Research Paper Risk Assessment

  • Uncategorized

ResearchPaper: Risk Assessment

ResearchPaper: Risk Assessment

Abstract

Thediagram displays how GFI has acquired several network devices in thepast year, therefore, depicting its rapid growth. GFI carried out thenetwork investment whereby its major objective was to produce astable network. The network was therefore designed to be faulttolerant as well as being resilient from any other failures of thenetwork. Despite the company having grown rapidly and having a strongfinancial background, the network security of the company is notstill up to the standard. GFI`s risk assessment came to find outvarious vulnerabilities in the following areas: technical security,operational and management. Vulnerabilities refer to the weaknessesthat can a single or group of threats may exploit. The mitigation ofthese vulnerabilities can be done through applying the recommendedsafeguards in the company. Safeguards refer to controls as well assecurity features that mitigate operational risks in the company tolevels that are manageable. These safeguards should apply or used inthe environment of information technology. This research paperprovides a complete discussion related to various vulnerabilities andsafeguards that are recommended in the risk assessment. Failure tocarry out the implementation of the recommended safeguards in therisk assessment, it may lead to destruction or modification of data,restriction of frequent information to users as well as, disclosingthe sensitive information.

Thisresearch paper explores on the company network of GFI. It alsodescribes the communication and various interconnections present inGFI company networks.The paper also gives deep information on theaccess risk related to the network diagram of GFI Network. It alsoexamines the organization`s comprehensive risk factors.This paperalso assesses the recommends of cryptography that focuses on adecision-making process that is data-driven. This research paperalso establishes particular methodologies for risk assessment itevaluates whether these methodologies are qualitative, quantitativeor hybrid. The paper concludes the research by giving the securemodel of the GFI network diagram.

GFIrefers to a networking that works in developing and offeringsolutions to information technology. Examples of these solutions areobserved in Canada where there is management applications areproduced and integrated. The networking offers technical andprofessional IT services. It also supplies the solutions of internetresource planning. GFI provides management software solutions forprocurement and inventory, accounting and finances, municipal courtand tax collection as well as payroll and human resources. The GFInetworks enhance strategic financial planning by its decision supporttool.

Thenetwork server monitor of GFI Company refers to a monitoring softwaresolution for GFI`s network. The server monitor helps theadministrators to scan the irregularities and failures of the networkautomatically. The server monitor is also used by administrators toidentify various issues and fix some conditions that are unexpectedbefore being reported by the managers. The network server monitor ofGFI Company helps in maximizing network availability by aiding inmonitoring all aspects Linux and Window server devices andworkstations. The GFI`s network monitor alerts the administrator bySMS, email or pager when there is failure detection. The servermonitor also takes corrective actions such as restarting the service,rebooting the machine as well as running a script.

Inthe actual sense, the network server monitor of GFI tests theservice`s status rather than deducing the status of a service fromevents that are generated. This serves as the only way of ensuringserver uptime.The network server monitor of GFI is competitivelypriced, and it is easy to establish and use. The built-in monitoringrules of the GFI`s network server monitor include MS SQL, Exchange Server 2000/2003, CPU usage, ODBC databases, Active Directory &ampNTDS, Disk Space, Disk Drive health, File Existence, Event Log, TCP,Printers, ICPP/Ping, Services, SMTP &amp POP3 Mail servers, UNIXShell Scripts, Processes, SNMP, TCP, and Terminal server. Thefunctions of the custom monitor that are created in ADSI and VBscript as well as WMI can be leveraged. This allows the administratorto monitor anything virtually.

Thenetwork server monitor of GFI Company has a separate managementinterface and network monitoring service. There is no agentinstallation of software that is needed in the machines anadministrator wishes to monitor. The engine of the network monitorcan run 4o checks a particular moment because the engine ismulti-threaded. The network server monitor has various checks for ISAServer, IIS, Exchange 2000/2003 and others. The company administratorcan create a series of checks in the quickest time possible throughthe use of the Quickstart Wizard. These checks help in monitoringall the most important services in the administrator`s network. Theseimportant services include Exchange Server, ISA Server, and others. The performance counters and critical exchange services aremonitored. The server monitor of GFI network can perform a completelogin and check the correct establishment of the session. Thisactivity helps in checking the status of the terminal. This methodseems to be superior because it relies on the events that aregenerated by the terminal server. The service monitor of the GFInetwork can be used in checking the availability of the of thedatabase applications that are leading. Out of the box, the servermonitor can be used in monitoring the server of Microsoft SQL viaADO. Some other databases such as FoxPro, Access, Informix, SyBase,IBM DB2 including other several databases can be subjected tomonitoring via ODBC. The server monitor of GFI network includesextensive checks that are used to monitor Linux Servers. Theadministrator can monitor the printer availability, CPU usage, theprocess running, file existence, file size, folder size, disk space,disk partition check as well as the membership of users and groups. Furthermore, the administrators can create an SSH script, and thisenables them to create any check.

Thenetwork server monitor of GFI Company refers to a monitoring softwaresolution for GFI`s network. The server monitor helps theadministrators to scan the irregularities and failures of the networkautomatically. The server monitor is also used by administrators toidentify various issues and fix some conditions that are unexpectedbefore being reported by the managers. The network server monitor ofGFI Company helps in maximizing network availability by aiding inmonitoring all aspects Linux and Window server devices andworkstations. The GFI`s network monitor alerts the administrator bySMS, email or pager when there is failure detection. The servermonitor also takes corrective actions such as restarting the service,rebooting the machine as well as running a script.

Inthe actual sense, the network server monitor of GFI tests theservice`s status rather than deducing the status of a service fromevents that are generated. This serves as the only way of ensuringserver uptime.The network server monitor of GFI is competitivelypriced, and it is easy to establish and use. The built-in monitoringrules of the GFI`s network server monitor include MS SQL, Exchange Server 2000/2003, CPU usage, ODBC databases, Active Directory &ampNTDS, Disk Space, Disk Drive health, File Existence, Event Log, TCP,Printers, ICPP/Ping, Services, SMTP &amp POP3 Mail servers, UNIXShell Scripts, Processes, SNMP, TCP, and Terminal server. Thefunctions of the custom monitor that are created in ADSI and VBscript as well as WMI can be leveraged. This allows the administratorto monitor anything virtually in the system.

Thenetwork server monitor of GFI Company has a separate managementinterface and network monitoring service. There is no agentinstallation of software that is needed in the machines anadministrator wishes to monitor. The engine of the network monitorcan run 4o checks a particular moment because the engine ismulti-threaded. The network server monitor has various checks for ISAServer, IIS, Exchange 2000/2003 and others. The company administratorcan create a series of checks in the quickest time possible throughthe use of the Quickstart Wizard. These checks help in monitoringall the most important services in the administrator`s network. Theseimportant services include Exchange Server, ISA Server, and others. The performance counters and critical exchange services aremonitored. The server monitor of GFI network can perform a completelogin and check the correct establishment of the session. Thisactivity helps in checking the status of the terminal. This methodseems to be superior because it relies on the events that aregenerated by the terminal server. The service monitor of the GFInetwork can be used in checking the availability of the of thedatabase applications that are leading. Out of the box, the servermonitor can be used in monitoring the server of Microsoft SQL viaADO. Some other databases such as FoxPro, Access, Informix, SyBase,IBM DB2 including other several databases can be subjected tomonitoring via ODBC. The server monitor of GFI network includesextensive checks that are used to monitor Linux Servers. Theadministrator can monitor the printer availability, CPU usage, theprocess running, file existence, file size, folder size, disk space,disk partition check as well as the membership of users and groups. Furthermore, the administrators can create an SSH script, and thisenables them to create any check of the network.

RiskAssessment

Therisk assessment of a single machine calculated based on thediscovered devices during the scan, the category of the devices thatis assigned to the device, as well as whether the policy controls thedevice.Other factors that are considered include whether there isthe installation of the agent, whether the agent is up-to-date, andwhether there is the enforcement of other policy elements. A weightednumber is given to each factor. These numbers are added and dividedby the minimum. This gives a certain percentage that is converted toa value ranging from zero to nine.

Thetable below shows the risk category assigned to each device by therisk assessment.

Category of the risk

Categories of devices

High risk

CD/DVD-ROM

High risk

Storage devices

High risk

Floppy disks

Medium risks

Modems

Medium risks

PDA devices

Medium risks

Network adapters

Low risks

Human interface devices

Low risks

Imaging devices

Low risks

Other devices.

Therisk assessment begins with a scan of one or more computers inidentifying the devices used with the computer. Concerning the scan,GFI Endpoint Security examines the devices and calculates the risk onthe following:

Risk Factor

The Description

The value

Agent installed?

If there is no installation of the agent

5

Agent’s latest version?

If the version of the agent is not the latest

5

Devices of high risk?

If there is the presence of high risk devices that have no policy control (note 1)

10

Devices of medium risk?

If there is the presence of medium risk devices that have no policy control (note 1)

6

Devices of low risk?

If there is the presence of low risk devices that have n o policy control ( note 1)

3

Not encrypted

If the policy does not enforce encryption

7

No checking of file type

If the policy does not enforce the checking of file type

4

No checking of the content

If the policy does not enforce the checking of the content

6

No faxing control/ printing

If the policy does not enforce faxing and printing (note 2)

7

No control of network

The policy does not enforce the control of network access (note 2)

7

Thecontrol of the device is what matters. The permissions that areassigned to the logged in user does not matter. There is no networkand printing control, and they are not evaluated currently. Thismakes the makes the maximum risk level for a single machine to be 8.

Theapparent security vulnerabilities include the hacking of the networksystem, the leakage of the sensitive information about the company toirrelevant parties and the destruction of the company`s data. Thevulnerabilities should be managed by ensuring proper securitymeasures and minimizing the degree of the risk factors of themachines and devices. The cryptography recommendations that shouldbe kept in place include the use of up-to-date devices, devices thathave a low-risk factor as well as enforcing the policy control onprinting and network access. This helps in preventing the access ofthe company`s sensitive information hence facilitating the privacy ofthe company. The devices of the last version have are designed usingthe modern technology. Therefore, the devices are the most effectiveand their chance of breaking down highly reduced.

Themethodology used in the risk assessment is a hybrid of quantitativeand qualitative methodology. This methodology involves collecting thequalitative and quantitative data. It involves the evaluation thenumber of devices in the company that is used in the risk assessmentas well as determining the quality standards of the devices andcomputers. The risk factor is an example of a qualitative trait inresearch.

Theways of presenting the findings involve tables, graphs and charts.First the findings will be presented on the tables where variousstatistical analyzes will be carried out. After carrying out variouscalculations, the data will then be presented on graphs and charts sothat it can be easily interpreted. The pictorial presentation ofdata is eye appealing and makes an individual to understand theinformation of the research easily.

References

Goss,J. (2009). Riskassessment.[London]: BBC Books.

Kay,F. (2010). Successfulnetworking.London: Kogan Page.

Li,W. (2005). Riskassessment of power systems.Piscataway, NJ: IEEE Press.

Ohlson,M. (1978). System Design Considerations for Graphics Input Devices.Computer,11(11),9-18. http://dx.doi.org/10.1109/c-m.1978.217974

Perechuda,K. (2010). Knowledgediffusion methods in a networking company.Wrocław: Publishing House of Wrocław University of Economics

Close Menu