Showing posts with label risk. Show all posts
Showing posts with label risk. Show all posts

DEVELOPING AN EFFECTIVE NETWORK SECURITY POLICY

DEVELOPING AN EFFECTIVE NETWORK SECURITY POLICY


A study reported by the U.S. General Accounting Office (GAO) (1996) found that the U.S. Department of Defense network computers are extremely vulnerable. A series of security attacks conducted by the Defense Information System Agency (DISA) revealed that of 38,000 attacks DISA could penetrate the protection and gain access to the network computers 65% of time. Of those successful attacks only 4% (988 attacks) were detected by the target organization. Furthermore, of those detected, only 27% (267 attacks) were actually reported to the appropriate security authority. Given the sophisticated computer network at the Department of Defense and the number of computer personnel involved, the statistics are alarming. The goal of network security is to provide maximum security with minimum impact on the user accessibility and productivity. The network

Read more »
No comments:
Labels: , , , , , , , , , , , , , ,

[ computer network ] Identifying the assets,

Identifying the assets,


What am I trying to protect?

Part of a risk analysis involves identifying all things that need to be protected. Some things are obvious, like the various pieces of hardware or cardholder data. Others are apt to be overlooked, such as people who actually have access to the systems. It is essential to list all things that could be affected by a security problem or potential threat. A list of categories should include:

1. Data. Stored online, archived off-line, backups, audit logs, databases, in transit over a communication media, during execution, and during delivery (physical or otherwise) This can include cardholder data, merchant specific data, ACH files, contract information, rate information, contact information, etc.

2. Supplies. Paper, forms ribbons, magnetic media.

3. Hardware. Including CPUS, keyboards, terminals, terminal servers, routers, firewalls, disk drives, communication lines, printers, personal computers and laptops. This should include not only the hardware used for actual processing, but also the hardware used to view data and access the data. This might also include hardware systems used for access to the facilities and systems (to-kens or smart cards).

Read more »
No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)