0 évaluation0% ont trouvé ce document utile (0 vote)
129 vues4 pages
This document contains a risk assessment and recommendations for an organization's IT network. It identifies four main risks: 1) desktop computers connected via a local area network, 2) a connection between production facilities and headquarters via an external internet service provider, 3) remote sales personnel connecting via VPN from their home offices, and 4) a lack of redundancy for critical servers at headquarters. The document recommends mitigation strategies for each risk such as user access controls, security training, firewall updates, intrusion detection systems, two-factor authentication, and purchasing secure VPN connections from sales associates' internet providers. It also stresses implementing server redundancy and regular backups to ensure business continuity if servers fail or data is lost.
This document contains a risk assessment and recommendations for an organization's IT network. It identifies four main risks: 1) desktop computers connected via a local area network, 2) a connection between production facilities and headquarters via an external internet service provider, 3) remote sales personnel connecting via VPN from their home offices, and 4) a lack of redundancy for critical servers at headquarters. The document recommends mitigation strategies for each risk such as user access controls, security training, firewall updates, intrusion detection systems, two-factor authentication, and purchasing secure VPN connections from sales associates' internet providers. It also stresses implementing server redundancy and regular backups to ensure business continuity if servers fail or data is lost.
This document contains a risk assessment and recommendations for an organization's IT network. It identifies four main risks: 1) desktop computers connected via a local area network, 2) a connection between production facilities and headquarters via an external internet service provider, 3) remote sales personnel connecting via VPN from their home offices, and 4) a lack of redundancy for critical servers at headquarters. The document recommends mitigation strategies for each risk such as user access controls, security training, firewall updates, intrusion detection systems, two-factor authentication, and purchasing secure VPN connections from sales associates' internet providers. It also stresses implementing server redundancy and regular backups to ensure business continuity if servers fail or data is lost.
Risks Windows Vista, while relatively current is still a lacking OS when compared to Windows 7. All desktops connect to an industry standard switch via an Ethernet cable. While this can be a risk, it is not a sizable risk. (Minimal Risk) The two large production facilities are connected to the headquarters via an external ISP. Even with the firewalls in place, there is no accountability if the connection they contract is in use by anyone else. I would advise contacting the ISP and verifying if the connection is shared with other users and take further action depending on their answer. (Substantial Risk) The individual sales personnel connect via VPN software, but use their individual internet connection, usually out of their home office. This can be very dangerous as they do not fall under the blanket of protection offered by the bigger offices and their terminals are at greater risk to be tampered or infected by a malicious user. (Critical Risk) The core idea of preventing risk is to safeguard the information stored on the database server. The workers and customers of the company have private information stored there and the loss or leak of the data could be catastrophic to the company. Ergo I suggest the changes to be made to mitigate the risk of an intruder gaining access to the network. There is not a lot of information given about the entirety of the network, so much of this may not be necessary or already in place.
Pg. 1
2013, Sep. 21
Rose, William
Risk 1 Desktops / Local LAN
This risk would best be approached via the mitigation risk technique. Since the network is maintained via Active Directory, the company should implement workgroups/user groups and control what workers have access to; if a program, file, or other application is not part of a workers job, they have no reason to be able to access that file/application/etc. At the same time the workers should go through annual (if not bi-annual) information security training; that is understanding how to protect their workstations, understand security policies and why they are in place. The company should also ensure that their switches, routers, and firewalls are always up to date on the latest patches. Risk 2 External ISP Line This risk is sizable as the company is relying on an outside source to provide network connection between the production facilities and their headquarters; the best way to approach this risk is also with the mitigation technique. I understand the company is small and if they cant front the cost of their own line, they should be absolutely sure that no other users are gaining access to the line that is being provided for them. On top of that they should alter the technical environment by adding intrusion detection systems and ensuring all security features are always up to date. If possible I would suggest investing into a private line that they control to ensure security between the three sites, however outside of the initial investment there would also need to be maintenance costs. As long as the company can ensure the line theyre currently using is secure, Id recommend continue use as it is the less cost intensive. Risk 3 Remote Users / Home Offices This risk is critical as they are the most likely to be targeted for an attack. Just like the previous two risks, Id recommend a mitigation technique to lower this risk. The remote users only use software to connect to the companys VPN, on their own ISP connection, in their home office. To start I would recommend a two-factor authentication to successfully log on to the VPN; so even if the computer is stolen or infected, its still relatively safe. At the same time since these are sales associates, I would recommend using a hard drive lock; just like the previous reason, if the computer is stolen, the ability to glean information would be hampered. If the company can handle the expense they should look into purchasing a secure VPN from each sales associates ISP, this would help ensure that there wouldnt be any outside eyes gleaning information from the sales associate connecting to the company. Using Active Directory, the sales associates terminal should be scanned to make sure all security implements are current and if not, they should be updated before being allowed to connect to the company network. This can help prevent malicious code being introduced to the company network.
Pg. 2
2013, Sep. 21
Rose, William
Risk 4 The Servers
One thing that stood out to me is that there are three servers at Headquarters with very few uses. One thing that strikes me is the possibility of no redundancy. If the Active Directory Server went down, no one would be able to access the network. Each server role should have redundancy to fill in if the primary server is to fail, this will help ensure the company is running efficiently, even during a server problem. This should be kept in mind as the company has sales representatives in all fifty states while the headquarters are in Indiana. So even in a standard eight hour day (9AM 5PM), there is still three hours of work to people on the west coast. If the servers were to go down, those sales reps would not be able to work effectively. On top of redundancy the company should look into some sort of backup. They have a lot of information and while its important to protect it, its also important to make sure its not lost. For a backup, Id recommend a transfer technique. There are many backups services available at an affordable price. To go with the backup I would recommend backing up the information at least once a week to ensure if work is lost, the company does not fall too far behind.
HTML5 and CSS3 Masterclass: In-depth Web Design Training with Geolocation, the HTML5 Canvas, 2D and 3D CSS Transformations, Flexbox, CSS Grid, and More (English Edition)
TikTok Algorithms 2024 $15,000/Month Guide To Escape Your Job And Build an Successful Social Media Marketing Business From Home Using Your Personal Account, Branding, SEO, Influencer