By recognising computer systems, applications, or network services that have a set requirement for security, it is possible to apply appropriate protections.
Combining two different levels of security requirements lowers all security domains to the lowest common security level, effectively reducing the security for many domains.
By separating the different security domains into different parts of the network, they can be protected to an appropriate level which greatly increases their security, and can assist the prevention of “domain jumping” by intruders to gain deeper and more serious penetrations into the organisation, or to seriously impact the organisation’s access to their information processing infrastructure.
- Identify the assets of the organisation that require protection. This may include physical items such as computer hardware, blank stationery, backup tapes; non-physical items such as data, software, network access; and other usually unrecognised important issues such as the organisation’s reputation.
- Place a value on those assets.
This will help determine the amount of security required later.
- Determine what threats these assets may face.
What are the attacks or problems that could adversely affect this asset (deliberate and accidental)?
- Determine the types of vulnerabilities that could generate or cause this threat.
For example, the loss of air conditioning to the computers could be brought about due to either a compressor failure or loss of power. Different problems – same result (no air conditioning).
- Quantify the chance of a particular vulnerability actually occurring.
For example, in Brisbane, the threat of a serious earthquake may be minimal, but the threat of a flash flood or lightning strike from a summer thunderstorm could be significantly higher.By identifying the threats and their likelihood of occurring, and combining that with the value of the asset, we can quantify the loss we are likely to experience should that threat actually occur.
When you want to make absolutely sure your entire plan is right from the start, our Advisory service professionals can guard your interests. We will ensure your planning decisions for the proposed network will accomplish all you want it to, now and into the future, without over investing or buying into outdated or unproven technologies.