Application of Risk Management
As an IT manager of YieldMore Company, it is our responsibility to analyze all of the risks as well as the threat/vulnerability pairs, and decide what kinds of risk management techniques will reduce the chances of vulnerabilities being exploited. We want to ensure that the risk management techniques that we choose to use will bring the greatest amount of security for the seven domains.
The user domain has risks related to lack of training employees in areas of general security knowledge. Visiting risky websites, opening infected emails or bringing infected files carelessly on their USB can result in a nightmare of security issues. To counteract this sort of risk, we will use mitigation in order to control certain restrictions for employees such as not being able to access USBs on their computers, having email go through a filtering process, and blacklisting certain risky websites.
The user domain has a close relationship with the workstation domain. For example, keeping workstations up to date with the most recent patches, as well as configuring and increasing security using firewalls are important risk management techniques. In addition, users have little to no privileges when it comes to installing software. In most instances, only administrators will have sufficient access to install software.
The LAN domain is the area inside the firewall. Each individual device must be protected. Data transferred within the LAN isn’t protected as thoroughly as if it were sent outside the LAN. This leads to a vulnerability of packet sniffing. Another vulnerability that needs to be mitigated in the LAN domain is preventing rogue users from unauthorized WLAN access.
A high level of security is required to keep the LAN-to-WAN Domain safe. The public side of the boundary is often connected to the Internet and has public IP addresses. These IP addresses are accessible from anywhere in the world, and attackers are constantly probing public IP...