All papers examples
Get a Free E-Book!
Log in
HIRE A WRITER!
Paper Types
Disciplines
Get a Free E-Book! ($50 Value)

Progress Document, Research Paper Example

Pages: 7

Words: 1861

Research Paper

Overview

The overview will highlight contents of this progress document. It will highlight the description of all the tasks included in this document. The summary will highlight the progress against the project plan that was delivered before this coursework. The revised risk analysis will be extended from the Unit 1 individual project. The project plan will also be revised according to the current progress of the project. Moreover, the technical documentation and a simple user guide will also be incorporated in this coursework. Furthermore, if necessary, the coursework will also be equipped with a basic maintenance guide.

Project Plan

Milestone Description Date
Overview

 

Includes details of the project contents  
Revised Risk Analysis Extended risk analysis including Risk treatment tables, security policy creation etc.  
Risk Treatment Evaluating all risk of how to protect them from disrupting the network  
Creating Security Policy In order to implement rules, creation of a security policy document  
Technical and non-Technical Information Concerns related to technical and non technical information related to the network  
Identification of Components The contributing of devices that may involve in network services  
Data Classification Prioritizing critical information assets of an organization  
Evaluating Threats and Vulnerabilities Illustrating different between these two terminologies  

Revised Risk Analysis

Before conducting risk assessment, core factors are considered. The identification of information assets is vital before conducting risk assessment. Information assets are defined as the entities that hold organization data. A good definition states it as, “information assets are specific to your business functions and business strategies, they may be contained within broad categories such as contractual and legislative compliance, those needing virus prevention, those critical to business recovery following security compromises, etc” (SANS: Glossary of security terms – I ). The information assets for an organization will be technology assets, data asset, service asset and people asset.

Risk analysis is done in order to analyze the threats, effects and vulnerabilities contributing to a system. To attain a certain level of requirement of ISO 27001, that is “a specification for an ISMS, an Information Security Management System” (ISO 27000 – an introduction to ISO 27001 / ISO27001), the following table Figure 1.1 explains the defined and observed methods of risk assessment.

Asset Name Risk Type (CIA Profile) Likely-hood Impact Source Description
Business Records C:High

I:High

A:Low

High High Internal/

External

Sales server gets hacked
Hard Disk Failure C:Medium

I:Low

A:Low

High High External/

Internal

On swapping hard disk from backup, the hard disk fails to run again.
Financial

Records

C:High

I:High

A:Low

Low High Internal Incorrect input data entry
Sales Records C:High

I:High

A:Low

High High External/

Internal

Sales server gets hacked
Email Records C:High

I:High

A:Medium

High High External Mail server gets hacked
Web Records C:High

I:High

A:Low

High High External Web server gets hacked
Database

Records

C:High

I:High

A:Low

High High External Database server gets hacked or corrupted
Database Records C:High

I:High
A:Medium

Low High Internal Disable the Database server accidental
Web service C:High

I:Low
A:Low

Medium High Internal Use of proxy servers

Figure 1.1– Risk Assessment

There would be certain team of people who would monitor to identify all the mentioned risks in Fig 1.1, also look for any security breaches or any other non-bakery member trying to perform any changes.

Risk Treatment

Total three risks have to be prevented. The table in Fig 1.2 shows risk treatment of threats and vulnerabilities related to a wireless and wired network.

Asset Name Location Risk Summary Control Residual Risk
Business Records Sales server Sales server gets hacked All data must be encrypted Low
Hard Disk Failure Any system/ server Hard Disk stops working Raid Configuration Low
Financial

Records

Sales server Employee performs incorrect entry Allow review changes Low
Sales Records Sales server Sales server gets hacked All data must be encrypted Low
Email Records Email server Email server gets hacked All data must be encrypted, all emails must be scanned through anti-virus and then allowed for download or disable attachments Low
Web Records Web server Web server gets hacked Use of a backup server located at remote place other than headquarters to kick in incase of any damage to the primary server Low
Database

Records

Sales server Database gets hacked or corrupted Back up the server at regular intervals as well as have a remote backup server Low
Database Records Sales server Disable the database server accidental Ask for permission to disable the server or to reconfirm the disable command Low
Web service Any system Use of proxy server Disable the use of different ports which would eventually block access to the internet other than the required domains or block proxy IP addresses Low

Figure 1.2 -Risk treatment

Analyzing Technical and Non Technical Information

An efficient risk assessment is based on current and detailed information of the radar satellite communication systems for the organization. Adequate information should be referenced in risk assessment to document methodical indulgent of these environments. Together technical and non-technical information gathering is required. The information may consists of technical statistics, strategic information related to battle plans along with network physical layouts detailing internal and external connectivity. Moreover, hardware and software, database containing mission critical data, processing arrangements and interfaces integrating with outbound objects, hardware and software configurations, access policies, standards and procedures for the operation, upgrades, maintenance and monitoring of the technical radar systems are also included.

Identification of Components

Risk assessment consists of identification of information systems that need to be protected including electronic systems, physical components that are utilized for transmission, usability, protection and organize information. The information provided by the information systems can be logical or digitized. The analysis of the global organization’s network includes a system classification and analysis of data on networks to monitor the security measures where appropriate. The inbound and outbound connectivity between different global networks, are essential to be identified for strict security compliance. The computing devices including portable computers, critical databases, tape drives, personal digital assistance, flash drives, media that is used in software development and testing should be identified.

For identifying components, it is important to understand how the network performs its day-to-day operations. For example, risk assessment needs to address employee activities of accessing data, transmission of information in response to request, how data is stored, transferred and deleted. The authorization and authentication is required for those employees, who receive both physical and logical form of data and how they represent the information for any purpose. The outsourcing strategy of the computer network also requires strict compliance and policies for identifying relevant data transmission to and from the computer networks. The architectural diagram and the related documentation should identity relationships with the service provider relationships

Data Classification

Data classification program needs to be established to identify and prioritize data, systems and applications in terms of highly significant. The classification program will also ensure consistent protection of information and mission critical data throughout the network. By prioritizing data, systems and applications, the risk analyst of the network will focus on the networks control and performance in an efficient manner. There is a requirement of classifying all the shared data along with their priorities. Classification should be based on a biased combination of all relevant attributes.

Evaluating Threats and Vulnerabilities

Organizations should evaluate potential threats and vulnerabilities for making the network protected. The evaluation is conducted to identify the severity of each information system, which deserves priority due to the value of data, which needs to be protected. Both threats and vulnerabilities need to be considered concurrently. A simple definition of threats is available on www.PcMag.com, which states as “The danger of an attack on a computer system.” Threats can provide damage to the confidentiality, availability and integrity of information present in the information systems. Whereas, vulnerabilities are defined as A security exposure in an operating system or other system software or application software component.” (Vulnerabilities definition from PC magazine encyclopedia). Vulnerabilities can be distinguished as security loopholes in the system. If hackers find these loop holes in the system, result are devastating including unauthorized access, amendment or complete deletion of the system. A recent example is the hacking of wiki leaks website which impacted the whole world along with affecting strategic and economic relations between countries as various confidential documents were leaked out from the website. On “www.bbc.co.uk” news article illustrates as “Whistle-blowing website Wikileaks says it has come under attack from a computer-hacking operation, ahead of a release of secret US documents.” Vulnerabilities are successful due to policy weaknesses, inadequate implementation of security infrastructure, and information of personal issues. Testing of the security infrastructure including network components, hardware and software is essential for identifying any possible threats which may occur in the future.

Creating a Security Policy

It is defined as a set of rules, demonstrating who is authorized to access what on the network (What is security policy? definition and meaning). The security policy would enable an organization to follow a certain set of control policy that will give a type of broad idea of how the organization should function on a daily basis. Also after implementing of the rules, they need to be checked at a periodical basis in order to keep up with the latest threats and vulnerabilities. The following are the guidelines to control the security policy of the organization:

  • All data must be regarded as confidential and should be controlled using access rights.
  • Any unauthorized software to be found using would be remove with due effect.
  • Internet access should be restricted to selected authorized personals only.
  • Use of certain ports and proxy must be restricted to certain authorized people only, which would help in identifying the individual if any damage or illegal activity is monitored.
  • Passwords of a person’s profile must contain at least 8 to 15 characters with minimum of one capital character, one special character and one number.
  • Passwords must be changed within duration of 3 months without repeating the previous ones.
  • All the workstations must have an anti-virus and firewall system installed to protect from any software or network attack
  • The workstation will have write protection enabled and would not allow any executables to run except for the required software.
  • There must be a black list created for any IP addresses from external source to be logged and blocked if found trying to scan, penetrate or exploit the network.
  • System administrator must perform all the installation and maintenance of the workstation only.
  • If any problem is faced in the network, workstation or servers, a note must be taken and the risk treatment plan appropriate for that problem must be started.
  • All kinds of removable media must be disabled to increase the security and to prevent any unwanted software (viruses, spyware) to be installed on the local system jeopardizing the entire network’s security.
  • The open wireless bridge must be closely monitored in order to stop any malicious activity and prevent any risk to the organization’s network security.
  • Each staff needs to be acquainted with the Security Policy and should keep in mind if any inappropriate activity is triggered, would lead to severe penalties.

References

Threat definition from PC magazine encyclopedia Retrieved 12/13/2010, 2010, from http://www.pcmag.com/encyclopedia_term/0,2542,t=threat&i=52859,00.asp

Vulnerability definition from PC magazine encyclopedia Retrieved 12/13/2010, 2010, from http://www.pcmag.com/encyclopedia_term/0,2542,t=vulnerability&i=54160,00.asp

BBC news – wikileaks ‘hacked ahead of secret US document release’ Retrieved 12/13/2010, 2010, from http://www.bbc.co.uk/news/world-us-canada-11858637

ISO 27000 – an introduction to ISO 27001 / ISO27001 Retrieved 6/23/2011, 2011, from http://www.27000.org/iso-27001.htm

SANS: Glossary of security terms – I Retrieved 6/23/2011, 2011, from http://www.sans.org/security-resources/glossary-of-terms/i

What is security policy? definition and meaning Retrieved 6/23/2011, 2011, from http://www.businessdictionary.com/definition/security-policy.html

Time is precious

Time is precious

don’t waste it!

Get instant essay
writing help!
Get instant essay writing help!
Plagiarism-free guarantee

Plagiarism-free
guarantee

Privacy guarantee

Privacy
guarantee

Secure checkout

Secure
checkout

Money back guarantee

Money back
guarantee

Related Research Paper Samples & Examples

The Risk of Teenagers Smoking, Research Paper Example

Introduction Smoking is a significant public health concern in the United States, with millions of people affected by the harmful effects of tobacco use. Although, [...]

Pages: 11

Words: 3102

Research Paper

Impacts on Patients and Healthcare Workers in Canada, Research Paper Example

Introduction SDOH refers to an individual’s health and finances. These include social and economic status, schooling, career prospects, housing, health care, and the physical and [...]

Pages: 7

Words: 1839

Research Paper

Death by Neurological Criteria, Research Paper Example

Ethical Dilemmas in Brain Death Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in [...]

Pages: 7

Words: 2028

Research Paper

Ethical Considerations in End-Of-Life Care, Research Paper Example

Ethical Dilemmas in Brain Death Ethical dilemmas often arise in the treatments involving children on whether to administer certain medications or to withdraw some treatments. [...]

Pages: 5

Words: 1391

Research Paper

Ethical Dilemmas in Brain Death, Research Paper Example

Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in healthcare and emphasizes the need [...]

Pages: 7

Words: 2005

Research Paper

Politics of Difference and the Case of School Uniforms, Research Paper Example

Introduction In Samantha Deane’s article “Dressing Diversity: Politics of Difference and the Case of School Uniforms” and the Los Angeles Unified School District’s policy on [...]

Pages: 2

Words: 631

Research Paper

The Risk of Teenagers Smoking, Research Paper Example

Introduction Smoking is a significant public health concern in the United States, with millions of people affected by the harmful effects of tobacco use. Although, [...]

Pages: 11

Words: 3102

Research Paper

Impacts on Patients and Healthcare Workers in Canada, Research Paper Example

Introduction SDOH refers to an individual’s health and finances. These include social and economic status, schooling, career prospects, housing, health care, and the physical and [...]

Pages: 7

Words: 1839

Research Paper

Death by Neurological Criteria, Research Paper Example

Ethical Dilemmas in Brain Death Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in [...]

Pages: 7

Words: 2028

Research Paper

Ethical Considerations in End-Of-Life Care, Research Paper Example

Ethical Dilemmas in Brain Death Ethical dilemmas often arise in the treatments involving children on whether to administer certain medications or to withdraw some treatments. [...]

Pages: 5

Words: 1391

Research Paper

Ethical Dilemmas in Brain Death, Research Paper Example

Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in healthcare and emphasizes the need [...]

Pages: 7

Words: 2005

Research Paper

Politics of Difference and the Case of School Uniforms, Research Paper Example

Introduction In Samantha Deane’s article “Dressing Diversity: Politics of Difference and the Case of School Uniforms” and the Los Angeles Unified School District’s policy on [...]

Pages: 2

Words: 631

Research Paper