Question

For your initial discussion post, you are to expand on the element review below. You need to provide specific examples on what will be reviewed in the audit based on this element. Answer what will be included in the audit plan for this element. If possible, provide a link to another resource. Try not to pick an element already discussed by another student. In your response, provide your comments on the other students posts on their element and any additional information you might have on it. Remember to cite any sources.

Network security review: Review of internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are some typical areas of coverage

Answer 1

Network security review: Review of internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are some typical areas of coverage

• Network security might seem too complex, and tackling it might seem like too much work. But you can take a step-by-step approach as described in the checklist below, and then get an outside consultant to help you complete your security plan.
• You might think network security is an expense that won't help your business grow. Instead of thinking about network security as a technical concern, consider it a business continuity issue. Networks have become a basic part of doing business today, making security planning as important as sales and marketing.
• You may believe that smaller companies are less likely to be a target of attacks. But as large companies beef up their network security, hackers are increasingly focusing on small and medium-sized businesses.

General Security Planning Tips - The following tips can help you develop and win support for an effective network security plan:

• Focus on return on value rather than return on investment. Consider the harm a network security breach could do to your business, such as lost revenue or customer litigation.
• Never assume that network attacks will come only from outsiders. Your employees can accidentally create security vulnerabilities, and disgruntled or former employees can cause considerable damage.
• Don't be tempted to confront security concerns with a piecemeal approach rather than a single, unified strategy that protects your whole network.
• Work with others in your company to develop and roll out security strategies, focusing on technology, training, and physical site security with tools like surveillance cameras.
• Find the right balance between security and usability. The more secure your network is, the more difficult it can be to use.

Network Security Checklist - Every business should have a written (and thoughtfully prepared) network security plan in place. A thorough policy will cover topics such as:

• Acceptable use policy, to specify what types of network activities are allowed and which ones are prohibited
• E-mail and communications activities, to help minimize problems from e-mails and attachments
• Antivirus policy, to help protect the network against threats like viruses, worms, and Trojan horses
• Identity policy, to help safeguard the network from unauthorized users
• Password policy, to help employees select strong passwords and protect them
• Encryption policy, to provide guidance on using encryption technology to protect network data
• Remote access policy, to help employees safely access the network when working outside the office

Do you have any of the following?:-

• Firewall, to keep unauthorized users off your network
• Virtual private network (VPN), to give employees, customers, and partners secure access to your network
• Intrusion prevention, to detect and stop threats before they harm your network
• Content security, to protect your network from viruses, spam, spyware, and other attacks
• Secure wireless network, to provide safe network access to visitors and employees on the go
• Identity management, to give you control over who and what can access the network
• Compliance validation, to make sure that any device accessing the network meets your security requirements

Identify Your Most Important Digital Assets and Who Uses Them:-

• Exactly what are your company's digital assets (such as intellectual property and customer records)?
• What are they worth?
• Where do those assets reside?
• Who has access to these assets, and why? Can all employees access the same assets?
• Do you extend access to business partners and customers?
• How do you control that access?

What Would a Security Breach Do to Your Business?:-

• What is the potential financial impact of a network outage due to a security breach?
• Could a security breach disrupt your supply chain?
• What would happen if your Website went down?
• Do you have e-commerce features on your site? How long could the site be down before you lost money?
• Are you insured against Internet attacks, or against the misuse of your customers' data? Is this insurance adequate?
• Do you have backup and recovery capabilities to restore information if necessary after a security breach?

Consider Your Current and Future Needs:-

• How do you expect your business plan to evolve over the next few years?
• How recently have you updated your network equipment? Software? Virus definitions?
• What type of security training do you provide to your employees?
• How will growth affect your digital assets and their value to your business as a whole?
• In the future, are you likely to have a greater need for remote employees, customers, or partners to access those digital assets?

Sources:- https://www.cisco.com/c/en/us/solutions/small-business/resource-center/secure-my-business/network-security-checklist.html

http://www.infopercept.com/wp-content/uploads/2017/08/Infopercept-Network-Security-Architecture-Review-Approach.pdf

Please let me know in case of any clarifications required. Thanks!