Introduction

The methodology used in this example to assess the risks consists of the two following phases:

Step 1 – Define the network and identify assets

In this step, the network security boundary and scope are defined and an inventory of assets is performed. We assume that information residing and travelling over the network already exist. The network configuration including the network devices, services, and other resources is presented. The objective of this step is to identify the assets that need protection on the network.

Step 2 – Assess Risks for every assets, select safeguards and estimate the residual risks.

This step normally assesses each identified network assets for potential threats and measures an exposure rating of the assets to the threats based on likelihood of threat occurrence and resulting impacts. Vulnerabilities and effectiveness of the present safeguard found in the network are also assessed to measure a risk factor associated with each asset/threat/impact scenarios. Where risks are deemed too high, appropriate solutions are proposed to reduce the risk to an acceptable level. In this example, only one asset will be looked at.

Define the Network and Identify Assets

The Network Capabilities

In the discussion that follows, the network services provided for users are described. Though not explicitly stated, it should be noted that the Identity and Access of a user is a prerequisite before any of the services can be rendered to the user.

Network File Services

This service provides network users the capability to store their own Disk Operating System (DOS) files on the network server disk. The files can be stored in the users’ private file area or a shared network file area. Logical access control is set up to protect the information stored on the server disks.

Network Print Services

This service allows users to print documents on a network printer physically connected to a network server or a dedicated network printer connected to a user’s PC. The print job outputs can be directed to any printers of the network. Some printers are located in open areas.

Network Application Software

This service provides users the capability to access applications software stored on a network server to free up disk spaces on users’ PCs.

Network Connections to Various Servers

Windows, Unix, Redhat, MVS and MAC. Access to network resources are controlled by OS security features using rights, ACLs and attributes.

Electronic Mail

One of the most frequently used network services is the capability of exchanging electronic mail. This is done using Novell software and an off-the-shelf commercial e-mail software package.

Network Access through Dialup, Wireless or VPN Access

This service allows users to access the network from a standalone PC that is equipped with a modem, WAC and Client VPN necessary software. The service is convenient for users who may be away from their offices but need to access the network from a PC not physically linked to the network.

Electronic Calendaring

Electronic calendaring provides an integrated scheduling tool for a workgroup. Users can mark events on the calendar and coordinate meeting schedules with fellow workers. Proper access control is essential so that only legitimate users in the workgroup can modify the events and schedules, while others may look at the events and schedules but cannot modify them.

Network FAX Capability

This service allows network users to send a copy of a document stored either on the user’s PC or on the server disk to any standard FAX machine. If the document contains sensitive information it should not be faxed.

Network Assets

The network assets that will eventually require protection include the followings:

Computers – servers, PCs;

Switches – routers;

Computer parts (RAM chips, video cards, hard disks, network interface cards);

Wireless technologies, Modems, Printers;

Cables and fibres;

Client workstations stations (Citrix, VDI, etc…);

Applications software files;

Backup tape drives;

Backup tapes;

SANs, USB / Removable Media, CDROM / WORM drives;

UPS devices;

Organization data including database files, spreadsheet files, word processing files, e-mail messages files and electronic calendaring files.

Network data – users profile files;

Network data – audit trails;

Network data – network configuration and settings files on servers;

Network data – network and PC start-up files on client stations (PCs);

User data – Personnel processed data residing on servers shared directories;

User data – Personnel processed data residing on servers non-shared directories; and

User data – Personnel processed data residing on PCs.

https://www.bestitdocuments.com/