Vulnerability Assessment and Risk Management for Business Continuity
Added on -2019-09-22
This article discusses vulnerability assessment, risk management, and access control mechanisms for securing data and ensuring business continuity. It covers infrastructure requirements, proposed solutions, and problem solutions. The article also includes a bibliography of related research.
| 7 pages
| 2478 words
| 153 views
Trusted by 2+ million users, 1000+ happy students everyday
Table of ContentsIntroduction2Part 1: Vulnerabilities Assessment3Bibliography 7
IntroductionVulnerability assessment should be a major part of the security system. If a organizationmade changes to the existing system or updates the system then possibility of vulnerability more.It should be often tested by the vulnerability testing team. Vulnerability assessment allows toidentify the spot of the threat in the infrastructure and to prioritize risk. Vulnerability assessmentis done by using both manual and the automated method. To obtain the accurate results, securityprofessionals follow the industry standard Open Source Security Testing Methodology Manual(OSSTMM). Infrastructure Requirements:The network system holds the infrastructure that it can handle error in change of the network. Ifthe system is affected by the patch management process then the whole network should bepassed and it should recover the data from the server automatically. The network should be ableto adopt the available network and manage the change if the server has no active request andresponse. It can be managed with the backup of data which is available in the server. If the activeuser of the servers is active by the more number of users they can make lot of transaction on thewebsite. The network must able to take snapshot of the database and should enter the log of theserver so that any changes made in the network would be traceable.Proposed solution:Some of the vulnerabilities such as missing security pack, Trojan horse, backdoors, denial ofservice attack, root kit and default accounts are frequently uncovered. These vulnerabilitiesshould be found and solved. This process can be done by manually or automatically. For thisassessment best software should be found to obtain the accurate result. Problem solution:Nessus is an open source used as a vulnerability scanner where the scanning is done based onsignature based detection. It is used for vulnerability assessment and for creating the securityawareness. Security professionals, Red Hat and White hat use these tools to test the vulnerability.It is considered to be the best out of all other scanners because it is available for free. So any onecan download and use this software. There are few plugins which can be used for the recent typeof vulnerabilities. The installation and usage of the software is easy for the users.Security policy Requirements:If network system is accessible the security policy should be invoked. The system should havehierarchy of access in the network. Not all the people can fix the fault that occurs in the systemonly some of the people are able to do the operation process. The security is needed in theenvironment where the security of the physical infrastructure will be low. So the system shouldbe secured in every region. For example, a bank will have many branches based on their type of
region. In urban are the number of visitors in the bank will be more so that the security in thebank will be more while in sub urban areas in the same branch the security of the system mightnot be tight because of the less people visiting the bank. So like that the threat can be occur. Ifthere number of access to the system is more, threats may occur. If the hacker exploits thesethings the system could be compromised. Proposed solution:When the network change happens in the network the system, save the data and won’t let theserver to change the data. Now the local copy of the data is created and it can be compared withthe data saved in the server which is the original data. The changes are measured and the datacan be updated. When the patch management gets updated and the network is running normalthey can update the data with the compared value of the active data with recent transaction ofdata. Only some changes might be needed but this will be secured. Because there will not be anyconflict in the data because the pervious data is been locked which is transacted recently. Wewill have to wait for the data to get update. There is no threat in conflict error because everythingis checked after the conformation. The changed data in the recent data are changed in the lockdata so no redundancy will come and data will be secured.Problem Solution: People who need to access these networks should follow necessary protocol in order to increasethe security in the network. For example person should not take any electronic items to the bankand the clearance ID card should be checked all the time. Person other than an employee shouldnot use other system without proper permission. Changes done by the employee should be notedin the log every time. So that if something happens due to changes in the system could be easilysolved.Risk management Requirements:Risk management should have risk bearing capacity in order to prevent the organization from thematerial risk. Strategies should be determined based on appropriate process such as identifying,accessing, communicating and monitoring risk. Organization should take care of selecting themethod for risk bearing capacity. Some of the requirement of the risk is unpredictable because ofthe how the preparation is done. For example: consider a liquidity risk, a risk which anorganization cannot meet their short term financial needs. The risk management is very muchnecessary because the risk may occur anytime in the system both at the starting of the project orthe ending of the project the system. It may occur anywhere but experts should be able torespond to the error automatically or it should be controlled by the expert who monitors thesystem. There might be a chance for the error to occur in the system.
Found this document preview useful?
You are reading a preview Upload your documents to download or Become a Desklib member to get accesss