“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
risk assessment 27.docx
1. risk assessment 27
See attached details and requirements.This Risk Assessment and your suggested security
improvements are of critical importance. CEO Thompson is set on outsourcing GFI’s IT
competency and you’ve been told of a plan from COO Willy to outsource network
management and security functions away from your department and over to a service
integrator. COO Willy warns you that the political environment will only become more
contentious over time; you must make a compelling case as to what value your department
can bring over an integrator to provide security improvements in certain key areas without
a significant increase to the IT budget. It is extremely important that you take into account
the value of the assets being protected when selecting security controls to mitigate the risks
(i.e. don’t spend $1000 to protect an asset worth $500). In addition to what you learned
from COO Mike Willy about the previous exploits of GFI’s vulnerabilities and what you
gathered when reviewing GFI’s network infrastructure, the COO has provided some
additional information that he wants you to take into accountFrom the devices and systems
identified in the GFI Corporate Network Topology, conduct a thorough asset inventory,
assign monetary values to each asset (quantitative), and assign a priority value for each
asset (qualitative) that could be used to determine which assets are most critical for
restoral in the event of a catastrophic event or attack.• Evaluate the perimeter security,
make a list of access points internal and external (remote), identify vulnerabilities and make
suggestions for improvements to perimeter and network security.•Evaluate the remote
access infrastructure, identify vulnerabilities and suggest security improvements to
mitigate risks to remote access• Address the COO’s concern over the mobility security
and design a secure mobile computing (smart phones, tablets, laptops, etc.) in terms of
authentication technologies and data protection.• Identify wireless vulnerabilities and
recommend what safeguards, authentication technologies, and network security to protect
data should be implemented.• Evaluate the authentication protocols and methodologies
within the wired, wireless, mobility and remote access environments and suggest
improvements to secure authentication for GFI.• Evaluate the web system protocols and
vulnerabilities within the Intranet server and suggest secure protocol improvements to
improve security for web authentication.• Design a cloud computing environment for the
company with a secure means of data protection at rest, in motion and in process.•
Assess all known vulnerabilities on each asset in this environment and impacts if
compromised.• Using the asset inventory and the assigned values (monetary and
priority) conduct a quantitative and qualitative risk assessment of the GFI network.•
2. Recommend risk mitigation procedures commensurate with the asset values from your
asset inventory. Feel free to redesign the corporate infrastructure and use any combination
of technologies to harden the authentication processes and network security measures.•
Provide an Executive Summary.• You are welcome to make assumptions for any
unknown facts as long as you support your assumptions.• The Title Page, Table of
Contents and References page(s) don’t count in your 15 page minimum!!!