Organizations Network System Risk Assessment, Research Paper Example

Introduction

The school of health sciences in the University of Chicago has been installed with devices together with components for connecting to the network. They include computers, PC and servers, network interface cards, printers, gateways, hubs, wireless access points, switches, bridges and modems.

Administrative staff network is the backbone of the network is a 4Mbps token ring topology. It uses fifteen NIC cards. Administrative staff network will be located in the main campus will house a network hub comprising of the most servers. The servers housed in the hub will include a mail server, Microsoft active directory server, web application server, DHCP server, storage server as well as database systems server. These servers will be protected from external attacks using a firewall (Hardjono & Dondeti, 2005).

The academic staff network with local area network based on a 4 Mbps token link backbone serving about thirty individuals. Since publishing of different course documents is done here, a network printer is necessary. Other components of the organization’s network system include a laptop 30 desktops a Server, modem, Network Interface Cards, a Router and a Gateway.

The student network in the 5 multiple campuses has thirty personal computers in each campus. The network system for each campus includes a laptop serving a single-mail server, 30 desktops, Network Interface Cards, a Router, a Gateway, a print and storage server Asynchronous NIC and half-duplex Ethernet cards (McFedries, 2008).

Key assets in organization’s network system

Assets in organization’s network system incorporates the operating systems of hosts, applications, as well as data, devices of networking including switches along with routers and the network data. Equally important is the reputation of the organization, intellectual property rights the software license, mousses, keyboards, head sets and network cables (Hardjono & Dondeti, 2005).

Network assets in the organization falls under the following categories

Information assets

This category is the most important and avails important information the organization. Important components of this class of assets include the databases, data files, the operational together with support procedures, archived information, the continuity plans and the fallback arrangements

Software assets are of 2 classes:

• Application software that is used in the implementation of the organization business rules
• System software that is used organization investment in form of packaged programs of software

Physical assets

These are the visible along with the tangible equipments in the organization network system

Computer equipment such as computers, either servers or desktops, communication assets including modems, routers, printers and fax machines, Technical equipment such as Power supplies and the air conditioners and Furniture as well as fixtures (McFedries, 2008).

Services

Organization may outsource computing services as one important face of services. Others include wide area network, voice communication, value added services data communication, services of environmental conditioning including power, lighting, heating and also air conditioning.

Risks within the organization’s network system environment

Common attacks by computer viruses such as malware and spyware are unavoidable in the network environment. Malware involves threats of worms, Trojan horses as well as viruses. The threat of spyware facilitates scanning of computers and sending the data to other locations and computers in the cyberspace. The transmitted information includes personal information, files, documents, passwords, account numbers and login details. These infections also result to data loss, operational impairment and corruption (Elahi & Elahi, 2006).

Hacking is another potential threat posed to the network environment which involves unauthorized, access, use and performing identification of a computer. Hacking is also a common occurrence in a network system and it compromises the privacy of an individual user, leading to the release of confidential, sensitive as well as protected information. Another important risk involves instability and slowing down of the computer that if unchecked will considerably affect the performance.

Natural disasters are also inevitable in an organization’s network system environment. Lighting may strike the system causing breakdown. Soda may spill in the keyboard leading to loss. The system may also experience electricity failure that could potentially damage some devices. The possibility for earthquake, fire and also flood cannot be underestimated and this is consequential to damages in the entire system. Mistakes could also occur in the system administration leading to massive loss of important data (Elahi & Elahi, 2006).

It is imperative to acknowledge the high likelihood occurrence of any of these  risks. The intensity and severity of these risks within the organization’s network system environment have necessitated for adoption ad implementation of strategic disaster recovery by the IT professionals in the organization. Proper execution of the appropriate procedures in disaster recovery is an important issue reflected in saving money, lives of people and improving the quality of life in the organization.

Tools and methodology for computer network risk assessment

IRAM- “Information Risk Analysis Methodology”

IRAM facilitates for the analysis of information risk in the organization and also provide for the selection of the most appropriate controls of mitigation of the risk. This tool evaluates the impact of the risk to the business leading to the determination of security requirements for protection of information in sensitive applications of the organization network system. The possibility of specific threats in exploiting vulnerabilities and evaluation of appropriate controls are also facilitated by this tool (Blacharski, 1998).

ROSI- “Return on Security Investment”

ROSI is important in the provision of checklist and performing calculations relevant in financial security.

FIRM- “Fundamental Information Risk Management”

FIRM is the basis of the strategic approach in the measurement as well as monitoring of the information security effectiveness in the organization. FIRM identify risk points and highlights the facts relevant in maximizing information security (Blacharski, 1998).

Security Health check

The actual status of risk control that is executed in the organization is determined with the use of “Security Health check” which is a competent measure of performance and acceptability of third party control in security.

Benchmarking Tool for Information Security

This is an important tool in the assessment of the organization security arrangement and the performance of the organization network system can be compared to other similar one using this tool.

Security Function Diagnostic

Used for bridging security and creation of function profiles in the organizations information security. This tool gives focus to delivery of service in the organization, communication in addition to performance measurement (Hardjono & Dondeti, 2005).

TPSAT- “Third Party Security Assessment Tool”

TPSAT is a vital tool in facilitating for the assessment of information security in the relationships of third party. The strength that security arrangement has been implemented by the third part is evaluated using TPSAT

References

Blacharski, D. (1998). Network security in a mixed environment. Foster City, CA: IDG Books Worldwide.

Elahi, A., & Elahi, M. (2006). Data, network, and Internet communications technology. Clifton Park, NY: Thomson Delmar Learning.

Hardjono, T., & Dondeti, L. R. (2005). Security in wireless LANs and MANs. Boston: Artech House.

McFedries, P. (2008). Networking with Microsoft Windows Vista: your guide to easy and secure Windows Vista networking. Indianapolis, Ind.: Que.