Sample – Risk Assessment of the Network
February 2, 2012A complete audit of the network described in this example would probably consist of a long and detailed process. To proceed with the audit, additional information such as physical location of the network components, users background (technical knowledge, working hours, security clearance, etc.), maintenance procedures, etc. would be required. Since the intent of this document is to focus on practical network security in general and not on audits, only the risks on the organization data asset will be addressed to illustrate the concepts previously described in this document.
Threat Assessment and Exposure Rating to the Threats
We assume that all the possible threats to the organization data assets have been looked at and that only some would be analyzed further since the probability of the other threats to occur was considered extremely low. The threats that will be examined are the followings:
- Fire,
- User error,
- Administrator error,
- Equipment failure,
- Hackers – password capturing or cracking,
- Foreign government – eavesdropping,
- Vandals – virus, and
- Malicious employee – Trojan Horse.
For each threat, the potential resulting impacts (unauthorized disclosure, unauthorized modification, disruption of network functions, and/or deceptive actions on the network) are determined. In this case, the disruption of network functions impact represents the non-availability of the organization data caused, for example, by denial of service or destruction of data; deceptive actions on the organization data are actions for which no or wrong individuals can be accounted for. Then, the threat likelihood of occurrence and impact level (high, medium or low) are assessed for each threat/impact scenarios.
The likelihood of occurrence combines both the probability of a threat to occur and the probability of an impact to occur should the threat materialize. The outcomes of this process are exposure ratings of the organization data asset to each threats obtained from the Sample Table 1 below.
Exposure Ratings of the Organization Data Asset to Threats
| Threat | Likelihood | Level ofimpact | ExposureRating |
| Threat of fire on the organization data resulting in: | |||
| Disruption | Low | High | 4 |
| Threat of user errors on the organization data resulting in: | |||
| Unauthorized Disclosure | Medium | High | 7 |
| Unauthorized Modification | Medium | Medium | 6 |
| Disruption | Low | Medium | 2 |
| Deceptive actions | Low | Medium | 2 |
| Threat of administrator errors on the organization data resulting in: | |||
| Unauthorized Disclosure | Medium | High | 7 |
| Unauthorized Modification | Medium | High | 7 |
| Disruption | Medium | High | 7 |
| Deceptive actions | Low | Medium | 2 |
| Threat of equipment failure on the organization data resulting in: | |||
| Unauthorized Modification | Low | High | 4 |
| Disruption | Medium | Medium | 6 |
| Threat of hackers using password cracking or capturing technique resulting for the organization data in: | |||
| Unauthorized Disclosure | Medium | High | 7 |
| Unauthorized Modification | Medium | High | 7 |
| Disruption | High | High | 9 |
| Deceptive actions | Medium | High | 7 |
| Threat of foreign government using eavesdropping technique for the organization data resulting in: | |||
| Unauthorized Disclosure | Medium | Medium | 6 |
| Threat of vandals using virus for the organization data resulting in: | |||
| Unauthorized Modification | High | High | 9 |
| Disruption | Medium | High | 7 |
| Threat of malicious employee using Trojan Horse for the organization data resulting in: | |||
| Unauthorized Disclosure | Low | Medium | 2 |
| Unauthorized Modification | Medium | High | 7 |
| Disruption | Medium | High | 7 |
| Deceptive Actions | Medium | High | 7 |
Selection of Solutions and Residual Risks
Based on the performed risk analysis, cost effective security services and mechanisms that are appropriate to reduce the risks associated with the organization data are recommended. Table 2 shows the present risks, the services and mechanisms that are recommended for the network and the residual risks remaining after these new safeguards are implemented. It is quite possible that several mechanisms be used to counter a single threat; in that case, multiple mechanisms are listed.
It should be noted that a clearly stated security policy, a well defined set of security procedures, together with adequate user training are essential for achieving and maintaining a secure network environment.
Table 2 ─ Present Risks, Proposed Solutions and Residual Risks
| Threat Scenario | Present Risk | Security Solution | Residual Risk |
| Threat of Fire Resulting in: | |||
| unauthorized disclosure | 0 | Not required | 0 |
| unauthorized modification | 0 | Not required | 0 |
| disruption | 3 | a) Daily backupsb) Off-site storage of one backup per week | 2 |
| Threat of User Errors Resulting in: | |||
| unauthorized disclosure | 5 | a) Secure FAX, join the government secure FAX networkb) Access Control on FAX servicesc) Information is monitored before being FAXed | 2 |
| unauthorized modification | 5 | a) Data entry validation | 2 |
| disruption | 1 | Not required | 1 |
| deceptive actions | 1 | Not required | 1 |
| Threat of Administrator Errors Resulting in: | |||
| unauthorized disclosure | 5 | a) Additional network administration staff; the administration of the network would be shared between three qualified individuals instead of only two.b) New procedures are implemented to constantly verify user access rights on network resources and data. | 2 |
| unauthorized modification | 5 | a) Additional network administration staff. | 2 |
| disruption | 5 | a) Additional network administration staff.b) Daily backups | 2 |
| deceptive actions | 1 | Not required | 1 |
| Threat of Equipment Failure Resulting in: | |||
| unauthorized disclosure | 0 | Not required. | 0 |
| unauthorized modification | 2 | Not required. | 2 |
| disruption | 4 | a) Elimination of single points of failure by implementing a new application that will duplicate and replicate the organization data across the network and installing alternate connections between the servers. This is later referred as the “new application”. | 2 |
| Threat of Hackers (Cracking or Capturing Passwords) Resulting in: | |||
| unauthorized disclosure | 5 | a) Banning of modem connection to client stations.b) Continuous scanning of the organization telephone lines to make sure that modems are not connected.c) Gateway for remote access to network.d) Strong Identity and Access at the gateway level using smart card technology.e) DES encryption of traffic between gateway and remote sites.
All of these are later referred as “secure gateway”. |
2 to 1,depending on the selected products |
| unauthorized modification | 5 | a) Secure gateway | 2 |
| disruption | 5 | a) Secure gateway | 2 |
| deceptive action | 5 | a) Secure gateway | 2 |
| Threat of Foreign Governments (Eavesdropping) Resulting in: | |||
| unauthorized disclosure | 5 | a) Procedures enforcing the installation of the client station monitors in such a way that the displayed data cannot be read through the windows.b) Traffic encryption between gateway and remote sites.c) In-line DES traffic encryption on every network interconnections through the public telephone system. | 3 |
| unauthorized modification | 0 | Not required. | 0 |
| disruption | 0 | Not required. | 0 |
| deceptive actions | 0 | Not required. | 0 |
| Threat of Vandals (Virus) Resulting in: | |||
| unauthorized disclosure | 0 | Not required. | 0 |
| unauthorized modification | 5 | a) Secure gatewayb) Implementation of a virus detection utility that will continuously scan for virus at the client station and server levels.c) Daily backups. | 2 |
| disruption | 5 | a) Secure gateway.b) Virus detection | 2 |
| deceptive actions | 0 | Not required | 0 |
| Threat of Malicious Employees (Trojan Horse) Resulting in: | |||
| unauthorized disclosure | 2 | Not required.(The risk will be reduced to 1 once access control to PCs is implemented). | 2 |
| unauthorized modification | 5 | a) Access control to client stations by the use of a hardware product.b) Access control to the start-up and system files | 2 |
| disruption | 5 | Same as above. | 2 |
| deceptive actions | 5 | Same as above. | 2 |
0 = minimal risk 1 = very low risk 2 = low risk 3 = medium risk 4 = moderately high risk 5 = high risk
The risk values and security solutions identified in Table B-2 apply to the organization data asset and the specific identified threats only. A complete network audit would require to examine every possible threats to every network assets.
Other vulnerabilities that could have an impact on the risk measures might also be required to be considered, depending on the environment, culture of the organization or granularity level of the threat and risk vulnerabilities. These other vulnerabilities include the followings:
A. Low assurance level
Use of non evaluated products, including network operating system, provide low level of trust that the product cannot be circumvented.
B. Poor physical control of network devices
Although networks are generally located in guarded buildings, this does not imply that security is always tight. The servers might be placed in rooms that are locked at night, but not locked at all times because users desire easy accessibility to the network printers connected to the server. Unauthorized server access can cause potentially high damage; however, all server consoles should always be password protected.
C. Access to Network Resources
Although one of the advantages of using a network is that many network resources can be shared among users, not all resources need to be made available to every user. Unauthorized access to network resources usually results from the fact that the access rights are not properly assigned, or the access control mechanism lacks granularity.