Thursday, December 6, 2012

The Necessity of Network Risk Assessment


Electronic information systems and network security go hand-in-hand for businesses and organizations. Because these systems are commonplace for storing files and data, industry regulations have specific standards for them, including network security implementation and risk assessments. If appropriate controls are not put in place and assessments not conducted frequently enough, an intruder can enter your system to usurp data and possibly exploit it.

Network security, regardless of industry standards, encompasses all activities for protecting system data, including technical, physical, and social. Small and medium-sized businesses are particularly vulnerable to security threats, and to take precautions, such organizations need to conduct regular network risk assessments.

A network risk assessment involves penetration testing, social engineering, and vulnerability audits. Vulnerabilities, or weak points present along a system's perimeter and in the interior, allow intruders to enter, and a network engineer identifies and tests these points for their strength. In assessing your network, the engineer may interview employees to test judgment, perform vulnerability scans, examine operating system settings, use ethical hacking techniques, and analyze past system attacks. As he or she examines these aspects of your network, the following information is gathered:

• How security policies are used and implemented • Access control lists and their location • Audit logs and their review • Passwords and how easy they are to retrieve • Security settings • Compliance with industry best practices, such as HIPAA or FFIEC • Unnecessary applications and their removal • Operating systems, including consistency and being up to current levels • Backups, such as how all information is stored, if it is up to date, and how easy information is to access • A disaster recovery plan, if one is in place • Sufficiency and configuration of cryptographic tools for data encryption • Any custom-built applications and if they correspond with network security policies • Documentation and review of configuration and code changes • Review of past security breaches

After a network risk assessment addresses all aspects, a report is produced by the engineer. The report lists all vulnerabilities found along the perimeter and inside the network and provides solutions for mitigating the possible risks of each. While network risks are never eliminated, they can be reduced to make intrusion and stealing data far more difficult for an outside party.

Regular network risk assessments are recommended. However, the degree in which they are needed depends upon the frequency of network and security updates. Ideally, a network risk assessment should be performed whenever these structures are modified or upgraded.

Why You May Want to Hide Your IP   Why Having a Secure Wireless Network Is Important   SSL Certificates Help You to Secure Yourself and Website to Prevent Holiday Hoaxes This Christmas   How To Avoid Credit Card Fraud   



0 comments:

Post a Comment


Twitter Facebook Flickr RSS



Français Deutsch Italiano Português
Español 日本語 한국의 中国简体。