Technical Paper

Goodman, Jeremy

Yaw Frimpong, Ph.D.

CIS 502 Theories of Security Management

September 1, 2014

Goodman, Jeremy

Yaw Frimpong, Ph.D.

CIS 502 Theories of Security Management

September 1, 2014

Abstract

Risk Assessment for Global Finance, Inc. Network.

Abstract

Risk Assessment for Global Finance, Inc. Network.

Week 10 Technical Paper

Risk Assessment

Week 10 Technical Paper

Risk Assessment

Introduction

Global Finance, Inc. (GFI) is a hypothetical company, which has grown rapidly over the past year. GFI has invested in its network and designed it to be fault tolerant and resilient from any network failures. However, although the company’s financial status has matured and its network has expanded at a rapid pace, its overall network security posture has not kept up with the company growth. The trusted computing base (TCB) internal network within the Global Finance, Inc. Network Diagram hosts the company’s mission critical systems that are vital to the company’s operations that also affect the overall financial situation. The most vital application servers is the company is their Oracle database and email system. GFI cannot afford system or network outages, as its cash flow and financial systems heavily depend on the network stability and availability. GFI has recently experienced multiple network attacks resulting in a total estimated loss at more than $1,000,000.

Risk Assessment Purpose

The purpose of this risk assessment is to evaluate the adequacy of the Global Finance, Inc. security and network. This risk assessment provides a structured qualitative assessment of the operational environment. It addresses sensitivity, threats, vulnerabilities, risks and safeguards. The assessment recommends cost effective safeguards to mitigate threats and associated exploitable vulnerabilities. Safeguards are security features and controls that, when added to or included in the information technology environment, mitigate the risk associated with the operation...