ï»¿Application of Risk Management
As an IT manager of YieldMore Company, it is our responsibility to analyze all of the risks as well as the threat/vulnerability pairs, and decide what kinds of risk management techniques will reduce the chances of vulnerabilities being exploited. We want to ensure that the risk management techniques that we choose to use will bring the greatest amount of security for the seven domains.
The user domain has risks related to lack of training employees in areas of general security knowledge. Visiting risky websites, opening infected emails or bringing infected files carelessly on their USB can result in a nightmare of security issues. To counteract this sort of risk, we will use mitigation in order to control certain restrictions for employees such as not being able ...view middle of the document...
The LAN domain is the area inside the firewall. Each individual device must be protected. Data transferred within the LAN isnâ€™t protected as thoroughly as if it were sent outside the LAN. This leads to a vulnerability of packet sniffing. Another vulnerability that needs to be mitigated in the LAN domain is preventing rogue users from unauthorized WLAN access.
A high level of security is required to keep the LAN-to-WAN Domain safe. The public side of the boundary is often connected to the Internet and has public IP addresses. These IP addresses are accessible from anywhere in the world, and attackers are constantly probing public IP addresses. The biggest vulnerability pair that needs to be mitigated in this domain is preventing a hacker from penetrating the IT infrastructure.
For many businesses, the WAN is the Internet. However, a business can also lease semiprivate lines from private telecommunications companies. Any host on the Internet with a public IP address is at significant risk of attack. Moreover, it is fully expected that any host on the Internet will be attacked. The WAN domain requires the risk management technique of acceptance because we know that this domain is the area that we have the least amount of control over.
The system/application domain requires transference risk management techniques in order to have insurance of information being shared through servers, or we have the possibility to outsource these servers and applications for an increase in security for this domain.
A hacker breaking in from the Internet would impact the remote access domain. Attackers can access unprotected connections. The likelihood of this type of attack happening is high. They can also try to break into the remote access servers. Using a VPN is an example of mitigation control to lessen the risk. But VPNs have their vulnerabilities, too.