Beranda > SecuRity > Security Evaluation on network

Security Evaluation on network

Security evaluation needed to prevent and protect information from unauthorized access in our network. Information security is concerned of protecting confidentiality, integrity and availability of information, which also known as CIA Triad. CIA Triad forms the core principles of information security.

  • Confidentiality means information should be accessed only to whom have the right acess to it.
  • Integrity means information should be modified only to whom have authorized.
  • Availability means information should be available when its needed.
  • We have to understand about the weaknesses in our network, using framework such as ISO/IEC 27002:2005. The weakness in the system called vulnerability. Vulnerability can cause harm called threat. Threat not always can cause corruptness of the system but from the threat possibly occur attack that can harm security element of the system. Risk is the possibility that something bad will happen to informational asset.

    The ISO/IEC 27002:2005,Code of practice for information security management recommends the following be examined during a risk assessment:

    • security policy,
    • organization of information security,
    • asset management,
    • human resources security,
    • physical and environmental security,
    • communications and operations management,
    • access control,
    • information systems acquisition, development and maintenance,
    • information security incident management,
    • business continuity management, and
    • regulatory compliance.

    In broad terms the risk management process consists of:

    1. Identification of assets and estimating their value. Include: people, buildings, hardware, software, data (electronic, print, other), supplies.
    2. Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization.
    3. Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security.
    4. Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis.
    5. Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset.
    6. Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernible loss of productivity.
    1. Februari 12, 2014 pukul 8:30 pm

      Here replacement is a much better option. You may
      want to vinyl replacement windows utah think about the perks of
      replacing them with vinyl. Go to any of their sites for hands on and how
      to do it yourself or hire a contractor? You will
      find that there is some significance when it vinyl replacement windows utah comes
      to vinyl. Along with good looks, the Jeld Wen doors and windows is very less.

    2. Eli
      Mei 15, 2014 pukul 12:47 am

      It’s going to be end of mine day, but before ending I am reading this wonderful paragraph to improve my know-how.

    1. No trackbacks yet.

    Tinggalkan Balasan

    Isikan data di bawah atau klik salah satu ikon untuk log in:


    You are commenting using your account. Logout /  Ubah )

    Foto Google+

    You are commenting using your Google+ account. Logout /  Ubah )

    Gambar Twitter

    You are commenting using your Twitter account. Logout /  Ubah )

    Foto Facebook

    You are commenting using your Facebook account. Logout /  Ubah )


    Connecting to %s

    %d blogger menyukai ini: