Information Technology Risk Assessment

Running head: INFORMATION TECHNOLOGY RISK ASSESSMENT 1

Name

Institution

INFORMATION TECHNOLOGY RISK ASSESSMENT 2

Information Technology Risk assessment

It is no doubt that IT managers live in an era of zero downtime. Apparently, there is a

high demand for a lightweight as well as low-touch IT infrastructure given the level at which the

business world and information technology are becoming interwoven. In this light, the credibility

of a business procedure can be heavily damaged as a result of the downtime. Additionally, the

overall reputation of a company can be at risk in case of such problem. Primarily, this makes a

risk assessment an important function for any particular IT department. This paper, therefore,

proposes to execute a risk assessment of IT infrastructure that servers an ESHOP. Essentially, the

ESHOP infrastructure that will be assessed in this paper will be the Firewall or Load Balancer.

To achieve this objective, BASE security assessment methodology will be applied. In a context

of a particular organization’s environment with rather able and sufficient resources, it is viable to

recommend the overall applicability of BASE as the subset instead of formal information to

guarantee program as well as infrastructure. The BASE methodology uses an ad-hoc style that is

directly appropriate for securing a basic network. Notably, this assessment protocol has the

following crucial stages baseline, audit and assess, securing environment, and evaluate and

educate.

Baseline

To be in a position of detecting abnormalities in a particular system, there is an urgent

need for a risk assessment team to establish the normal operational behavior of the system

(Rezvani, 2018). This is the basic purpose of involving baselining procedure, notwithstanding

the size or rather its complexity. After identifying the baseline and documenting it, there is a

chance of detecting the abnormality or a suspicious program where they are isolated in the

conduct of an audit. While there are various services, bandwidth, and applications that can be

INFORMATION TECHNOLOGY RISK ASSESSMENT 3

executed at this stage, it is important to consider network baselining and workstation host system

baseline.

Network Baseline

When baselining a network, there are certainly various areas to look and examine. Some

include visual and physical inspection of the hardware. Others are done through rudimental

bandwidth statistics which in some way prove very crucial in recognizing possible latency issues

(Rezvani, 2018). This involves checking whether the network devices are well connected and

placed in a location that cannot be tampered physically. It is essential to ensure that the quality

and size of the cables are adequate for the length of the run. Additionally, it is important to make

sure that there is adequate power to the devices. This involves checking if the UPS or rather the

power strips are used or shared (Underwood, Stryker, & Peterson, 2017). Another thing of

importance is the Host enumeration, where one determines the number and the type of host that

is connected to the network. The types of tools that can be used for enumeration include Nmap,

Amap, LAN-Guard, and Nessus (Rezvani, 2018). After this, one has to check at both the Hubs

and Firewalls configuration. To sum up the physical assessment, it would be crucial to check the

traffic pattern of the network. This will involve observing both the high and low usage of the

network.

Workstation Host System Baseline

Hosts are considered the most important devices that are found on a network and are the

primary productivity instrument for all the end users. Apparently, these are the most vulnerable

section since the process of daily utilization of a workstation involves shared files, messaging,

streaming, printing, and internet surfing (Underwood, Stryker, & Peterson, 2017). With this kind

of disclosure to potential traffic, there is a need of having a good understanding of the normal

workings of the workstation as it is the only way of detecting any anomalous behaviors in a

INFORMATION TECHNOLOGY RISK ASSESSMENT 4

system. For the purpose of assessment, one has to gather system information such as the type of

hardware configurations that are in use, the services installed, and the manner in which they are

configured. Notably, it is important to examine whether there are available network cables that

are occupied by the workstation. Noteworthy, one should check if there are set guidelines on the

permissions on the workstation that accommodates the staff in a firm and the level of

permissiveness (Rezvani, 2018). This involves updating a New Technology File System (NTFS)

and the file system permissions.

Primarily, it is also important to ensure that the service packs are up to date and that the

OS has current service packs and the necessary host files. This involves checking if there are any

available vendor applications such as the Internet Explorer that needs patching including

updating the antiviruses (Rezvani, 2018). At some point, the assessment team should determine

the normal endpoint communication or rather the overall workstation. Apparently, this will

involve checking the communication port that is outbound and those that are inbound.

Additionally, this will give insight on whether the workstation is knowingly or unknowingly

hosting a certain service that is not allowed or is not accepted on the managed server.

Audit and Assess

Audit

To do this, one has to make sure that they are connected to the target network and

define the IP address of the range that is to be enumerated. To maximize accuracy, all the hosts

have to be on the network. In this step, one can use the Cain and Abel principle for guidance

(Underwood, Stryker, & Peterson, 2017).

Assessment

At this point, a subsequent enumeration that belongs to the registered IP host will

be displayed and certainly, it will reveal an additional host. It is upon the assessment team to

INFORMATION TECHNOLOGY RISK ASSESSMENT 5

determine whether the IP address is authorized or not (Shakibazad & Rashidi, 2017).

Additionally, they will determine whether they have added any host to the user network,

therefore, they should document the added host and apply this result in future audits. In this case,

it is easy to know that there were some hosts that were not available. In case there are some

unknown devices, make sure the devices are assigned risks. The risk assigned should be high and

therefore should be reduced accordingly. In this case, one has to develop a mitigation plan.

BASE Flow Diagram

Establish a Procedural and

Technical Baseline

Perform Audit (Task)

Variance exists

from previous

result?

Assess details of the

variance. Assign risk

and develop

mitigation plan

Document Audit

as complete (per

task)

Secure the Environment

(Execute Mitigation Plan)

Evaluate changes and

Educate staff

Yes

INFORMATION TECHNOLOGY RISK ASSESSMENT 6

Develop a Mitigation Plan

The first step in this section is identifying the location of the host and recognizing its

actual identity while removing or reducing it as a threat. If it was an addition to the network, then

the change is represented. The tool used for this task is HP Jet or the Web-Admin (Shakibazad &

Rashidi, 2017).

Secure the Environment

By using HP Jet or the Web-Admin, they should be connected to printers while all the

protocols such as the Apple Talk or the IPX are turned off. Apparently, the admin password is

configured and printers prevented from alteration (Shakibazad & Rashidi, 2017). In the process,

the default SMMP string is changed thus reducing the risk of someone accessing the

configuration remotely.

Evaluate and Educate

Primarily, one has to apply the Super-Scan or rather LAN-Guard for validating the turned

off protocols. In case there are some things regarding the default Jet-Admin configuration which

is added in the correct way then the staff has to be informed accordingly (Shakibazad & Rashidi,

2017). This configuration can, therefore, be adopted as the standard protocol when installing a

new printer.

In the nutshell, it is evident that with the ever-increasing threats of cyber-attacks, there is

a need for every business organization to conduct a risk assessment procedure on a frequent

basis. This is certainly the only way to eradicate malicious or unwanted users accessing private

files in a firm. For this purpose, B.A.S.E assessment methodology is tipped to be among the best

tool.

INFORMATION TECHNOLOGY RISK ASSESSMENT 7

References

Rezvani, M. (2018). Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud

Computing. Journal of AI and Data Mining, 6(2), 387-397.

http://jad.shahroodut.ac.ir/article_1087_129.html

Shakibazad, M., & Rashidi, A. J (2017). A framework to achieve a dynamic model of the cyber

battlefield. Bulletin de la Société Royale des Sciences de Liège.

https://popups.uliege.be/0037-9565/index.php?id=6830&file=1

Underwood, D., Stryker, E., & Peterson, J. (2017). U.S. Patent No. 9,832,213. Washington, DC:

U.S. Patent and Trademark Office.

https://patents.google.com/patent/US9832213B2/en

Place new order. It's free, fast and safe

Paper type

Deadline

Page count

550 words

Total price: $ 15.00

Our customers say

Jeff Curtis

USA, Student

"I'm fully satisfied with the essay I've just received. When I read it, I felt like it was exactly what I wanted to say, but couldn’t find the necessary words. Thank you!"

Ian McGregor

UK, Student

"I don’t know what I would do without your assistance! With your help, I met my deadline just in time and the work was very professional. I will be back in several days with another assignment!"

Shannon Williams

Canada, Student

"It was the perfect experience! I enjoyed working with my writer, he delivered my work on time and followed all the guidelines about the referencing and contents."