Preview

Global Information Assurance Certification Paper

Powerful Essays
Open Document
Open Document
4239 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Global Information Assurance Certification Paper
Global Information Assurance Certification Paper

Copyright SANS Institute Author Retains Full Rights
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.

Interested in learning more?
Check out the list of upcoming events offering "Security Essentials Bootcamp Style (Security 401)" at http://www.giac.org/registration/gsec

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Abhay Sadwelkar SANS Security Essentials GSEC, Version 1.4 06/29/2002

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

© SANS Institute 2000 - 2002

©

SA

NS

In

sti

tu

As part of GIAC practical repository.

te

20

00 …show more content…
What is Risk Assessment? : Risk assessments, whether they pertain to information security or other types of risk, are a means of providing decision makers with information needed to understand factors that can negatively influence operations and outcomes and make informed judgments concerning the extent of actions needed to reduce risk.1 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Why do we need to conduct a risk assessment? To identify the potential hazardous situations, which may negatively affect our business processes, and to estimate the likelihood of such an event occurring. A risk assessment would help to provide alternative solutions to reduce the risk, estimate the effectiveness of those solutions and provide information to base a risk management decision. The paper discusses in brief technical and business risk analysis and touches upon ISO 17799 based Gap Analysis, Disaster Recovery Planning options (DRP), Business Continuity Planning (BCP) and the deliverables therein. We sum up with highlights on leading technologies in antivirus, firewall, intrusion detection, authentication and threat management. These technologies are a part of the defense in depth2 approach to secure our …show more content…
This also includes recommended products in each category for secure architecture. Risk Assessment Deliverables (Business) BCP Framework for FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 IT Operations Center: What is Business Continuity? A proactive process, which identifies the key functions of an organization and the likely threats to those functions. From this information, plans and procedures that ensure key functions can continue whatever, the circumstances, can be developed.13 BCP is designed to protect disruption to normal business activities and to protect business critical processes from natural and man made disasters. BCP aims at preservation of capital, resumption of normal business activities and to minimize cost of business disruptive events and mitigate risks associated with it. BCP for the IT Operations Center would focus on14: o Local and Wide Area networks and servers o Telecom and data communication equipment and links o Workstations and workspaces o Application and system software o Data, media, storage and records o Staff duties and production processes Broadly the elements of BCP are: • Scope and plan initiation • Business Impact Assessment • Business Continuity Plan development Scope and plan initiation It is important to establish and communicate the need for BCP,
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Project Part 2 Task 2
    • 461 Words
    • 2 Pages

    Project Part 2 Task 2

    The Business Continuity Plan is designed to prepare an organization to continue doing business when a disaster strikes. The BCP differs from the traditional disaster recovery plan in the fact that a BCP covers all aspects of the business and incorporates the DRP as part of it. The DRP focuses on restoring data and on information technology only.…

    • 461 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Nt1330 Unit 3 Assignment 1
    • 801 Words
    • 4 Pages

    Nt1330 Unit 3 Assignment 1

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
    Read More
  • Powerful Essays

    Isc363 Phase 3
    • 1899 Words
    • 8 Pages

    Isc363 Phase 3

    The level of security can determine the rise and fall of any organization, no matter how big or small the company may seem, so mitigating risk should always be the number one priority. Risk mitigation can be define as the process of implementing any form strategic actions that will reduce the level of threats that may cause financial hardship towards the organization. In addition, risk mitigation tracks, identify and evaluation all form of risk, including new and old. The focus of risk mitigation is to assist the organization’s department of security administration with identifying a list of potential problems that…

    • 1899 Words
    • 8 Pages
    Powerful Essays
    Read More
  • Good Essays

    NT2580 Project part 1
    • 606 Words
    • 3 Pages

    NT2580 Project part 1

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
    Read More
  • Powerful Essays

    nt2580 lab 6
    • 1092 Words
    • 5 Pages

    nt2580 lab 6

    on identifying critical business functions and operations that must be part of a business continuity plan to…

    • 1092 Words
    • 5 Pages
    Powerful Essays
    Read More
  • Powerful Essays

    It 244 Appendix B
    • 3468 Words
    • 14 Pages

    It 244 Appendix B

    This disaster plan was put together to try and protect valuable information should it be attacked by hackers or threatened by a natural disaster. As this company grows, so will the value of the network and the information it retains. We want to ensure to the customer and the employee that this information is safe and not vulnerable to an attack. This plan was devised to help protect against failures such as the complexity of the system, accidental failure or a breech by hostile intent.…

    • 3468 Words
    • 14 Pages
    Powerful Essays
    Read More
  • Better Essays

    Assignment #3
    • 1880 Words
    • 8 Pages

    Assignment #3

    Mission Enterprise Company has developed a project checklist for the Security IT Mission that outlines the project with various levels of detail. As a subcontractor to Vital Operations on this project, Mission Enterprise Company is no longer able to control many of the aspects of staffing personnel for a project such as security, selecting qualified personnel, and determining salaries of personnel. The main function of the project has been identified as well as primary stakeholders. This project will also assess the current and future situations that will be most impacted by this project. Security IT Mission will set a precedent for Mission Enterprise Company because it is a transition of a current task order with the new award to a small business, Vital Operations. By defining assumptions with the project there will be a chance to formulate ideas to overcome hurdles associated with this and future projects similar to Security IT Mission.…

    • 1880 Words
    • 8 Pages
    Better Essays
    Read More
  • Powerful Essays

    Cis 462 Business Impact Analysis Assignment 2
    • 1932 Words
    • 8 Pages

    Cis 462 Business Impact Analysis Assignment 2

    Prior to developing Business Continuity Plans the organization should complete a Business Impact Analysis (BIA). The objective of the BIA is to collect information about the business to understand the importance of the different functions within the organization. The BIA serves as the basis on which an effective BCP can be developed and put in place. Results of performing a BIA will identify and quantify how the business will be impacted during a disruption or loss of processes within the organization. Effective implementation will help the organization recover its operations…

    • 1932 Words
    • 8 Pages
    Powerful Essays
    Read More
  • Better Essays

    CIS 502 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
    • 1114 Words
    • 10 Pages

    CIS 502 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING

    Supply Disruption  Customer Disruption  Employee Disruption Communication Utilities Contingency Planning Process High Level Contingency and Disaster Recovery Planning Strategy • Develop the Business Contingency Planning • • • • • • • Policy and Business Process Priorities Conduct a Risk Assessment Conduct the Business Impact Analysis (BIA) Develop Business Continuity and Recovery Strategies Develop Business Continuity Plans Conduct awareness, testing, and training of the DRP Conduct Disaster Recovery Plan maintenance and exercise Identify business processes Industry Standards ISO 27001 : Requirements for Information Security Management Systems. Section 14 addresses business continuity management.…

    • 1114 Words
    • 10 Pages
    Better Essays
    Read More
  • Powerful Essays

    HHS 350: Categorizing Vulnerabilities In An Organization
    • 2036 Words
    • 9 Pages

    HHS 350: Categorizing Vulnerabilities In An Organization

    There are quite a few vulnerabilities that can affect organizations productivity. These vulnerabilities can be environmental, utilities & service, criminal behavior, equipment failure, and information security issues. To protect the organization against loss of productivity and data loss we have created an assessment of the potential danger each category of threat presents. We created a worksheet (located on the last page of this document) listing each type of vulnerability and ranked the probability and severity of each of the threats. Using a probability and severity legend that had one…

    • 2036 Words
    • 9 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    ISSC363 Assignment 3
    • 586 Words
    • 2 Pages

    ISSC363 Assignment 3

    At its core, the purpose of a risk assessment is identifying and evaluating risks that may potentially have a negative impact on an organization. It can help management understand the impact in terms of costs to the organization or the severity of a loss depending on the methodology used to conduct the risk assessment. The goal is to provide sound recommendations based on the risk assessment to help maintain data confidentiality, integrity and vulnerability while ensuring functionality and usability. Based on the results, management can make more informed decisions about what resources to protect, how to protect them and understand the potential costs and impact. Once the purpose of the risk assessment is understood, defining the scope is next.…

    • 586 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Cmgt 441 Homeland Security Research Paper
    • 1317 Words
    • 6 Pages

    Cmgt 441 Homeland Security Research Paper

    The review results were positive with a suggestion for an improvement. The team found that RedSeal product provides the intelligence necessary to improve defenses, maintain continuous compliance and mitigate real-world risks by identifying the available paths of access and exposed vulnerabilities present across a network (Stephenson, 2012). The RedSeal solution is either a hardware appliance or software product and is architected for a fast and efficient means of implementing the system (Stephenson, 2012). The design will provide the most secure, scalable, and dependable deployment possible (Stephenson, 2012). Continuous monitoring focuses on correlating IT, network, and vulnerability feeds (Stephenson, 2012). The system identifies risk associated with the business’s security effectiveness as opposed to policy and compliance driven tools (Stephenson, 2012). RedSeal provides a large library of supported vendor products, allowing security and vulnerability data to be quickly and easily imported into the system. The system automatically builds network maps and correlates the map data with configuration and vulnerability data, which creates a threat reference library. RedSeal finds and eliminates gaps in businesses security controls and prioritizes the impact of those gaps. RedSeal is not an assessment or audit tool, but it does correlate risk to various controls for compliance regulations, creating reports that show gaps in deployed configurations/controls (Stephenson, 2012). The team would have liked to have seen more integration with governance, risk, and compliance solutions (Stephenson, 2012). The product only provided a piece of the risk picture. The piece is important, and one that a number of assessment and audit driven tools do not deliver and could leverage (Stephenson,…

    • 1317 Words
    • 6 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    NT2580
    • 526 Words
    • 5 Pages

    NT2580

    Common security countermeasures typically found in an IT infrastructure  Risk assessment approach to securing an IT infrastructure  Risk mitigation strategies to shrink the information security gap NT2580 Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS NT2580…

    • 526 Words
    • 5 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Risk Management
    • 622 Words
    • 3 Pages

    Risk Management

    To assess risks and vulnerabilities with the operating IT facilities we must create a mitigation plan. The mitigation plan will ensure what actions or steps to take when a risk were to occur. If the company were to experience risk such as fire, users outages, remote access, opening unknown e-mail attachment or have equipment failure, the mitigation plan will let you know…

    • 622 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    IS3110 Unit 6 Lab 1 Develop a Risk Mitigation Plan
    • 585 Words
    • 2 Pages

    IS3110 Unit 6 Lab 1 Develop a Risk Mitigation Plan

    1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? It is important to because you must be aware of what the risks, threats, and vulnerabilities are to your infrastructure. You need this so that you know where to focus your attention.…

    • 585 Words
    • 2 Pages
    Satisfactory Essays
    Read More

Related Topics