When it comes to risk management, risk mitigating controls are the key to reducing threats to the network infrastructure. These mitigating controls can be found within standards, such as ISO/IEC 27001, and suggest measures to take in order to reduce risk to an organization’s assets. It is important to understand what each of these controls are in regards to risk management as well as the types of assessments used in determining the proper methods in protecting the infrastructure of any network.
An asset is any tangible or intangible economic resource that can be owned or used to produce value. These range from hardware and software to personnel assets. Threats may be man-made, accidental or an act of nature, which can cause potential harm to the network. Mitigating controls are put in place to significantly reduce either the chance or penalties of a threat.
Types of controls, that an admin can implement, are login identifiers, system and data audits, firewalls, encryption, and session timeouts. All of these controls help to prevent, defect, and correct the network from potential threats. Identifiers are simply authentication methods used to gain access to a network. Audits need to be completed to investigate the activities of personnel as well as identify the status of the overall network. Firewalls must be put in place to protect the network against unwanted users and bugs. Encryption should be used to ensure all data traffic is protected from prying eyes or individuals scanning the network for information they can steal or abuse. Lastly, a policy implementing session timeouts must be enforced to hold all users liable for not properly locking their computers when walking away from it.
All of these controls ensure a greater protection not only for the network, but also for the information or data passing along its highways.
Thank you for coming out, God bless…. Goodnight.