CI7130 - Security Assessment and Business Continuity Plan - AMC
VerifiedAdded on 2023/06/15
|18
|4505
|323
Report
AI Summary
This report assesses the security infrastructure of AMC Pvt. Ltd., utilizing the OCTAVE methodology to identify critical assets, vulnerabilities, and potential threats. It details the process of building asset-based threat profiles, identifying infrastructure vulnerabilities, and developing security strategies and risk mitigation plans. A prioritized list of issues is presented, categorized by severity. Furthermore, the report includes a business continuity plan outlining measures for maintaining operations during disruptions, including a description of the continuity plan and a security policy. The document emphasizes the importance of safeguarding critical assets, securing organizational resources, and establishing a robust network model to mitigate risks effectively. Desklib offers a wide range of study tools and past papers for students.
Running head: NETWORK AND INFORMATION SECURITY
Network and Information Security: Security Assessment
Report and Business Continuity Plan for AMC Pvt. Ltd.
Name of the Student
Name of the University
Author’s Note
Network and Information Security: Security Assessment
Report and Business Continuity Plan for AMC Pvt. Ltd.
Name of the Student
Name of the University
Author’s Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
NETWORK AND INFORMATION SECURITY
Executive Summary
The report is prepared for an AMC Pvt. Ltd. for the evaluation of the current security policy and
the activity of the organization for maintaining business continuity. The risk associated with the
development of the network framework for the organization is analyzed for the preparation of
the report. The octave methodology is applied for the analysis of the risk and establishment of a
risk measurement criteria. A profile is created listing the assets of AMC Pvt. Ltd. and the
information asset container should be identified for identification of the areas of concern. The
threat is also analyzed based on the scenario for the identification and the analysis of the risk.
On successful identification of the risk a risk mitigation approach is applied for reducing the risk
associated with the development of the information security network. The security measures
that should be applied for the development of the network solution are given in the report. The
critical assets of AMC Pvt. Ltd. that is needed to be safeguarded for the reducing the risk of
security breach is also listed in the report. The vulnerability of the assets and the threats are
identified for securing the organizational resources from unauthorized access and choose a
network model and configure the devices according to the needs of the organization. For the
development of the network solution a project plan should be created including the list of
hardware required and scheduling the task for preparation of the network solution. A business
continuity plan is prepared for the creation of a backup solution for handling emergency
condition. A backup server can be deployed for backing up the data and securing the client
data.
NETWORK AND INFORMATION SECURITY
Executive Summary
The report is prepared for an AMC Pvt. Ltd. for the evaluation of the current security policy and
the activity of the organization for maintaining business continuity. The risk associated with the
development of the network framework for the organization is analyzed for the preparation of
the report. The octave methodology is applied for the analysis of the risk and establishment of a
risk measurement criteria. A profile is created listing the assets of AMC Pvt. Ltd. and the
information asset container should be identified for identification of the areas of concern. The
threat is also analyzed based on the scenario for the identification and the analysis of the risk.
On successful identification of the risk a risk mitigation approach is applied for reducing the risk
associated with the development of the information security network. The security measures
that should be applied for the development of the network solution are given in the report. The
critical assets of AMC Pvt. Ltd. that is needed to be safeguarded for the reducing the risk of
security breach is also listed in the report. The vulnerability of the assets and the threats are
identified for securing the organizational resources from unauthorized access and choose a
network model and configure the devices according to the needs of the organization. For the
development of the network solution a project plan should be created including the list of
hardware required and scheduling the task for preparation of the network solution. A business
continuity plan is prepared for the creation of a backup solution for handling emergency
condition. A backup server can be deployed for backing up the data and securing the client
data.
2
NETWORK AND INFORMATION SECURITY
Table of Contents
1. Security Assessment report.........................................................................................3
1.1. Building asset based threat profiles.......................................................................3
1.2. Identification of the infrastructure vulnerability.......................................................5
1.3. Development of security strategy and risk mitigation plans....................................6
1.4. Prioritized list of issues..........................................................................................7
2. Business Continuity Plan..............................................................................................9
2.1. Introduction............................................................................................................ 9
2.2. Description of the Continuity Plan..........................................................................9
2.3. Security Policy.....................................................................................................12
References..................................................................................................................... 14
NETWORK AND INFORMATION SECURITY
Table of Contents
1. Security Assessment report.........................................................................................3
1.1. Building asset based threat profiles.......................................................................3
1.2. Identification of the infrastructure vulnerability.......................................................5
1.3. Development of security strategy and risk mitigation plans....................................6
1.4. Prioritized list of issues..........................................................................................7
2. Business Continuity Plan..............................................................................................9
2.1. Introduction............................................................................................................ 9
2.2. Description of the Continuity Plan..........................................................................9
2.3. Security Policy.....................................................................................................12
References..................................................................................................................... 14
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
NETWORK AND INFORMATION SECURITY
1. Security Assessment report
The security assessment report is prepared following the octave methodology and the
different criteria for the analysis of the risk is applied for the development of the risk mitigation
plan. The octave methodology is applied because it is the best suited risk analysis method for
AMC Pvt. Ltd. having more than 300 employees working in the organization. For the
identification of the risk the following three phases are used.
1.1. Building asset based threat profiles
Process 1: Determination of critical assets and how they are currently protected
The assets can be identified according to the information assets, software assets,
physical assets and services.
The information assets can be of different form such as the customer information,
accounts information, employee information, etc. The database server contains all the
organizational information of AMC Pvt. Ltd. and its confidentiality and the integrity is maintained
for maintaining the availability of data (21). The data files needs to be updated at a real time and
detailed instruction must be provided for the performing different activities on the network. The
old information in the database needs to be archived for saving space and maintain backup of
the data.
The software assets are divided into two types such as application and system software.
The application software is used for the implementation of the business rules and use of third
party application software must be avoided because it can cause a flaw in the system and the
intruder can get the access of the network by entering through an open port (4). The system
software is such as DBMS, office productivity packages must be updated regularly with security
patches.
NETWORK AND INFORMATION SECURITY
1. Security Assessment report
The security assessment report is prepared following the octave methodology and the
different criteria for the analysis of the risk is applied for the development of the risk mitigation
plan. The octave methodology is applied because it is the best suited risk analysis method for
AMC Pvt. Ltd. having more than 300 employees working in the organization. For the
identification of the risk the following three phases are used.
1.1. Building asset based threat profiles
Process 1: Determination of critical assets and how they are currently protected
The assets can be identified according to the information assets, software assets,
physical assets and services.
The information assets can be of different form such as the customer information,
accounts information, employee information, etc. The database server contains all the
organizational information of AMC Pvt. Ltd. and its confidentiality and the integrity is maintained
for maintaining the availability of data (21). The data files needs to be updated at a real time and
detailed instruction must be provided for the performing different activities on the network. The
old information in the database needs to be archived for saving space and maintain backup of
the data.
The software assets are divided into two types such as application and system software.
The application software is used for the implementation of the business rules and use of third
party application software must be avoided because it can cause a flaw in the system and the
intruder can get the access of the network by entering through an open port (4). The system
software is such as DBMS, office productivity packages must be updated regularly with security
patches.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
NETWORK AND INFORMATION SECURITY
The physical assets of AMC Pvt. Ltd. can be tangible or intangible and it consists of
different computer equipment’s such as mainframe computers, servers, notebooks, desktops.
There are different storage media and communication equipment’s such as modems, routers,
fax machines, CDs, etc (16).
Process 2: Identification of security requirement for the critical assets
There is a need to establish the accountability of the assets and the fixed assets of
AMC Pvt. Ltd. should be maintained in a list for calculating the depreciation of the assets. The
ownership of the assets must be established for increasing the accuracy of the calculation of the
assets. The establishment of the ownership is a difficult job and if there is a change in the
information the database must be updated (9). The business heads must be involved for
addition of the ownership and should be given the power of decide the business value. It is
essential to identify the business value of the asset for the development of the security
requirement. The owner of the application software should also be identified for aligning the
software according to the business rules of the AMC Pvt. Ltd. (7). The ownership of the system
software should be identified for defending the organization from piracy.
Process 3: Identification of the organizational vulnerabilities within existing practices
There are different services such as outsourcing the maintenance and support team,
communication services such as data and voice communication. There are other environmental
services such as air conditioning, lightning and power supply. Assessment of the onsite
component and completion within the scheduled time period.
Examination of different strategy for the application in the development process and
handling the incidents and potential threats and increasing the safety of the workplace
environment.
NETWORK AND INFORMATION SECURITY
The physical assets of AMC Pvt. Ltd. can be tangible or intangible and it consists of
different computer equipment’s such as mainframe computers, servers, notebooks, desktops.
There are different storage media and communication equipment’s such as modems, routers,
fax machines, CDs, etc (16).
Process 2: Identification of security requirement for the critical assets
There is a need to establish the accountability of the assets and the fixed assets of
AMC Pvt. Ltd. should be maintained in a list for calculating the depreciation of the assets. The
ownership of the assets must be established for increasing the accuracy of the calculation of the
assets. The establishment of the ownership is a difficult job and if there is a change in the
information the database must be updated (9). The business heads must be involved for
addition of the ownership and should be given the power of decide the business value. It is
essential to identify the business value of the asset for the development of the security
requirement. The owner of the application software should also be identified for aligning the
software according to the business rules of the AMC Pvt. Ltd. (7). The ownership of the system
software should be identified for defending the organization from piracy.
Process 3: Identification of the organizational vulnerabilities within existing practices
There are different services such as outsourcing the maintenance and support team,
communication services such as data and voice communication. There are other environmental
services such as air conditioning, lightning and power supply. Assessment of the onsite
component and completion within the scheduled time period.
Examination of different strategy for the application in the development process and
handling the incidents and potential threats and increasing the safety of the workplace
environment.
5
NETWORK AND INFORMATION SECURITY
Management of the stakeholder’s identification of the requirement for the development of
the network solution (3).
The strength and weakness of the network should be identified for the development of
the network framework and align the needs with the proposed network design
For the assessment of the vulnerability interviews must be arranged with the
stakeholders and their behavior and participation should be analyzed for identification of the
behavior issues.
Process 4: Creation of a threat profile for the critical assets
For the development of the network solution it is important to identify the critical assets
and their usage pattern for reducing the risk associated with the security of the network solution.
The policy and the guidelines should be assessed and the respondents to any of the incidents
should be identified for increasing the performance and addressing the threats acting on the
network. Security training programs must be arranged for the faculty and the staffs such that the
network and the other resources are used wisely and the responsibility should be understood by
the users for management of a safe workplace environment (14). For the identification and the
classification of the assets an organized structure is created and it helps in getting a better
direction and administrative control over the network solution created for the AMC Pvt. Ltd.
1.2. Identification of the infrastructure vulnerability
Process 5: Identification of network access paths and IT components related to the
critical assets
It is important to create a classification level following the confidentiality, value, right to
access and the destruction level. The confidentiality is maintained for restricting a specific group
of users to access the sensitive organizational information such as manufacturing secrets,
plans, etc. It is maintained based on different factors such as confidential, only for company,
NETWORK AND INFORMATION SECURITY
Management of the stakeholder’s identification of the requirement for the development of
the network solution (3).
The strength and weakness of the network should be identified for the development of
the network framework and align the needs with the proposed network design
For the assessment of the vulnerability interviews must be arranged with the
stakeholders and their behavior and participation should be analyzed for identification of the
behavior issues.
Process 4: Creation of a threat profile for the critical assets
For the development of the network solution it is important to identify the critical assets
and their usage pattern for reducing the risk associated with the security of the network solution.
The policy and the guidelines should be assessed and the respondents to any of the incidents
should be identified for increasing the performance and addressing the threats acting on the
network. Security training programs must be arranged for the faculty and the staffs such that the
network and the other resources are used wisely and the responsibility should be understood by
the users for management of a safe workplace environment (14). For the identification and the
classification of the assets an organized structure is created and it helps in getting a better
direction and administrative control over the network solution created for the AMC Pvt. Ltd.
1.2. Identification of the infrastructure vulnerability
Process 5: Identification of network access paths and IT components related to the
critical assets
It is important to create a classification level following the confidentiality, value, right to
access and the destruction level. The confidentiality is maintained for restricting a specific group
of users to access the sensitive organizational information such as manufacturing secrets,
plans, etc. It is maintained based on different factors such as confidential, only for company,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
NETWORK AND INFORMATION SECURITY
shared or unclassified (13). Some of the information are kept in the database for the use of
organizational purpose such as the customer database and manufacturing process. Some of
the resources could be shared and the contact information should be shared with the agents
and the employees for maintaining a proper communication management plan. The information
should be secured because the information can be used by competitors for illegal use. The
infrastructure of AMC Pvt. Ltd. is analyzed for the identification of the critical assets and
identification of the vulnerability of the assets. There is different potential impact than can
negatively impact the growth of the AMC Pvt. Ltd. The risk with higher score have higher impact
and it should be prioritized for the creation of a risk mitigation plan. The threat scenario is used
as a threat tree and there are different technical problems related with the access of the network
resources. Different problem may arise that is required to be controlled by the organization and
the unavailability of the critical infrastructure can mitigate the problem.
Process 6: Evaluation of the IT components
It is important to implement a classification schema for the easy identification of the
resources required for the development of the network solution. The business plan of the
company should be analyzed and it should be protected from illegal access. The business plan
should be discussed confidentially (8). The communication channel used for communicating
with the stakeholders must be encrypted and strong passwords must be used for protecting the
assets and monitored for increasing the security.
1.3. Development of security strategy and risk mitigation plans
Process 7: Conducting the risk analysis
There are several risk associated with the development of the network security
information system and the risk may arise from different sources and its impact should be
analyzed for the preparation of the risk mitigation plan. The assessment of risk is important for
NETWORK AND INFORMATION SECURITY
shared or unclassified (13). Some of the information are kept in the database for the use of
organizational purpose such as the customer database and manufacturing process. Some of
the resources could be shared and the contact information should be shared with the agents
and the employees for maintaining a proper communication management plan. The information
should be secured because the information can be used by competitors for illegal use. The
infrastructure of AMC Pvt. Ltd. is analyzed for the identification of the critical assets and
identification of the vulnerability of the assets. There is different potential impact than can
negatively impact the growth of the AMC Pvt. Ltd. The risk with higher score have higher impact
and it should be prioritized for the creation of a risk mitigation plan. The threat scenario is used
as a threat tree and there are different technical problems related with the access of the network
resources. Different problem may arise that is required to be controlled by the organization and
the unavailability of the critical infrastructure can mitigate the problem.
Process 6: Evaluation of the IT components
It is important to implement a classification schema for the easy identification of the
resources required for the development of the network solution. The business plan of the
company should be analyzed and it should be protected from illegal access. The business plan
should be discussed confidentially (8). The communication channel used for communicating
with the stakeholders must be encrypted and strong passwords must be used for protecting the
assets and monitored for increasing the security.
1.3. Development of security strategy and risk mitigation plans
Process 7: Conducting the risk analysis
There are several risk associated with the development of the network security
information system and the risk may arise from different sources and its impact should be
analyzed for the preparation of the risk mitigation plan. The assessment of risk is important for
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
NETWORK AND INFORMATION SECURITY
the risk management process and security practices must be followed such as the compliance
of the standards of the hardware devices installed for the development of the information
system (10). There are other risk associated with the involvement of the third party users for the
development of the information system. The risk is determined by identification of the impact
and is categorized into high, medium and low.
Process 8: Development of protection strategy and mitigation plan
Risk Description Priority
levels
Relevant risk Risk cause Mitigation
Losing the
confidentiality and
integrity of the
resources of the
network that can affect
the organizational
growth negatively (2).
The attack
from different points
can cause access of
the sensitive
organizational
information that can
cause loss of the
organizational
information.
High The risk is
caused for the
data and the
physical
environment.
Malicious
and
sabotage
attacks
For the mitigation of the risk
the web server needs to be
configured and antivirus
program must be installed for
protecting the system from
spyware and virus.
The malicious codes can be by
hackers to launch DoS attack
and fetch all the data (1).
A strong username and
password should be used for
increasing the security and
protect the data from illegal
access.
NETWORK AND INFORMATION SECURITY
the risk management process and security practices must be followed such as the compliance
of the standards of the hardware devices installed for the development of the information
system (10). There are other risk associated with the involvement of the third party users for the
development of the information system. The risk is determined by identification of the impact
and is categorized into high, medium and low.
Process 8: Development of protection strategy and mitigation plan
Risk Description Priority
levels
Relevant risk Risk cause Mitigation
Losing the
confidentiality and
integrity of the
resources of the
network that can affect
the organizational
growth negatively (2).
The attack
from different points
can cause access of
the sensitive
organizational
information that can
cause loss of the
organizational
information.
High The risk is
caused for the
data and the
physical
environment.
Malicious
and
sabotage
attacks
For the mitigation of the risk
the web server needs to be
configured and antivirus
program must be installed for
protecting the system from
spyware and virus.
The malicious codes can be by
hackers to launch DoS attack
and fetch all the data (1).
A strong username and
password should be used for
increasing the security and
protect the data from illegal
access.
8
NETWORK AND INFORMATION SECURITY
1.4. Prioritized list of issues
The risk associated with the network and the information system are categorized
according to its severity and categorized as critical, major, normal and minor.
Critical issues
- Bugs in the information system causing corruption and loss of the stored data
- Exposing the vulnerability of the security
- Test failure caused as there is no support for the testing environment (5)
- Regression in the developer and user experience and
- Memory error that can make the application impossible to install and reduce the
performance
Major issues
- Interference of the normal accounts with the admin account for the management of the
information residing in the database of the information system.
- Triggering an error generated in PHP via the interface and affecting a small percentage
of users
- Rendering of a feature that is unusable for the workaround
- Loss of the user input but no deletion or corruption of the data (3).
- Causing failure of the test and non-supportability of the automated testing platform.
Normal issues
- Improvement of the naming class
- Cleaning and attaching a new css
- Request for new features from the user end
Minor issues
NETWORK AND INFORMATION SECURITY
1.4. Prioritized list of issues
The risk associated with the network and the information system are categorized
according to its severity and categorized as critical, major, normal and minor.
Critical issues
- Bugs in the information system causing corruption and loss of the stored data
- Exposing the vulnerability of the security
- Test failure caused as there is no support for the testing environment (5)
- Regression in the developer and user experience and
- Memory error that can make the application impossible to install and reduce the
performance
Major issues
- Interference of the normal accounts with the admin account for the management of the
information residing in the database of the information system.
- Triggering an error generated in PHP via the interface and affecting a small percentage
of users
- Rendering of a feature that is unusable for the workaround
- Loss of the user input but no deletion or corruption of the data (3).
- Causing failure of the test and non-supportability of the automated testing platform.
Normal issues
- Improvement of the naming class
- Cleaning and attaching a new css
- Request for new features from the user end
Minor issues
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
NETWORK AND INFORMATION SECURITY
- Type error in the code and comment
- Formatting of the codes and use of whitespace.
2. Business Continuity Plan
2.1. Introduction
For the development of the business continuity plan the risk that can have a negative
impact on the growth of the current business are determined. This step is followed by the
determination of the important tasks which is required for the mitigation of the risk. The people
and the tools required for the development of the network and information security should be
identified. The business continuity plan should consists of all the details of the stakeholders and
their contact information. The details of the office, backups and the disaster recovery plans
should also be included for the development of the business continuity plan. The recovery
strategies should be documented in the plan and it helps AMC Pvt. Ltd. to respond quickly
against the disruption and restore the essential services. The main objectives of the business
continuity plan is to identify the procedures and arrangements for maintaining a continuous
improvement and respond against the critical business functions.
2.2. Description of the Continuity Plan
The business continuity plan is used for maintaining a constant growth in AMC Pvt. Ltd.
and handle the emergency condition such that the all the potential threats are avoided. All the
potential threats must be analyzed the business continuity plan consists of the following items.
- Analyzing the threats related to the organization.
- Listing the primary task that are required for maintain a flow of the organizational
operation.
- Location of the contact information easily (12)
- Disaster recovery plan for handling the emergency conditions
NETWORK AND INFORMATION SECURITY
- Type error in the code and comment
- Formatting of the codes and use of whitespace.
2. Business Continuity Plan
2.1. Introduction
For the development of the business continuity plan the risk that can have a negative
impact on the growth of the current business are determined. This step is followed by the
determination of the important tasks which is required for the mitigation of the risk. The people
and the tools required for the development of the network and information security should be
identified. The business continuity plan should consists of all the details of the stakeholders and
their contact information. The details of the office, backups and the disaster recovery plans
should also be included for the development of the business continuity plan. The recovery
strategies should be documented in the plan and it helps AMC Pvt. Ltd. to respond quickly
against the disruption and restore the essential services. The main objectives of the business
continuity plan is to identify the procedures and arrangements for maintaining a continuous
improvement and respond against the critical business functions.
2.2. Description of the Continuity Plan
The business continuity plan is used for maintaining a constant growth in AMC Pvt. Ltd.
and handle the emergency condition such that the all the potential threats are avoided. All the
potential threats must be analyzed the business continuity plan consists of the following items.
- Analyzing the threats related to the organization.
- Listing the primary task that are required for maintain a flow of the organizational
operation.
- Location of the contact information easily (12)
- Disaster recovery plan for handling the emergency conditions
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
NETWORK AND INFORMATION SECURITY
- Backing up of data and information at remote location
- Collaboration of all the business components of the organization
The business continuity plan is used for reducing the injury and protect AMC Pvt. Ltd.
assets from damage for reducing the losses and damages of the business functions. A
communication should be maintained between the stakeholders for coordinating with each other
and executing for the recovery (6). A project schedule should be created for the management of
the activity and each of the steps should be monitored for the reducing the error in the
development of the information system and the network solution. For the involvement of the
third party vendor all the information must be included such as the contact information, the
ability to recover and the service provided for maintaining a transparency in the current business
process (13). The communication is the key point of success, thus all the details of the
stakeholders and the vendors must be maintained.
Temporary facilities should be provided to the employees such as providing support to
the employees and alternative course of action should be identified for handling the crisis. If
there is a change in the business operation the business continuity plan should be updated for
reducing the errors (17). A management team should be created for the management of the
current business operations and the team roles and responsibility should be divided for analysis
of the business impact. A questionnaire should be developed for gathering the input from the
users and understanding the necessity of the users for the development of the information
security network (23). The progress of the project should be discussed with the stakeholders
with the arrangement of weekly meetings and getting the approval of the stakeholders for
finalizing the requirement of the project. The leading responsibility should be taken by the
response team for handling the emergency condition and respond to the crisis. For the
activation of the business continuity plan the following procedures must be followed:
Condition for warning –
NETWORK AND INFORMATION SECURITY
- Backing up of data and information at remote location
- Collaboration of all the business components of the organization
The business continuity plan is used for reducing the injury and protect AMC Pvt. Ltd.
assets from damage for reducing the losses and damages of the business functions. A
communication should be maintained between the stakeholders for coordinating with each other
and executing for the recovery (6). A project schedule should be created for the management of
the activity and each of the steps should be monitored for the reducing the error in the
development of the information system and the network solution. For the involvement of the
third party vendor all the information must be included such as the contact information, the
ability to recover and the service provided for maintaining a transparency in the current business
process (13). The communication is the key point of success, thus all the details of the
stakeholders and the vendors must be maintained.
Temporary facilities should be provided to the employees such as providing support to
the employees and alternative course of action should be identified for handling the crisis. If
there is a change in the business operation the business continuity plan should be updated for
reducing the errors (17). A management team should be created for the management of the
current business operations and the team roles and responsibility should be divided for analysis
of the business impact. A questionnaire should be developed for gathering the input from the
users and understanding the necessity of the users for the development of the information
security network (23). The progress of the project should be discussed with the stakeholders
with the arrangement of weekly meetings and getting the approval of the stakeholders for
finalizing the requirement of the project. The leading responsibility should be taken by the
response team for handling the emergency condition and respond to the crisis. For the
activation of the business continuity plan the following procedures must be followed:
Condition for warning –
11
NETWORK AND INFORMATION SECURITY
With and without warning
If a warning is received a notification should be generated for implementation of risk
mitigation plan and reduce the errors in the project.
If no warning is received the risk that may affect the system should be analyzed
according to the severity and different defense mechanism such as configuration of the router
with firewall policy should be applied (20). The monitoring of the network is important for the
generation of the alert and secure the network and the information system from unauthorized
access.
Identification of the potential disaster status
For the identification of the potential disaster status the following criteria should be evaluated.
Does the solution meets the potential threat regarding the safety of the employees?
Is there any requirement for including emergency service for the development of the
project?
Is there any actual loss of workforce and IT/ network?
Control and Direction
The success of the development of the network and information security system
depends on the management and on the availability of the resources (24). The project manager
should monitor the progress of the development of the network and arrange the resources
required for the development. An estimation of the cost of the equipment required should be
prepared for the calculation of the budget. A team should be developed for starting the
development process and roles and responsibility must be assigned for reducing the risk. The
control on the project team must be maintained such that the project is completed within the
estimated time and budget. A communication plan should be prepared such that it prevents the
NETWORK AND INFORMATION SECURITY
With and without warning
If a warning is received a notification should be generated for implementation of risk
mitigation plan and reduce the errors in the project.
If no warning is received the risk that may affect the system should be analyzed
according to the severity and different defense mechanism such as configuration of the router
with firewall policy should be applied (20). The monitoring of the network is important for the
generation of the alert and secure the network and the information system from unauthorized
access.
Identification of the potential disaster status
For the identification of the potential disaster status the following criteria should be evaluated.
Does the solution meets the potential threat regarding the safety of the employees?
Is there any requirement for including emergency service for the development of the
project?
Is there any actual loss of workforce and IT/ network?
Control and Direction
The success of the development of the network and information security system
depends on the management and on the availability of the resources (24). The project manager
should monitor the progress of the development of the network and arrange the resources
required for the development. An estimation of the cost of the equipment required should be
prepared for the calculation of the budget. A team should be developed for starting the
development process and roles and responsibility must be assigned for reducing the risk. The
control on the project team must be maintained such that the project is completed within the
estimated time and budget. A communication plan should be prepared such that it prevents the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.