Assignment 1: Identifying Potential Risk, Response, and Recovery
Identifying Potential Risk 2
In this paper I have just been hired as an Information Security Engineer for a video game development company. I have previously identified all of the potential Threats, Vulnerabilities and Malicious Attacks for the videogame development company. The CIO have reviewed my report and has now requested that I draft a report analyzing and assessing any potential Malicious Attacks, Vulnerabilities and Threats that may be carried out against the company’s network. I will then choose a strategy for dealing with risk, such as mitigation, assignment, risk and avoidance. Next I will develop controls that will be used to mitigate each risk.
Identifying Potential Risk 3 Now let’s begin by discussing the threat of the Web/FTP server, some servers, or hosts, must be open to the internet. Web servers are examples of such hosts. You want any user to be able to access your web server- but you don’t want everyone to be able to get to your internal network (Fundamentals of Information Systems Security). The simple solution for this is just to isolate the host that is connected to the internet from the internal networks and then create a demilitarized zone. The risk mitigation for the Web/FTP, the FTP is very useful for working with remote systems, or to move files between systems. On the other hand the use of FTP across the internet or other untrusted networks, exposes you to certain security risk. Your object authority scheme might not provide enough protection when you allow the FTP on your system. The next risk for FTP is a hacker can mount a denial of service attack with your FTP server to disable user profile (FTP Security). This is usually done by repeatedly trying to logging on with the incorrect password for a user profile, generally
References: 10 Ways to mitigate Your Security Risk retrieved from, http://www.informationweek.com Kim, David and Solomon, Michael G., 2012, Fundamentals of Information Systems Security, CH 7.p.235 and CH10. P.335. Network Intrusion Detection, retrieved from http://www.itillious.com. Wireless technology Migration: Mitigating risk and increasing supply chain efficiency, retrieved from http://www.ien.com