Identifying Potential Risk, Response, and Recovery - Assignment Example

Identifying Potential Risk, Response and Recovery 0. Strategies used in addressing the risks 1. Eavesdropping Mitigation Measures Eavesdropping involves unauthorised monitoring of communication from other people in telephone systems, internet services or instant messaging. The activities involved do not affect the operation of the network transmission making it hard for the sender and recipient to notice any interception to their communication. Therefore, some measures must be put in place to address the eavesdropping threats (Kolkowska & Gurpreet, 2013). These include the use of encrypted connections such as secure Shell (SSH) as well as the Hypertext Transfer Protocol Secure (HTTPS) that offer security by encrypting the data transmitted through the internet. This makes it hard for the attackers defacing or reading the data. Also, personal firewall must be installed on computers in a network. The antivirus must be updated with the latest malicious code definition or virus signature. When using the internet facilities in public, online transactions must be avoided at all costs. The intrusion prevention system must be installed on organizational networks in order to enhance detection and prevention of further attacks from eavesdroppers. All internet services must be used with the mutual authentication like the public key infrastructure (PKI). This enhances the authentication of the transactions by the server reducing the man-in-the-middle attacks (Michael, 2012). 1.2. Port Redirection Risks Mitigation Measures Port redirection is potentially risky as many people skip over the details while creating the FTP replacement system. The risks can be mitigated through creation and communication of policy against creation of tunnels or remote access within the organization. There should be an emphasis of encryption or tunnelling technologies outside the official remote access programs and the VPN toolsets. The consequences of creating private VPN into the organization must be stated clearly. The default accesses must be tightened to identify any malicious act involving the configuration so as to evade the policies and deceive the organization. The review process must be created so as to approve the SSH access to the key devices o internet. SSH may be run on various ports or tunneled into HTTP, with the precedent being set to prevent the default outboard SSH. High-level inspection tools must be installed to enhance detection of the tunnel traffic. Also, the WAN and firewall router logs must be inspected to establish the long-term and persistent connections (Trompeter & Eloff, 2001). 1.3. Smurf attacks mitigation measures Smurf attacks involve the attacker sending moderate traffic quantity that causes the virtual explosion of traffic at the target intended. The threats can be mitigated through proper configuration of the network equipment. This avails a directed broadcast function. The turn off forwarding should be turned off for all the directed broadcasts and a knob must be used to turn it off. The NORDUnet should be used to set the rate limit on ICMP Echo Reply volume. This softens the effects associated with directed outside to those inside the NORDUnet host (Michael, 2012). 2.0. Potential Control Measures 2.1. Eavesdropping Control Measures Eavesdropping can be potentially controlled through creation of awareness of the security threats to the IT managers. This ensures that any time they log in into the network; they became extremely cautious of the applications they are using. Also, encryption can be a great defense against eavesdropping. The network access controls (NACs) can be used to prevent unauthorized access to the network, physical security is also a control measure against eavesdropping to prevent unscrupulous connection to the corporate network (Kolkowska & Gurpreet, 2013). 2.2. Port Redirection Control Measures The control measures against the port redirection threats involve file sharing within the FileMaker Server that uses ports to communicate with the web clients and FileMaker pro. The router and firewall keep the unwanted traffic from entering into the private LAN. A network administrator must configure the devices in order to allow the network traffic through specific ports. Port forwarding can be used in configuring the network hardware devices in order for them to pass through the entire request from a specific port. However, in case there is accessibility of the VPN, then port forwarding may be unnecessary (Michael, 2012). 2.3. Smurf Attacks Control Measures Prevention of Smurf attacks involves shutting down the broadcast addressing features of the firewall and external router. This may involve disabling the IP directed broadcasts on all interfaces and routers. Also, the software package that detects Smurf attacks must be used. The Vantage System must involve the use of web-based management console with the network administrator monitoring the network in order to identify the attacks. Basically, the individual routers and hosts must be configured to respond to the ICMP requests. The ingress filtering must also be used to reject the attacking packets (Smith, 2010). 3.0. Importance of risk management, control identification and selection processes 3.1. Risk management In the past, the uncertainty in information security contributed greatly to poor performance in those organizations. Companies are currently focusing more on smooth operations making them have a renewed focus on risk management. The risk management helps in identifying the risks long before they affect the business. This creates confidentiality on the future business decisions and allows various options on the appropriate means of dealing with the potential problems. A risk can either be internal or external, and risk management will be important to enable an organization defines its objectives failure to which an organization loses direction when hit by the risks. Basically, risk management involves coming up with the strategies that guard against the risks as well as identify the potential risks to the organization (Kolkowska & Gurpreet, 2013). 3.2. Control Identification Normally, control identification helps in comparing the actual performance to the planned performance and measures the differences between the two. In the process, the causes of the differences are identified to enable the organization takes corrective measures to minimize and eliminate the factors causing the differences. Control identification establishes the performance standards for the objectives set during the planning process. Such standards act as guidelines explicitly stating the expected results, normally expressed numerically for time, quality and quantity (Trompeter & Eloff, 2001). 3.3. Importance of Selection Processes In An Organization The selection process in an organization remains a critical factor as it depicts the ability of the entity in an effective attainment of the goals as well as dynamic development within the set environment. This depends mostly on the effectiveness of the selection processes. Proper selection implies the effectiveness of the process and entities selected. Right selection translates to the valuable asset within the capability of the organization (Michael, 2012). Executive Summary The risk management remains a complex process cumbered with competing interest and requirements that should be balanced effectively and managed efficiently to enhance achievement of major objectives of the organization. The information security within an organization is prone to an array of hazards, malicious access and designed hacking. At the same time, the organization is tasked with management of those risks that can potentially lead to loss of critical information from the organization. Therefore, it is the role of the organization to identify security risks in the current uncertain world where any past experience never serves as a complete guide to the future. The functions providing security have increasingly become interconnected and intricate. The establishment of capability to identify and address the complex tasks acts as the crux of risk management. Therefore, risk management acts as an appropriate approach through which the major decisions affecting the organization are made and involves identification and analysis of the risks through consideration of the benefits and costs of the actions taken. Therefore, the risk mitigation measure involves the leaders considering the risks affecting the organizations as well as making appropriate trade-offs for the resources available and aligning the management approaches. The efforts towards addressing the security and associated risks depend highly on the leadership and may involve connecting information on risks capabilities and activities so as to guide in prevention, protection, recovery and response actions. References Kolkowska, E., & Gurpreet, D. (2013). Organizational Power and Information Security Rule Compliance. Computers & Security 33(2) 3-11. Michael, K. (2012). Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Computers & Security 31(2), 249-50. Smith, R. (2010). Information Risk Management: Valuing, Protecting and Leveraging Business Information. London: Ark. Trompeter, C., & Eloff, J. (2001). A Framework for the Implementation of Socio-ethical Controls in Information Security. Computers & Security 20(5), 384-91. Read More