Technical Paper:
Risk Assessment
TIME
IS CST
Above (ATTACHED)is the Global Finance, Inc. (GFI) network
diagram. A hypothetical company, GFI has grown rapidly this past year and
implemented a number of network devices as displayed in the diagram. The
company invested in the network and designed it to be fault tolerant and
resilient from any network failures. However, although the company’s financial
status has matured and its network has expanded at a rapid pace, its overall
network security posture has not kept up with the company growth.
GFI’s network has historically been fairly stable, and the
company has not experienced many full scale network outages. GFI has hired
three (3) network engineers to keep up with the network growth, as well as the
bandwidth demand by the company employees and the clients. However, the company
has not hired any security personnel who can take care of the operational
security responsibility.
The trusted computing base (TCB) internal network within the
Global Finance, Inc. Network Diagram hosts the company’s mission critical
systems that are vital to the company’s operations that also affect the overall
financial situation. The Oracle database and email systems are among the most
intensively used application servers in the company. GFI cannot afford system
or network outages, as its cash flow and financial systems heavily depend on
the network stability and availability. GFI has experienced DoS network attacks
twice this year, and its Oracle database and email servers had been down for a
total of one (1) week as a result. The recovery process required GFI to utilize
$25,000 to restore its operations to the normal operating baseline. GFI
estimated the loss from these network attacks at more than $1,000,000, as well
as lost customer confidence.
Write an eight to ten (8-10) page formal risk assessment
proposal in which you:
1. Describe the company network, interconnection,
and communication environment.
2. Assess risk based on the GFI, Inc. network
diagram scenario. Note: Your risk assessment should cover all
the necessary details for your client, GFI Inc., to understand the risk factors
of the organization and risk posture of the current environment. The company
management will utilize this risk assessment to determine what actions to take;
therefore, it must be comprehensive for the business leaders to make
data-driven decisions.
1. Defend your assumptions where pertinent
information from the scenario isn’t available.
2. Ascertain apparent security vulnerabilities,
and analyze at least three (3) such vulnerabilities. Such analysis should
entertain the possibility of faulty network design. Recommend mitigation
processes and procedures for each of the identified vulnerabilities.
3. Justify your cryptography recommendations,
based on security concerns and requirements, data-driven decision-making, and
objective opinions.
3. Examine whether your risk assessment
methodology is quantitative, qualitative, or a combination of these, and
discuss the main reasons why you believe that the methodology that you utilized
was the most appropriate.
4. Explain the way in which you would present
your findings and assessment to the company’s management and thus facilitate
security buy-in and concentration.
5. Using Microsoft Visio or its open source
equivalent, redraw the CFI diagram, depicted as a secure and risk-mitigating
model. Note:The graphically depicted solution is not included in
the required page length.
6. Use at least three (3) quality resources in
this assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman
font (size 12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your professor for any
additional instructions.
· Include a cover page containing the title of
the assignment, the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not included in the
required assignment page length.
· Include charts or diagrams created in Visio or
an open source alternative such as Dia. The completed diagrams / charts must be
imported into the Word document before the paper is submitted.
