APPLICATION OF RISK MANAGMENGT TECHNIQUES Essay

In my opinion Windows Vista is a champion or the most lack OS when compargond to Windows 7. All desk drop deads connect to an sedulousness standard switch via an Ethernet c qualified. While this can be a run a fortune, it is non a major venture. The two large issue facilities argon attached to the headquarters via an external ISP. Even with the firew in alls in place, at that place is no duty if the connection they contract is in use by anyone else. I would pop the question contacting the ISP and verifying if the connection is shared with early(a) users and take further exertion depending on their answer. The sales personnel connect via VPN software package, but use their man-to-man internet connection, usually out of their crustal plate office. This can be very dangerous as they do non fall under the back of protection offered by the bigger offices and their terminals are at greater risk to be infected by a malicious user. The core fancy of pr thus farting risk i s to safeguard the information stored on the database server.The workers and customers of the fellowship have individual(a) information stored there and the loss or leak of the data could be disaster to the beau monde. I suggest the changes to be made to mitigate the risk of any unwanted personnel to gaining access to the network. There is not a lot of information given about the entirety of the network, so a great deal of this may not be necessary or already in place. I will use the relief risk technique for the Desktops/ topical anaesthetic LAN. Since the network is maintained via Active Directory, the company should implement workgroups/user groups and take hold what workers have access to if a program, file, or other application is not part of a workers job, they have no reason to be able to access that file/application/etc. At the same clock the workers should go through annual (if not bi-annual) information tribute education that understands how to protect their works tations, understand security policies and why they are in place.The company should in addition en received that their switches, routers, and firewalls are always up to date on the latestpatches. Another risk that the company has is the External ISP Line, since the company is relying on an outside source to provide network connection amongst the production facilities and their headquarters the best way to approach this risk is also with the mitigation technique. I understand the company is small and if they cant front man the hail of their own line, they should be absolutely sure that no other users are gaining access to the line that is organism provided for them. On top of that they should bowdlerise the technical environment by adding intrusion detection systems and ensuring all security features are always up to date. If possible I would suggest investment funds into a private line that they control to check out security between the three sites, however outside of the initi al investment there would also need to be maintenance costs. As long as the company can ensure the line theyre currently using is secure, Id recommend continue use as it is the less cost intensive. Another risk to look at is the Remote Users / Home Offices. This risk is critical as they are the most likely to be targeted for an attack. reasonable like the previous two risks, Id recommend a mitigation technique to lower this risk.The remote users only use software to connect to the companys VPN, on their own ISP connection, in their home office. To start I would recommend a two-factor authentication to successfully logarithm on to the VPN so even if the computer is stolen or infected, its restrained relatively safe. At the same time since these are sales harmonizes, I would recommend using a hard drive lock barely like the previous reason, if the computer is stolen, the ability to glean information would be hampered. If the company can handle the expense they should look into pur chasing a secure VPN from each sales associates ISP, this would help ensure that there wouldnt be any outside eyes gleaning information from the sales associate connecting to the company. Using Active Directory, the sales associates terminal should be scanned to make sure all security implements are current and if not, they should be updated before being allowed to connect to the company network. This can help prevent malicious enroll being introduced to the company network. One topic that caught my attention is that there are three servers at Headquarters with very few uses. One thing that worries me is the possibility of no redundancy. If the Active Directory Server went down, no one would be able to access the network.Each server role should have redundancy to fill in if the primary server is to fail, this will helpensure the company is running efficiently, even during a server problem. This should be unploughed in mind as the company has sales representatives in all fifty st ates while the headquarters are in Indiana. So even in a standard eight hour day (9AM 5PM), there is still three hours of work to people on the west coast. If the servers were to go down, those sales reps would not be able to work effectively. On top of redundancy the company should look into some sort of accompaniment. They have a lot of information and while its important to protect it, its also important to make sure its not lost. For a backup, Id recommend a transfer technique. There are many backups services available at an affordable price. To go with the backup I would recommend backing up the information at least once a week to ensure if work is lost, the company does not fall too far behind.