Copyright SANS Institute Author Retains Full Rights
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.
Interested in learning more?
Check out the list of upcoming events offering "Security Essentials Bootcamp Style (Security 401)" at http://www.giac.org/registration/gsec
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Abhay Sadwelkar SANS Security Essentials GSEC, Version 1.4 06/29/2002
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2002
©
SA
NS
In
sti
tu
As part of GIAC practical repository.
te
20
00 …show more content…
What is Risk Assessment? : Risk assessments, whether they pertain to information security or other types of risk, are a means of providing decision makers with information needed to understand factors that can negatively influence operations and outcomes and make informed judgments concerning the extent of actions needed to reduce risk.1 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Why do we need to conduct a risk assessment? To identify the potential hazardous situations, which may negatively affect our business processes, and to estimate the likelihood of such an event occurring. A risk assessment would help to provide alternative solutions to reduce the risk, estimate the effectiveness of those solutions and provide information to base a risk management decision. The paper discusses in brief technical and business risk analysis and touches upon ISO 17799 based Gap Analysis, Disaster Recovery Planning options (DRP), Business Continuity Planning (BCP) and the deliverables therein. We sum up with highlights on leading technologies in antivirus, firewall, intrusion detection, authentication and threat management. These technologies are a part of the defense in depth2 approach to secure our …show more content…
This also includes recommended products in each category for secure architecture. Risk Assessment Deliverables (Business) BCP Framework for FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 IT Operations Center: What is Business Continuity? A proactive process, which identifies the key functions of an organization and the likely threats to those functions. From this information, plans and procedures that ensure key functions can continue whatever, the circumstances, can be developed.13 BCP is designed to protect disruption to normal business activities and to protect business critical processes from natural and man made disasters. BCP aims at preservation of capital, resumption of normal business activities and to minimize cost of business disruptive events and mitigate risks associated with it. BCP for the IT Operations Center would focus on14: o Local and Wide Area networks and servers o Telecom and data communication equipment and links o Workstations and workspaces o Application and system software o Data, media, storage and records o Staff duties and production processes Broadly the elements of BCP are: • Scope and plan initiation • Business Impact Assessment • Business Continuity Plan development Scope and plan initiation It is important to establish and communicate the need for BCP,