A risk management cost benefit analysis (SAR). IT Research Paper

A Risk Management Cost-Benefit Analysis
Student’s Name
Institutional AffiliationCourse
Date
A Risk Management Cost-Benefit Analysis
Introduction
The document represents a Security Assessment report for a network security audit which was conducted by FISMA. The report covers the security analysis baseline regarding the potential risks. The network defense strategies are also reviewed, which helps in determining the best defense for the network. Also, there is a penetration testing process outlined, and the results are analyzed which are used in making the cost-benefit analysis.
Security Analysis Baseline
According to the FISMA standards, the main goal of the preliminary baseline activity is identifying the level for categorizing the system information. The risk levels are usually based on the negative effect of the network if the section is compromised. Plans are established to prevent the compromise; the enterprise networks should always have frequent security testing (Bouyoucef & Khorasani, 2016). The frequency of the experiment depends on the organization and the likelihood of an attack because the network compromises are either external or internal. The various attack include;
Computer virus
A computer virus which is in the form of a malicious code that is aimed at altering how a computer operates. The virus is spread from host to host where it replicates itself; the virus is code; thus, it lies dormant until it is activated. When it is activated it spread to the other computers where it takes complete control of a computer entirely.
Worms
Worms are similar to the viruses, although the worms can replicate themselves without any aid of the user’s interaction and they act as backdoors for the targeted networks.
Trojan
A Trojan is a type of malware which is disguised as legitimate software. Cybercriminals employ the Trojans in tricking users into giving them access to a web. When criminals are able to have access, they steal and modify the data.
DoS attacks
The DoS attacks are used in denying the users access to various applications. During this attack, the targeted system is flooded with traffic which triggers the crashing of the system.
Session attack
A session attack is a situation whereby two parts of a system are connected, and the hackers highjack the sessions entirely. During the session hijacking, the attackers steal the token issued to the user and enters the network as a user.
Social engineering
Also, hackers can apply social engineering to gain information or access to a network. Social engineering is used in tricking people into revealing information which allows them to access the network. The most common type of social engineering experienced is phishing. The attackers tend to send an email which appears to be sent by a reliable source requesting information. Once the victim gives a response to that email, the attackers are able to have access to the network.
There are numerous different threats to a venture network these, in any case, are the most widely recognized ones utilized. These attacks are the most commonly used, yet they may likewise be the most harming to an association. This is the reason they are being used as the establishment for structure the security baseline of the network. The utilization of interruption detection systems (IDS) and ensuring that infection insurance programming is state-of-the-art helps in setting that baseline.
H-bot networks infrastructure
There is a wide range of networks that are utilized by an association. This segment will cover how the H-bot system is developed, and the security acts that are considered for it. Local Area Network (LAN) is more than one PC that is associated with a network. Instances of this would be a school or emergency clinic. Metropolitan Area Network (MAN) is the association of numerous LAN's that are near each other. Wide Area Network (WAN) are like MAN's apart from inclusion can interface nations (Dixon, 2014). WANs are regularly claimed by an association. The figure above demonstrates the foundation of the H-bot network. This outline reflects an area of the network for one place of business, or a LAN. There are various arrangements like this one which makes up the whole network. Being a venture network has its advantages; however, it comes risks and concerns. These potential issues are information misfortune, security breaks, and fatal attacks running from infections to programmers. To genuinely comprehend the security act at some random time is to start some kind of test. There is no set standard concerning how consistently a network ought to be tested, yet it ought to be done frequently. Presently strategy expresses that testing is done two times per year. Penetration tests are utilized for testing and ought to be done quarterly at the very least. Contingent upon the idea of the data on the network, and the probability of an assault, they should be possible all the more every now and again. Since the H-bot network is possessed by an administration office, the odds of an assault are higher than the typical association. The present procedure set up for occurrence reaction is detection and control. Regardless of whether it be a penetration test or actual situation, the area of the rupture is recognized (Faircloth, 2014). That zone is isolated until the danger type is known, and countermeasure can be executed. When the issue is settled, a report is created to report the rupture.
The security staff has the information base for the present security procedures set up; however, may not excessively have the knowledge on further developed procedures that can help lower occurrence reaction times. The present security stance is at a stop. There are no guides for headways in the security process, nor does advancement intend to expand the information base among the staff. Territories in which the team can improve their insight base would be on the most proficient method to distinguish destructive codes. By and by the staff depends on disassemblers and debuggers which separate the code to make sense of what each part does. Programmers use rootkits to avoid detection from basic debuggers. Rootkits enable the malicious code to shroud profound inside system and gives the programmer access to the network.
The H-bot network is hierarchically based, and in this way is WAN network type. Inside the network, there is the utilization of both open and close network. The web is a public network. This can enable access to the organization's site page. Shut networks "intranet" are increasingly secure and must be gotten to by staff. Security stances ought to guarantee that firewalls are set up to keep the two networks isolated. Inside the intranet guarantee that staff is utilizing secure connections, for example, HTTPS, sharing capacities on computers are killed, and VPNs are utilized at whatever point not legitimately associated with the network.
A significant piece of an endeavor network working appropriately is the Operating System (OS). The OS is the thing that handles the majority of the client solicitations, and applications that keep running on the gadgets. The greatest danger to any OS is the end-clients. This might be purposeful or incidental. The OS for the H-bot network presently utilizes the Role Base Access Control (RBAC) model to secure the OS (Howard, 1981). The RBAC gives clients managerial rights dependent on the jobs of the position they hold.
Network Management Systems (NMS) are what permit network administrators to take a shot at explicit areas of the network without getting to the entire network. Each venture network utilizes servers. Servers are computers on the network that are utilized for access to equipment and printers. Clients and applications send data to these servers. Data while in travel is the point at which it is at its most helpless state. At the point when there are holes in assurance, endpoint vulnerabilities happen. These holes in security can occur at the client, operational, and specialized region. Holes at the client level are ordinarily of the absence of information on the client part.
At the core of a security baseline, are the following stages once a defenselessness of has been recognized. These means are remediation, mitigation, countermeasure, and recoups. Remediation is the initial step after powerlessness is effectively-recognized. The reaction group decides whether the episode can be contained. Once contain it very well may be examined to help forestall future events. The helplessness is then expelled from the network. Mitigation is the subsequent stage all the while and manages the business strategy. An examination from the investigation of the hazard will decide the hazard level. A hazard can be acknowledged, controlled, dodged, or moved. An acknowledged hazard when the expense to fix the hazard is more than the harm that could be brought about by the hazard. Hazard control requires the utilization of innovation and approaches to bring down the odds of the hazard occurring (Luo & Szidarovszky, 2012). The utilization of chancy innovation and strategies to keep away from a hazard is chance evasion. Passing the issue to an outsider is what is known as hazard move. Countermeasures are the advances and policies that are utilized in the mitigation. The last advance is recuperation. In this progression, the system has come back to a similar state as it was preceding the episode. Recuperation time is essential to the endurance of an association following a digital assault.
Following recognizable proof of the hazard factors in the hazard model, these NIST SP 800-53 security control families are applicable to the association owning the H-bot network. Access Control (AC), the network should just be available by explicit people. Contingency Planning (CP), the association ought to have an arrangement set up to resume every single ordinary capacity after the system has been undermined. Incident Response (IR), the time it takes the associations IT staff to distinguish the security break and respond (Odey, 2016). Awareness and Training (AT), the association ought to have a composed arrangement to prepare staff and make them mindful of potential threats.
Network defense strategy
Performing a security review is a method for self-exploring. The initial phase in building up a decent guard methodology is to comprehend the qualities and shortcomings of the network initially. With this understanding, it is anything but difficult to perceive how the network could be assaulted. An appropriately created arrangement will permit future data systems security officials to plan for reviews. There are five keys that ought to be pursued when getting ready for a review. First, all delicate data ought to be distinguished. Understanding what data inside the network that programmers may need will help in setting up barriers. This is otherwise called the arranging stage....