logo

Risk Assessment on Network Infrastructure of CONVXYZ

This assignment requires conducting and documenting a risk assessment based on a given scenario in the field of Information Security Management.

27 Pages3351 Words91 Views
   

Added on  2023-01-19

About This Document

This report performs a risk assessment on the network infrastructure of CONVXYZ based on ISO 27005 standards. It includes mapping criteria on assets, identifying vulnerabilities, and determining likelihood and impact levels. The report also discusses risk management and assessment standards such as COBIT, ITIL, and ISO 27001.

Risk Assessment on Network Infrastructure of CONVXYZ

This assignment requires conducting and documenting a risk assessment based on a given scenario in the field of Information Security Management.

   Added on 2023-01-19

ShareRelated Documents
INFORMATION SECURITY MANAGEMENT
Name of the Student
Name of the University
Author Note
Risk Assessment on Network Infrastructure of CONVXYZ_1
1INFORMATION SECURITY MANAGEMENT
1. INTRODUCTION
In this report, a risk assessment will be performed on the network infrastructure of
CONVXYZ based on ISO 27005 standards. Fists of all the standards will be
reviewed in detail and according to that specific criteria’s will be mapped on the
given network infrastructure of CONVXYZ. First, the design specifies Owner
specification for the network. Now assets of the network classified according to
primary and secondary assets. The explanation for each of the assets provides a
collective explanation for a group of assets instead of explaining for each asset.
Along with that, one vulnerability for each asset defined. The vulnerabilities will
be taken from the
The report provides NVD online vulnerability database along with the official
CVE- number. Once the risks of the network are identified, Likelihood level
computation will be determined, using Boston gird, which will be followed by
Impact table specification.
- Risk management and risk assessment standards
Although there are various risk management and risk assessment standards,
when it is about managing risk in the context of IT infrastructure and network
security, three of the most widely used standards are COBIT, ITIL and ISO
27001.
Risk Assessment on Network Infrastructure of CONVXYZ_2
2INFORMATION SECURITY MANAGEMENT
AREA COBIT ITIL ISO27001
Mapping IT
Mapping IT
Information Security
Function Service Level
Process Framework
Management
Area 4 Process and 9 Process 10 Domain
34 Domain
Issuer ISACA OGC ISO Board
Implementation
Information Manage Service Compliance to security
System Audit Level standard
Accounting
IT Consulting firm,
Firm, IT IT Consulting
Consultant Security Firm,
Consulting firm
Network Consultant
Firm
However, among these three, ISO 27k standards that include standards like ISO 27001, ISO
27005 is most popular and widely used in the industry for risk management and risk
assessment. ISO 27001 and ISO 27005 provides various advantages such as:
Risk Assessment on Network Infrastructure of CONVXYZ_3
3INFORMATION SECURITY MANAGEMENT
It is only international security standards that provide an opportunity for information
auditing
It defines various requirements that are important for an information security
management system (ISMS). An ISMS consists of policies, procedures, processes,
and systems that are essential to managing information risks, such as cyber-crimes,
hacks, data hacks, and theft.
It provides assurance that if an organization has obtained ISO 27001 certifications, it
has integrated best procedures with its information security policy and strategy.
ISO standards provide assistance to organizations in avoiding penalties that are
associated with the data breach
It eliminates the need for frequent auditing
Provide compliance with business, legal, contractual and regulatory requirements
2. System parameters, table.
STAFF PC Windows 8, Intel i3, 8 GB RAM
Customer PC Windows 8, Intel i5, 8 GB RAM
Web servers CentOS 6.8 Enterprise Linux
x86 (Centos.org, 2019)
16 Core - AMD Processor
6376
16 GB RAM
RAID 1
SSD caching
Risk Assessment on Network Infrastructure of CONVXYZ_4
4INFORMATION SECURITY MANAGEMENT
Mail servers Windows Server 2008 R2
2 Intel E5-2670v3 12 Core/24
Thread 2.3Ghz 30Mb Cache
Processors
512 GB RAM
Internal drives - 256GB
External storage - 800GB
(Support.hostgator.com, 2019)
Authentication server Red Hat Enterprise Linux
(RHEL) 5 Advanced Platform
Disk Space for Server -
200MB
Memory for Server - 512MB
+ 256MB for GUI
Database server for vendor and buyer Processor – quad core
RAM - 4 GB RAM minimum
2 GB RAM minimum for a
web server
HDD - 40 GB minimum
recommended
Staff database 32-bit and 64-bit Oracle™ 10g
Microsoft Windows servers:
1 GHz processor minimum
Risk Assessment on Network Infrastructure of CONVXYZ_5
5INFORMATION SECURITY MANAGEMENT
Minimum of 2 GB RAM (8
GB or better is recommended)
free disk space 100 GB
minimum
Switch The Cisco SGE2000 24-Port Gigabit
Switch (Cisco.com, 2019):
Ports:
24 RJ-45 connectors for
10BASE-T/100BASE-TX/100
0BASE-T with 4 shared
Gigabit SFP slots
● Console port
Auto medium dependent
interface (MDI) and MDI
crossover (MDI-X)
Auto-negotiate/manual
setting
RPS port for connecting to
a redundant power supply unit
VLAN:
Port-based and 802.1Q tag-
based VLANs
● Protocol-based VLAN
● Management VLAN
Risk Assessment on Network Infrastructure of CONVXYZ_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Risk Assessment on Network of CONVXYZ
|16
|3227
|104

Policy Management | Overview of Models
|6
|1182
|24

Cybersecurity. task. Student name. Solution: one. Cyber
|3
|326
|72

Cyber security Planning and Compliance (pdf)
|11
|3109
|30

System Security Management
|6
|1504
|37

Security policy development and risk management Report 2022
|13
|2914
|21