Network risk management is described as an attempt to identify, assess and control threat to digital information in transit, public cloud service, both external and internal servers as well as any other organization’s digital assets. As the technology advances and enhances the connectivity between people, things and places, cybercriminals attempts to develop more sophisticated and new methods of accessing the sensitive information transmitted through the network (Minutella, et al., 2008). Since customer confidence level is crucial and service providers focus on solidifying consumer base as well as growing the number of consumers, they spend a substantial amount of resource in ensuring that businesses as well as the tools used in conducting the business have been protected. These include managing the security risks in a network in a way that it maximizes the usefulness of the internet and cloud computing.
Read also Confidentiality, Access Control and Data Integrity – Network Security Policy
Network risk management follows a specific plan that is universally used in overall risk management process. These step are:
- Risk identification: The chief security officer task with responsibility of conducting network risk management must identifies and define the likely risks that may negatively influence a specific company process.
- Risks analysis: After identifying types of risks, the security officers evaluate the possibility of the risks occurring in the network and the consequences (Rouse, 2016). The objectives of analysis is to comprehensively understanding a specific instance of risk and how it affects the performance of the network.
- Risk assessment and evaluation: The security officer further assess and evaluate the chances of occurrence and the combined overall consequence. From the evaluation and assessment, the decision is made to determine whether it is acceptable and should be addressed.
- Risk mitigation: The security officer and team tasked with responsibility develop a plan based on the highest risks using specific risks control. The mitigation process include contingency plan and risk prevention tactics.
- Risk monitoring: This is the last step of planning network risk management. This involves monitoring how the mitigation process is progressing.
Read also Quantitative and Qualitative Risk Assessment of the HFI Company’s Network
Mitigating network risks
Mitigation is described as a process of reducing the risks to network and network application, hosts and devices. The mitigation techniques include:
- Authentication, Authorization and Accounting (AAA): The authentication process involves identification of user through the use of login and password. Authorization involves determining what a user has been allowed to carry on (Paquet, 2013). Accounting involves gathering and dispatching usage information as logging. It is important to understand that AAA operates in conjunction with RADIUS or TACACS in order to enhance security of the network.
- Cisco ACLs: An Access List is described as an arranged list contain deny and permitted statement that can be installed in a Cisco device to effectively determine whether a packet will be permitted or denied access to the network. analysis indicated that a properly configure access list play important role in preventing the attacks such as IP spoofing, TCP SYN attacks, Smurf attacks and ICMP and trace-route.
- Cisco IOS Secure Management Feature: It is important for a network administrator to configure Cisco equipment by putting new passwords before deploying it. This step can further be enhanced by configuring the following features in the devices: secure shell (SSH) which is the data transmission protocol, Simple Network Management Protocol (SNMP) which is a management protocol, Syslog which collect log of message and Network Time Protocol (NTP) which is clock synchronizer protocol.
Read also Super-Packs Company Risk Matrix – Project Risk Management Techniques
In my opinion both network risk management and mitigation process is important in ensuring network security.