StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Risk Assessment for Incident Management Group - Case Study Example

Cite this document
Summary
The paper "Risk Assessment for Incident Management Group " resumes GFI’s computer network has to address many challenges to secure the information residing on the network assets. Certified staff is required, as they will contribute to safeguarding and identifying potential threats.
 
 …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.2% of users find it useful
Risk Assessment for Incident Management Group
Read Text Preview

Extract of sample "Risk Assessment for Incident Management Group"

? Full Paper Risk Assessment Computer network risk Assessment framework takes a holistic approach for accessing risks, threats and vulnerabilities of the organization’s information technology architecture. Likewise, this essential function incorporates a risk management framework led by a steering committee. This committee ensures that the risk management framework is current, operational and up to date. If an organization agrees on establishing a risk management framework, the first step is to establish an asset inventory, where all the critical and non-critical assets are identified. The second step is to take the asset owners on board and define an asset classification scheme. This asset classification scheme defines the severity of all assets along with a value. This value will identify information assets connected on the computer network. Three of the important aspects that make the risk management framework recognizable are vulnerabilities, threats and exploits. Vulnerabilities are defined as weaknesses in a system, network, workstation, or server. This weakness can be exploited by a virus, Trojan, work, malware etc. Likewise, vulnerabilities are not inherent, as they can be created by poorly managing patch management procedures, operating system critical updates procedures, virus definition updates procedures, no adequate rules on firewall etc. These vulnerabilities can be exploited by threats such as a weak hole in an operating system can be exploited by a worm or virus attack. Threats are the known viruses, Trojans, root kits, malware, adware, spyware etc. Following are the result of Risk Assessment performed that will be used by Incident management group of GFI’s Network for activation of business continuity plan. Business continuity plan is develop to mitigate threats that have low probability of occurrence but high impact for GFI’s Network. Name of Threats Probability H / L Impact Action Required Power Failure / Fluctuation H H Reduce (Avoid or Transfer) IT Asset Damage H H Virus Attack H H Failure of Application System H L Develop Control Failure System Software H L Fraud H L Telecommunication Failure H L Internal IT attacks H L External IT Attacks H L Unauthorized access H L Head office Sabotage L H Business Continuity Plan Terrorism L H Explosion L H Fire L H War L H Bomb Threats L H Civil Disorder L H Flooding L H Nuclear Fallout L H Tornado, Hurricane, typhoon L H Tidal Waves L H Data loss L H Heating, Ventilation or Air Conditioning Failure L L Accept High Winds L L Robbery L L As we all know the best way to prepare for a disaster is to avoid the disaster. Therefore, following control has been already operational to mitigate major risk that lead to disaster due to IT breaches. There may be risk of failure of power supply in critical server that is mitigated by deploying redundant power supply that may automatically operate once problem arrived hence mitigate down time. Failure due to surge and electricity fluctuations are common computer hazards, in order to avoid these risks, IT department has taken necessary action to overcome the situational hazards to made all of the available web server hard drives in form of array called Redundant Arrays of inexpensive disk (RAID level 5) that mitigate downtime for business critical web server due to hard disk failure. Considering risk of failure of hardware component mention above redundant backup server for critical application server and authentication server is also deployed in organization for contingency purpose. The primary reasons to apply line-interactive UPSs are to protect the critical load from significant variations in the voltage supplied by the local electric company. To ensure the business running without interruption adequate UPS are installed in the organization. In case of power failure, power will be shifted automatically on UPS and servers, peripheral devices and other users PCs may continue to run in absence of electricity. Moreover, for addressing threats such as cross site scripting attacks, SQL injection attacks, considered to be one of the most dangerous attacks impacting high degree of business loss (Ansari & Sykes, 2012), and codes needs to be validated and hardened. For instance, if programming codes on the web server are left invalidated, the attacker can exploit the database by entering via the website of the organization. The database containing personal customer information will be a breach of privacy policy and some of the data privacy regulations as well. However, privacy policy differs from region to region. (Cross site scripting (or XSS, cross-site malicious content).2007) Similarly, cross site scripting establishes a fake path between the user and the web server, and steals all the confidential information during the established session. Risk Assessment and Threat Assessment Locking down systems is not a workable solution at all, as business critical services, operations and tasks will be halted, resulting in a massive loss for the organization. The information services executed on the workstations are dependent on the systems, as well as, other information services that are interlinked with each other. For instance, in a reputable bank, a proxy server providing Internet services is locked down. The impact of this service will be on other services, such as email service, customer services that may include marketing emails, customer E-statement email, customer notification email etc. however, the second option is feasible, as locking down systems is not a solution. For securing computer networks, there must be a risk management framework for identification of risks, prioritizing of risks, mitigation of risks, transfer of risks, avoidance of risks and acceptance of risks. One of the definitions for risk management says (WALL, 2009) “It is the evaluation of alternate courses of action to seek risk reduction”. Likewise, the most important output by conducting a risk assessment is the priority of restoration of services. Apart from risk assessment, an information technology strategy is required to address threats. The IT strategy is defined as “typically a long-term action plan for achieving a goal, set in the context of a rapidly changing technology environment” (IT strategy definition and review • IT strategy definition and review • oakleigh consulting). To eliminate information security threats on systems and networks, a collaborative strategy is recommended. It includes partnership linking the law enforcement agencies and the private sector by knowledge-sharing and synchronization on investigation methods and trends to eliminate cyber threats. As these threats are also called an organized crime, structured approach is required for combat. The implementation of an emergency response team is mandatory to conduct operations related to cyber activities. The teams can be established from the legacy ICT enabled organizations. The response will also be responsible to communicate with the government and business on cyber security related activities in a safe environment. The implementation of a centralized security center is required to control and maintain the threats to the systems and networks. The security center needs to be equipped with enhanced security technologies, process and methodologies to eliminate utmost advanced persistent threats. Risk identified by risk assessment will be mitigated by implementing preventive, detective, corrective or deterrent controls. Similarly, we can assume that a holistic risk assessment program and an information technology strategy addressing security threats will be one of the solutions for eliminating the two different teams. If both the approaches will be applied to the scenario, business functions may halt. For instance, if a system providing critical business service is locked down, and the same system is marked critical in the risk assessment process, it will not be possible for to incorporate both approaches in the current scenario. GFI’s Network The organization’s network consists of off-site office connectivity that demonstrates a Virtual Private (VPN) Gateway with the Internet cloud. The connectivity of remote users is established separate on a Public Switched Telephone Networks (PSTN). Likewise, the VPN gateway that connects the off-site office is terminating on border gateway core routers of the organization that are located in the Demilitarized Zone (DMZ). For preventing single point of failure, there are two border gateway routers backing up each other. Similarly, border routers are connecting to the distribution routers. There are two distribution routers for preventing single point of failure. Likewise, firewall is installed on one of the distribution routers. There is no protection on the border gateway routers that are directly connected to the Internet. Moreover, the Remote Access Server is located after the firewall. All the remote requests coming from the PSTN network are coming through the border gateway router, distributed router, firewall and then the RAS. Likewise, RAS is terminating on the Private Automatic Branch Exchange (PABX). The PABX is connected to the PSTN network. GFI network consist of six functions i.e. accounting department, loan department, customer services department, management department, credit department and finance department. Each department is connected to a separate switch that is directly connected to routers. Finance department is connected on a separate Virtual Local Area Network (VLAN). The last layer of network comprises of all applications that are called trusted computing base internal network. These trusted network servers are connected to a single router. Proposed GFI Network Proposed Network Changes We have incorporated an intranet server in the demilitarized zone. We have incorporated two firewalls on the edge of internet facing routers i.e. border routers We have again incorporated two firewalls on the connectivity of distributed routers that is not a demilitarized zone We have replaced all the remaining switches with the access layer VLAN switches A common IT infrastructure incorporates logical controls for protecting information assets within the network. The Microsoft active directory is not primarily a security control, as it does not mitigate any risks associated with viruses, worms, Trojans, phishing, spam, denial of service attacks etc. however, it provides a secure administration of user profiles and File sharing features. File sharing threats are spreading on a rapid pace, as every now and then, new file sharing technologies are getting being developed and in demand. Controls will not only provide value from all network based services, but will also augment productivity for the organization in terms of revenue, customer loyalty and competitive advantage. Workgroup based environment is not centralized. For instance, users can only login, if they have account created on that specific computer. As far as security is concerned, there are no passwords, resulting in anyone to log on the network. Moreover, workgroup only recognize twenty to twenty five computers that are on the same subnet. For instance, we have application servers that are on the different subnet, users will not be able to access applications, as they are configured on a different subnet. On the other hand, Domain based environment provides centralized administration and access for users. All staff has to enter user credentials, in order to identify themselves on the network before doing any work. Moreover, computers with different subnet are supported and thousands of computers can be connected on the domain based environment. For instance, if a computer stops responding, employees or users can log on from some other computer and no work is halted. Therefore, Domain based network environments are more effective and are compatible to the current network scenario. Moreover, if security auditing features are enabled, user activity and system logs are saved and monitored. Likewise, the lightweight directory access protocol ensures encryption all the way from the domain controller to the workstations via Kerberos. However, network or system security specialist will not be able to monitor, analyze or examine threats from a domain environment. Active directory prevents unauthorized access because users have to provide login credentials for accessing personal file settings, data and customized permitted objects in the operating system. Logical vulnerabilities include no additional security controls on firewall, critical servers, and network devices. If any suspicious packet bypasses the firewall, there are no mechanisms to track and monitor the probe of a hacker trying to breach into the core systems. Moreover, GFI network do not have a single security control, instead of a firewall and demilitarized zone. This concludes that only Network address translation (NAT) is the only logical security control, whose main purpose is to hide private IP addresses of the local area network and relay the traffic via a global IP address. Suppose, if a threat bypasses a firewall that is located before the RAS server, there is a high probability and risk that the data residing in the trusted computing base will also be compromised. Moreover, if any employee or personnel plugs in the suspicious USB drive in one of the system, there is no mechanism or tools to monitor internal network threats, as it has been proved that internal threats are relatively more probable than external threats. Furthermore, there are no tools for demonstrating events and alerts associated with violation logs. In addition, there are no logical controls linked with the database, as SQL injection techniques have proven to exploit data from the database. Furthermore, for logical vulnerability Virtual local area compatible switch is only interconnecting the finance department. VLAN’s separates traffic for each department an also prevent denial of service attacks and unwanted traffic broadcast that may result in network congestion and degradation of network services. 3.2 Proposed Intrusion detection system Security in terms of computer networks has marked its significance. Senior management address security issues to an optimal level and enforces strict security procedures in order to protect strategic and financial assets. Likewise, new and improved sensing technologies are now mandatory for GFI’s computer network for maintaining the security of network. Consequently, an intrusion detection system is required for continuously monitor threats and vulnerabilities within the EEC network. IDS/IPS derived from the traditional security appliances and is defined as “Intrusion detection system (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse” (Intrusion Detection System, 2007). The signature based IDS analyze and identify specific patterns of attacks that are recognized by raw data that is in terms of byte sequences called strings, port number, protocol types etc. Likewise, apart from the normal operational pattern, signature based IDS detects any activity that is unusual from previously defined patterns. Moreover, the patterns are monitored with strict control algorithms. The signatures are stored in a signature repository. The prime object of a ‘signature based IDS’ is to search signatures in order to detect a threat or vulnerability that is similar to antivirus software that also detects viruses. The functionality of IDS is to detect attacks that are initiated directly towards the network. Moreover, IDS tries to identify as many events as possible and therefore generate logs. The location if IDS is behind the firewall so that it may analyze packets that are passed via a firewall. The detection engine of IDS compares predetermined rules in order to deny or accept packets. The rules are categorized in two domains i.e. Chain headers and Chain options. The structure of a signature contains the following attributes: Identification number, Message and Rule. However, if a threat is trying to gain access to the confidential data of the organization, signature based IDS will detect this particular threat and generate alerts for corrective actions. Anomaly based intrusion detection system is based on data driven methodology that complies with data mining techniques. The functionality of an anomaly based IDS involves in the creation of profiles associated with normal behavior and activities within the network. If any unknown activities initializes that is not similar to the normal profiles, is considered as anomalies or attacks. Moreover, the normal routines of normal profiles are also monitored, if they also exceeds from their given boundaries, they are also considered as anomalies also called as false positives. An efficient anomaly based IDS may extract results containing high detection success rate along with low false positive rate. Moreover, these systems are categorized in to various sub categories including data mining, statistical methodologies, artificial neural networks, immune systems and genetic algorithms. Among all of these, statistical methods are more commonly used for detecting intrusions by finding out any anomaly that has initiated within the network. By combining these two types of IDS, network administrators eliminate or fill vulnerabilities within the network. Anomaly based intrusion detection system will be recommended for EEC computer network, as the signature based IDS only works on the given signatures and will not sense any unusual activity if it is not defined in the signature. Anomaly based IDS will detect every threat that is referred as anomaly within the network. 4 Proposed Network Security Tools GFI’s computer network has to address many challenges in order to secure the information residing on the network assets i.e. workstations and servers. For mitigating these issues, certified and skilled staff employment is required, as they will contribute significantly for safeguarding and identifying potential threats and vulnerabilities that may lead to a backdoor for cyber criminals. Moreover, there are specialized and certified tools available that will be utilized by the certified staff in a crises situation. Furthermore, in case of a security breach, network administrator employed in GFI will not be able to trace the attack, as the attack spreads in the distributed network and trusted zones. The existing scenario for GFI’s computer network does not have adequate security controls for addressing advance persistent threats (APT), as they construct complex patterns or anomalies. The merger of different networks may broadcast infinite unwanted traffic that can degrade network performance and all three sites may be affected. For resolving this issue, a certified vulnerability assessment tools is required that will be compatible on more than one network interfaces/ distributed networks. References Ansari, S., & Sykes, E. R. (2012). SQL injection in oracle: An exploration of vulnerabilities. International Journal on Computer Science & Engineering, 4(4), 522-531. Intrusion Detection System. 2007. Network Dictionary, , pp. 515-515. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Technical Paper: Risk Assessment Term Paper Example | Topics and Well Written Essays - 3000 words”, n.d.)
Technical Paper: Risk Assessment Term Paper Example | Topics and Well Written Essays - 3000 words. Retrieved from https://studentshare.org/information-technology/1487560-technical-paper-risk-assessment
(Technical Paper: Risk Assessment Term Paper Example | Topics and Well Written Essays - 3000 Words)
Technical Paper: Risk Assessment Term Paper Example | Topics and Well Written Essays - 3000 Words. https://studentshare.org/information-technology/1487560-technical-paper-risk-assessment.
“Technical Paper: Risk Assessment Term Paper Example | Topics and Well Written Essays - 3000 Words”, n.d. https://studentshare.org/information-technology/1487560-technical-paper-risk-assessment.
  • Cited: 0 times

CHECK THESE SAMPLES OF Risk Assessment for Incident Management Group

Posttraumatic Stress Disorders in Ambulance Paramedics

The limitations found include a varying degree of trauma, small sample size and lack of uniformity, low response rate, sampling bias, non-prospective studies, no control group, and timing variance.... The writer states that stress is caused by an incident involving threatened demise or serious injury.... hellip; Critical incident stress debriefing is an intervention that is purposed to promote the effective processing of distressing events through normalization of reactions and preparation for anticipated future experiences....
6 Pages (1500 words) Literature review

Risk Management Plan in Hospital

hellip; It is also important to identify the risks associated with healthcare, and the hospital management system must implement processes to minimise adverse events and their impacts related to buildings, grounds, occupants, and internal physical safety systems.... ommunication and consultation necessary toEstablish the contextIdentify risksAnalyse risksEvaluate risksTreat risksStakeholder IdentificationChairperson Quality management System CommitteeApproves integrated risk management planCarries out risk management activities through communication with all medical committeesClinic, Departmental Heads, and DirectorsRisk management within DepartmentsEnsures staff risk management education, processes, and policiesEnsures staff support and compliance with risk management planMedical and Hospital Staff MembersResponsible for acquiring and maintenance of knowledge and practice skills for safe care of patientsResponsible for delivery of patient, carer, and family education regarding safety in careResponsible for errors leading to risk and perceived risks once identifiedPatients and....
27 Pages (6750 words) Essay

Efficiency of an Incident Command System

Coordination and communication between government and public agencies, as well as, private organizations and the surrounding communities and other NGOs is also essential for incident and risk management.... Having relevant and important information about the incident, the public, government and private organizations, as well as, the experts or support team can now make countermeasures to respond accordingly to the situation of the incident (Amendola, et....
10 Pages (2500 words) Essay

The Implementation of an Effective Fire and Rescue Service Management

This report "The Implementation of an Effective Fire and Rescue Service management" discusses the assessment of the risk and the gaps that are undertaken beforehand and also after the execution of a process or operation.... While in most cases, catastrophes due to human error are not managed well due to the absence of disaster management being implemented.... Disaster management due to volcanic eruptions can be better managed if proper and stringent guidelines are laid down and implemented effectively....
9 Pages (2250 words) Report

Fire and Rescue Service Management at the Buncefield

… The paper "Fire and Rescue Service management at the Buncefield' is a great example of a case study on management.... The paper "Fire and Rescue Service management at the Buncefield' is a great example of a case study on management.... Generally, the installed gauge monitor helps in detecting the overflow of fuels and sounds an alarm of such an incident occurs.... A large fire engulfed more than twenty storage tanks in Hertfordshire Oil Storage Terminal, making the incident one of the most disastrous fire incidents in the UK....
9 Pages (2250 words) Case Study

An Effective Incident Command Systems for a Large Scale Incidents

hellip; To ensure a sudden response to such difficult situations proper incident system must be in a place where the plan of action is well defined, the people responsible and the equipment to rescue are in place and in good condition for effective management of crisis and to give direction on how to respond to emergencies.... This case study "An Effective incident Command Systems for a Large Scale Incidents" discusses incidents in form of fine explosions terrorists attack earthquakes or even disease outbreaks just to name a few of our interests and concern is the explosion of fines that destroyed the bounce field oil storage....
9 Pages (2250 words) Case Study

The Development of an Incident Command System

nbsp;Incident Command System is a uniform on-scene incident management concept formulated specifically to enable responders of an incident like the explosions at Buncefield oil storage and transfer depot to adopt an incorporated organizational structure equal.... nbsp;Incident Command System is a uniform on-scene incident management concept formulated specifically to enable responders of an incident like the explosions at Buncefield oil storage and transfer depot to adopt an incorporated organizational structure equal to the intensity and demands of every incident....
9 Pages (2250 words) Case Study

Risk Assessment for the Accommodation for the Students

This report "risk assessment for the Accommodation for the Students" presents the safe routes that provide easy escape routes within the minimum reaction time and therefore lowering in the rate of fire incidents in the accommodation center for the students.... risk assessment is the process of careful examination of hazards as are linked with the eruption of the fire at the workplaces, residences, and other areas of human activities.... These hazards have the potential to cause harm to the persons, properties, and infrastructures, and the risk assessment mechanism provides a guideline for reducing the damages to the minimum levels with the efficient utilization of the available resources both human and physical at the fireplaces....
10 Pages (2500 words) Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us