Explore BrainMass

Explore BrainMass

    Performing a Network Risk Analysis

    26 Pages | 4,561 Words
    Rob Beachy, MS (#110890)

    Within this eBook you will learn the steps involved in performing a risk analysis and why they are important. A proper risk analysis will allow you and management to understand your technology assets and their vulnerabilities. You will also identify threats to your assets and steps to protect them.

    This book is ideal for the Information Technology professional in charge of the operation and security of a network of any size. Individuals with the need to define their assets and proactively protect them from hostile threats in an ever growing technology landscape will benefit from reading this eBook.

    An Introduction to Performing a Network Risk Analysis

    Whether in the public or private sector, businesses rely on information systems to carry out their business functions. Information systems can range from simple office networks, financial and personnel systems to highly specialized systems, such as those found in the military. Information systems are vulnerable to threats that can have a negative impact on an organization s operations, assets and reputation. These threats, both known and unknown, take advantage of system vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processed, stored, or transmitted by those systems. Threats can be calculated attacks, environmental interferences, and machine errors and can result in great harm to business continuity. It is a necessity that management, at all levels, understand their responsibilities and are held accountable for managing information security risk.

    A Network Risk Analysis (NRA) is one of the key components of an organizational risk management process. A NRA will identify, prioritize, and estimate risk to an information system that may disrupt operations, assets, processes, and business continuity.
    The purpose of a NRA is to identify:
    Threats to information systems
    Vulnerabilities internal and external to information systems
    Impact to business continuity that may occur given the potential for threats exploiting vulnerabilities
    The likelihood that harm will occur.

    The end result (or benefit) of performing a risk analysis is the understanding of the level of risk within the network. NRAs are used to evaluate information system security related risks associated with corporate governance and management activities, mission/business processes or enterprise architecture, and funding of information security programs. NRAs are also used to support a corporate risk management framework (security categorization, security control selection, security control implementation, security control analysis, information system authorization, and monitoring).


    About the Author

    Rob Beachy, MS

    Active since Apr 2012

    Rob Beachy is the current Vice President of Information Technology for a community bank located in Michigan. He received his Bachelor's degree in Information Systems from the University of Phoenix, graduating with a perfect 4.0 GPA. He went on to obtain a Master of Science in Information Assurance from Davenport University in Grand Rapids, Michigan with a GPA of 3.96. Mr. Beachy holds certification in Novell, Microsoft, and holds a CompTIA Security+ certification. He is an active BrainMass expert and enjoys sharing his knowledge with lifelong learners. Mr. Beachy has completed a National Security Systems Information Systems Security (INFOSEC) professionals' course in 2010.

    Rob's BrainMass Profile