This document discusses security risk assessment for a group project. It lists the group members and outlines the 8 steps to perform a security risk assessment. These include identifying assets, threats, likelihood and impacts of threats, and mitigation options. It emphasizes the importance of a complete inventory and using qualified experts. The document also covers defining security policies, prevention methods like firewalls and antivirus software, detection using IDS, and response including documentation, containment and follow up reviews.

2. GROUP MEMBERS
 M AWAIS NASEER
 RANA ATIF SATTAR
 HASNAIN AHMED
 AIMEN MALIK

4.  RISK ASSESMENT
 8 STEPS FOR RISK ASSESMENT
 ESTABLISHING A SECURITY POLICY
 PREVENTION
 DETECTION
 RESPONSE

5. A risk assessment is the process of assessing security –
related risks to an organization’s computer
and networks from both internal and external threats
 The goals of risk assessment is to identify which investments of time and
resources will best protect the organization from its most likely and serious
threats.

6. 1. Identify the set of IT assets about which the organization is most
concerned.
2. Identify the loss events or the risk or threats that could occur ,
such as a distributed denial-of –services attack or insider fraud
3. Asses the frequency of events or the likelihood of each potential
threat; some threats, such as insider fraud ,are more likely to occur
to others
4. Determine the each impact of each threat occurring .
5. Determine the each threat can be mitigated so that it becomes much
less likely to occur or, if it does occur ,has less of an impact on the
organization.
6. Assess the feasibility of implementing the mitigation option.
7. Perform a cost benefit analysis to ensure that your efforts will be cost
effective .
8. Make the decision on whether or not to implement a particular counter-
measure.

8.  To obtain useful and more accurate analysis results,
a complete inventory list and security requirements
for a system shall be made available as inputs to the
identification and analysis activities.
 Due to the high demand of expert knowledge and
experiences in analysing the collected information
and justifying security measures, a security risk
assessment should be performed by qualified
security expert(s).

9. DEFINATION:
A security policy defines an organization security requirements ,as well as the controls and
sections needed to meet those requirements.
• A good security policy delineats responseibilities and the
Behaviour of the members of the organization
• NIST 800 series of documentation
which provides a useful defination ,policies,
standards, and guidelines related to computer security .

10. • Automated system policies can often be put into
practice using the configuration in a software
programme
• The use of e-mail attachments is a critical security issue
that should be addressed in a organization’s
security policy.
• Another growing area of concern is the use of wire less
devices to access corporate e-mail ,store confidential
data, and run critical applications ,such as inventory
management and sales force automation

11.  AVirtual private network:
A virtual private network works by using the internet
to relay communication ; it maintains privacy through
security procedures and tunneling protocols ,which
encrypt data at the sending end and decrypt data at
the receiving end

12. EDUCATING EMPLOYEES ,CONTRACTORS AND
PART TIME WORKERS
• Guarding their passwords to protect against
unathorized access to accounts
• Prohobiting others from using their systems
• Applying strict access controles to protect data
from disclouser and distruction
• Reporting all unusual activities to the organization’s it security
group

13. FOLLOWING ARE THE METHOD WHICH ARE USED FOR SECURITY PURPOSE
1) FIREWALL
2) INTRUSION PREVENTION SYSTEMS (IPS s)
3) ANTIVIRUS
o NORTONE ANTIWIRUS
o PERSONAL FOREWALL FROM McAfee

14. Firewall standard guard between an organization
internal network and the internet and its limit
network access based on the organization access
policy.
Installing a firewall can lead to an other serious
security issue_copmlancency .

16. work to prevent an attack by blocking virus mal-form
packets ,and other threats
from getting into the protected network.
a firewall and a network IPS are complementry

17. ANTI VIRUS SOFTWARESHOULD BE INSTALL ON
EACH USERS ,PERSONAL USER TO SCAN A
COMPUTER .
ANTIVIRUS SOFTWARE CAN SCAN FOR A SPECIFIC
SEQUENCE OF BYTES KNOWN AS A VIRUS
SIGNATURE

18. Even when preventive measure are implemented ,no organization is
completely secure from a determined attack
 INTRUSION DETECTION SYSTEM
It is a software and/or
hardware that monitors systems and network resources and activities
, and notifies network security personnel when it identify possible
intrusion from out side the organization or misuse from with in the
organization

19. 1) Incident Notification
2) Protection Of Evidence And Activity Logs
3) Incident containment
4) Eradication
5) Incident follow-up

20. The key element of any response plan is to define who to
notify who not to notify.
Most security experts recommends against giving out
specific information about a compromise in public forms
,such as a news paper report, conferences ,professional
meetings and online discussion groups.

21. And organization should document all detail of security
incident as it works to resolve the incident .
Documentation capture value able evidence for a future
prosecution and provide data to help during the incident
eradication and follow up phases .
It is especially important to capture all system events
,specific action ( what, when ,who)and all external
conversation in a log book.

22. Often it is necessary to act quickly to contain an attack
to keep a bad situation from becoming even worse.
How such decision are made ,how fast they are made
,who makes them are all element of an effective
response plan.

23. Before the IT security groups begin the eradication
effort ,it must collect and log all possible criminal
evidence from the system and then verify that all
necessary backups are current ,complete ,and free of
any virus

24. A reviwe should be conducted after an incident to
determined exactly what happen and to evaluate how
the organization responded.
However it is important to look deeper then
immediate fix to discover why the incident occur.

25. ANY QUESTION