical yet rigorous business essential that helps ISF Members identify, analyze and treat information risk throughout the organization. The standard and its related tools, which must be purchased from ISF, make for a thorough risk management package. The price of the materials includes user guides and attendance at some ISF events....

Words: 2215 - Pages: 9

Premium Essay

Business Impact Analysis and Risk Assessment for Information Resources

... Business Impact Analysis and Risk Assessment for Information Resources General Information & Process Description Introduction The IT Security and Policies area within Information Technology Services is responsible for establishing policies to ensure that Iowa State University has a secure information technology environment. This document defines a process for departments to perform a business impact analysis and risk assessment for their information resources. Once an assessment has been done, the resulting documents should be maintained and regularly reviewed by the department. By using the business impact analysis and risk assessment tool defined in this document, departments have the capability to identify and respond to risks for their systems and information resources. Departments are encouraged to contact the Information Technology Security and Policies area at 4-2588 if they have specific questions or if they would like to arrange a meeting to discuss the process on an individual basis. Business Impact Analysis and Risk Assessment Guaranteed absolute security in today’s information technology environments is not realistic. However, it is important to have a process of identifying resources and associated risks, determining their magnitude, and identifying what safeguards are needed. That process is what we are referring to as business impact analysis and risk assessment. It is the department’s responsibility...

Words: 3038 - Pages: 13

Premium Essay

Risk Consultant

...ISSC 363 Risk Consultant 24 January 2016 Risk Consultant A risk assessment is a way to identify, evaluate, quantify, and prioritize risks (Gibson, 2011). They are primarily used to assess the overall security of a network from the eyes of an attacker in order to protect the network from intruders (Schmittling, n.d.). There are no regulations instructing organizations on how systems need to be controlled or secured, however there are regulations requiring systems be secure in one way or another (Schmittling, n.d.). The rationale for conducting an assessment include: cost justification, productivity, breaking barriers, self analysis, and communication (Schmittling, n.d.). Adding security adds an extra expense that may not seem justifiable to a company. Businesses may not understand that an intrusion could cost more than proper security equipment and it is important for a security risk analysist to relay this important information. Productivity can be increased by properly formalizing a formalizing a review and implementing self analysis features (Schmittling, n.d.). Conducting a risk assessment can also break down barriers between the organization's management and the IT staff as they work together to secure the network. By making the security risk assessment system easy to use, management will be able to take part in the security of the network which will in turn make security a part of the business's culture. Risk assessments can boost communication...

Words: 792 - Pages: 4

Premium Essay

Lab 2 Ist

...Lab 2 - Align Risks, Threats, and Vulnerabilities to COBIT PO9 Risk Mgmt. Controls Part 1 4. Discuss the primary goal of the COBIT v4.1 framework. Provide a basic description of cobit. * The purpose of Control Objectives for Information and related Technology (COBIT) is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems. 5. Explain the major objective of the Control area (COBIT 4.1 Controls Collaboration link on the left side of the COBIT website) * “The COBIT Controls area within ISACA's Knowledge Center promotes collaboration and sharing of information, solutions and experience among COBIT users.” 6. From the COBIT Domains and Control Objectives section, list each of the types of control objectives and briefly describe them based on the descriptions on the website. * Plan and Organize – “This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realization of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organization as well as technological...

Words: 4162 - Pages: 17

Premium Essay

Rik Management Audit

...Risk-Based IT Audit Risk-Based Audit Methodology Apply to Organization’s IT Risk Management Kun Tao (Quincy) Cal Poly Pomona Author Note This paper was prepared for GBA 577 Advanced IS Auditing, taught by Professor Manson. March 2014 Page 1 of 26 Risk-Based IT Audit Table of Contents Abstract .......................................................................................................................................... 3 Introduction .................................................................................................................................... 4 Methodology................................................................................................................................... 6 Risk-based auditing methodology: Risk assessment...................................................................... 6 IT Risk Management................................................................................................................... 7 IT Risk Control Framework........................................................................................................ 8 Identifying assets...................................................................................................................... 13 Determining criticality and confidentiality levels......................................................................14 Threat and vulnerability identification................................................................

Words: 6057 - Pages: 25

Premium Essay

Security Risk Assessment

...Executive summary The main purpose of a threat and risk assessment is to provide recommendations that maximize the protection of integrity, confidentiality and availability while still providing usability and functionality. Insider threat has become a serious information security issues within organizations. Best way to determine the answers to these questions a company or organization can perform a threat and risk assessment. This can be accomplished using either internal or external resources. It is quite important that the risk assessment should be a collaborative process. It is proven that involvement of the various organizational levels the assessment can lead to a ineffective and costly security measure. Introduction...

Words: 793 - Pages: 4