Global Finance, Inc. is an international organization with expansions in many states.

In every state, the company has a number of sites and each site has several
workers and customers. Offices are interconnected to each other and to the host
organization. As an international organization, Global Finance, Inc. requires a robust
network that can support its daily operations, a secure network system and efficient
network management strategies. Normally, network choices rely on the company
budget, network coverage, and internal and external regulations. Effective network
security requires constant upgrades and close monitoring to ensure possible
loopholes are sealed in time.
Executive Summery
Global Finance, Inc. network is constructed by sets of routers and switches.
The network switches and routers are designed with unique typologies including
different sizes of meshes. The network adopted packet switching and circuit
technologies. Packet switches are effective transfer paths and sharing carriers. The
network system allows sharing with clients and other management teams. There
are also virtual circuits connected to the main path to serve various needs.
Additionally, the network has circuit system, which facilitates data transfer only
when needed. Global Finance, Inc. has employed Integrated Services Digital
Network (ISDN), which only transfer data when initiated (Acharya, Lasse, Thomas &
Matthew, 2011).
Apart from Wide Area Network (WAN) and Local Area Network (LAN)
connections, Global Finance, Inc. has utilized other forms of connections such as
different internet ISPs, private networks and telephone connections. The design has
also incorporated Virtual Private Network (VPN) for in public switched networks
(PSTN) to enhance information privacy and security. Global Finance, Inc. developed
an encrypted network system as a security measure against its data (Dana & Arkin,
2010).
The expansion of Global Finance, Inc. has created openings for new threats,
risks and vulnerabilities. Some of these network challenges were not envisioned
during network structure development. Despite the expansion, Global Finance, Inc.
has experienced any incident as per PCI DSS. However as move to maintain network
security compliance, this Risk Assessment has been undertaken to limit any future
network risk that might have been overlooked during network initiation and over the
past risk assessments.
During the Global Finance, Inc. Risk Assessment, a number of potential
network threats were found. The company has no measures to contain physical
harm to computers and security measures to manage tampering from end users are
minimal. Global Finance, Inc. has no continuity plans to manage in the organization,
in case, the internets go out. Financial intuitions are vulnerable to attacks, owing to
the nature of business. As a result, mitigation measures should be in place for any
form of incompliance. Priority should be put in the most vulnerable places, which
could harm the organization in short term. Security breach in Global Finance, Inc.
might result into losses and loss of customers confidence. The diagram below
illustrates the major risk domains in Global Finance, Inc. (Dana & Arkin, 2010).

Fig 1. Global Finance, Inc. Network Risk Domains

While several organization network system can pose risk to the organization, during
this risk assessment priority was put on:
1.

Un-Patched Servers.

These are servers used in the organization network. Un-Patched Servers exposed to
internal servers and internet without direct connection are vulnerable points. Many
companies, including Microsoft have not succeeded in managing their patches,
despite their diligence in patch maintenances. Usually, patches leads to internet
disruption by warms such as Code Red. The most vulnerable points are the internal
servers, which do not directly connect to the internet (Acharya, Lasse, Thomas &
Matthew, 2011).
2.

Un-patched Client Software

Internet client applications such as Internet Explorer, Outlook and Outlook

Express have many security vulnerabilities. The weaknesses can be easily exploited
by Viral code or Worms. Usually, they slip through anti-virus and add their signature
to anti-virus software making them difficult to identify. The solution to the problems
is to update all browsing and emails with available security patch. Today, emails are
widely used in work places, while at the same time they offer the greatest security
threats. However, Microsoft Office XP and Microsoft Outlook offers automatic
blockage to potential email threats.
3.

Insecure File Sharing

Daily routines in Global Finance, Inc. include sending files, printing and
making file copies with an office. Usually, this happens between or among office
computers. This is essential part organization administration; however, maximum
security must be taken in managing risks associated with file sharing. Warms and
virus spread easily among computers within LAN. At times, data managers even
spread the risks through portable devices such as hard disks and compact disks. To

manage possible file transfer risks, program folders, root folders and operating
system folders should not be shared (Acharya, Lasse, Thomas & Matthew, 2011).
4.

Insecure Passwords

Passwords are common risks in organization networks. Passwords need to be

guarded with a lot of secret and hard to guess. Passwords should be given only to
specific individuals and at set times. It is important to determine password sharing
and usage during network risk evaluations (Dana & Arkin, 2010).
5.

Dial-up Connections

Corporate computers can be configured to use dial up connections, which bypasses

security implement on the corporate network. Usually, such activities exposes
corporate network to email borne Trojans, viruses and warms. Servers should be
parched to limit the use of dialup connections in corporate network.
6.

Corporate owned laptops

Corporate portable laptops are big security threats. They are exposed to
several networks including client networks and dial up connections. The disk space
of laptops, memory and speed makes them hard to keep up to date with patches. In
some corporations, employees are allowed to use their own laptops, which offer
similar security challenges to corporate laptops. The portability nature of laptops
also increases data insecurity when they are stolen.
Network Risk Assessment Tool
Network Security Designs should be geared towards meeting organization
goals and objectives. While planning financial organization network, the following
should be taken into consideration:

Managers should focus on value return and not investment return. The harm
security breach can cause to an organization should be the key consideration rather
than the profit on the network investment.

Assumptions should not be made on possible sources of network

vulnerabilities. Network threats and risk emanates from both within the organization
and external sources.

Security threats should never be tackled in piecemeal. A unified strategy,

which protect the entire network should be put in place when handling security
challenges.

Network security issues should be rolled out as a collaborative approach. All

network users should be trained and advise accordingly on security matters.

A balance of network security and usability should be put in place. Normally,

more secure networks are very complex to use.
The following table indicates the risk assessment tool that was used to
determine Global Finance, Inc. network vulnerabilities, threats and risks. The major

areas of concern included acceptance use policy, communication activities,

antivirus use, identity policy, information encryptions, password policy and remote
access policy.
Table 1. Organization Network Checklist
Global Finance, Inc. Network Security Inventory
Security Technologies
1.

Does Global Finance, Inc. has

Yes

No

(1) Up to date Firewall System

(2) Secure Private Network (VPN)
(3) Intrusion Prevention Mechanisms
(4) Network Content Security
(5) Identity control and management
(6) Secure networks system
(7) Compliance validation procedures
Organizations Digital Assets and their Users
2.
Are all organization digital systems (intellectual property and client
information) in place
3.

Are the digital system locations documented

4.

Are the access to digital systems controlled

5.

Do third parties have access to the digital systems

6.

How are there control measures on access to digital systems

The Impact of Security Breach to the Organization

7.

Is there potential financial risk in cases of network outage

8.

Could security breach disrupt organizations operations

9.

Is there a significant financial risks when network is down

10.

Are there e-commerce features in the organization

11.

Is the organization network fluctuating

12.

Is the organization network damages insured

Organization Current and Future Network Needs

16.

Are there further organization expansion strategies in place

17.

Are the network equipment regularly updated

18.

Are the organization software and antiviruses regularly updated

19.

Are employees undergo network security trainings

20.

Is there significant effect on organization growth to its digital platform

21.

Are end user network policies communicated to third parties

Physical Security System

22.

Are offices locked properly during none office hours?

23.

Are all maintenance officials have identification details?

24.

Are computers securely placed in the offices

25.

Are methods taken to control entry and movement of people in the offices

26.
Are the computers served by uninterruptable power supply to avoid unsaved
data loses
27.

Are there measures in place against vandalism and any other form of attacks

Analysis of Global Finance, Inc. value chain was also important in determining
the type of risks organizations are exposed to. Values chains were used to illustrate
the organization activities, which can expose its network to vulnerabilities. Through
value chain analysis, we were able to understand how various activities and
stakeholders interact with the organization network. Examination of organization
value chain was also important in determining critical network paths, which required
utmost security procedures from those that posed limited threats. Among the
activities that was identified include Global Finance, Inc. online and offline inbound
and outbound logistics, operations, marketing, services and sales. These activities
expose the financial institution to interaction with different stakeholders, which
exposes its network to external vulnerabilities.
Value chains enumerated network components of the value activities. Based
on the assessment, each of Global Finance, Inc. value chain presented both physical
and online processing components. While the physical components are concerned
with physical handling of products, information components functions on
information delivery and data management. Financial institutions have very
comprehensive information components that their health is vital for organization
performance. Global Finance, Inc. have in place many computer aided programs
such as automatic teller machines, money withdrawals, deposit alerts, and
automatic money transfers services. As a result, secure network system is vital for
Global Finance, Inc. survival. The company has employed its information system in
multimedia marketing and sales, the value chain include telecommunications,
scheduling service force, answering clients on social sites and desktop publishing.

The information was vital in determining possible sources of network vulnerabilities

for enhancing their remedies.
The assessment also linked organization value chain and that of supplies
such as entry systems on inbound and outbound logistics, and communication
within and outside organization with systems such as electronic data interchange.
The linkages provide information on how organization assets are linked to the
network system and dollar value of investing in network technology can computed.
Delphi technique was employed to determine the asset list and characteristic of
network assets.
Table 1. Organization Risk Compliance Table

Risk - Threat - Vulnerability

Recommendations

Primary Domain Impacted

Risk Impact/Factor

Service Provider SLA is not achieved LAN-to-WAN 1

Alternative service
provider should be sought and non-functional networks terminated.
Unauthorized public internet access
LAN-to-WAN 1
maintained by Creating DMZ to protect data.

PCI compliance should be

Hacker bypasses security system and gain access to organization data

System/Applications
1
Create DMZ to keep hackers out.
Primary data is destroyed by fire
be constructed

LAN

Offsite back up station should

Mobile employees should have security measures in place while accessing

organization information Remote Access
1
Use encryption software to
tunnel the system.
Users uses personal storage devices on organization computers User 1
Rules
and regulations should be put in place to control the use of personal devices in
organization computers.
VPN tunneling between remote computer and egress/ingress router is needed
Remote Access
1
Set up system
Need to prevent eavesdropping on WLAN due to customer privacy data access
WAN 1
Create DMZ and encryption software
DoS/DDoS attack from the WAN/Internet
WAN 1
Create DMZ for data
protection. Ensure the use of up to date software to prevent such attacks
User destroys data in application and deletes all files
User 2
up of all data after use and limit user access to deletion permissions.
Unauthorized access to organization owned workstations User 2
Authorization protocols should be made stricter.

Create back

Loss of essential production data

System/Applications
2
Create
multiple reflection system and ensure data is continuously backed up to prevent
loss
Service denial attacks on DMZ and e-mail server
to DMZ using only specific sources

LAN-to-WAN 2

Remote communications from any given organization home office

Access
2
Use encryption software

Allow access
Remote

User downloads and popups on unknown e-mail attachment

User 2
Policies should be in place, which restrict opening of unknown emails. An up
to date virus protection software should be used to scan the system for potential
risks
Weak ingress/egress traffic filtering hampers performance LAN-toWAN 2
filtering methods should be put in place to replace the none functional ones

New

WLAN access points are required for LAN connections within warehouse
LANto-WAN
2
Secure point should be established inside warehouse for LAN
connection to WAN
Intra-office employee communications such as romantic affairs User 3
Fraternization policy should be established and employees involved should be
separated when working.
Workstation Operation Software has a known software vulnerability
LAN-to-WAN
3
All patches should be updates to date as per the growing concerns.
LAN server OS has a known software vulnerability
be updates to date as per the growing concerns

LAN

All patches should

Workstation browser experiencing software vulnerability Workstation 3

All
patches should be updates to date and anti-virus software should be installed.
Service provider is experiencing a major network outage
should be replaced with new person.

WAN 3

The provider

Legend: 1= Critical these are threats, risks, or vulnerability affect network

compliance and
affect organization network system
2= Major - these are threats, risks, or vulnerability affecting
confidentiality, integrity, or
intellectual property rights
or

3= Minor - these are threats, risks, or vulnerability, which impacts on users

employees productivity to the organization.

Risk Assessment Plan

The risk assessment method employed in this project enabled risk auditors to
identify, score and rank risks in Global Finance, Inc. high priority risks were included
in the project schedule and marked appropriately for risk managers to take the most
appropriate steps in coming up with risk implementation strategies (Lelyveld &
Liedorp, 2006). It was recommended that risk managers to provide monthly status
update on the assigned areas. Based on the reports, the project managers will
determine risk improvement strategies, which could be necessary for feature
projects. During the risk assessment, short-term mitigation recommendations were
put in place to manage risks, which could have high impacts on the organization
within a short time. These include back up procedures and incidental responses.

Table 2. Network Server Disaster Back-up Procedures.

Step 1Use the backup recovery tool for Windows Servers. Open the current backup
recovery for the operating server and reset the system to restore.
Step 2After restore process, restart the main server managers should restart the
main server for old pre-fetching data to be released. The backup system is
important at this level since the systems require very negligible downtime.
Step 3Bring the main server back up and determine whether the backup process is
complete. Install necessary updates, anti-virus, other vital software and operating
system definitions.
Step 4Switch control of the main server and stop the backup server from storing
addresses and other network information.
Step 5Back up current data should be backed up on the main server to facilitate
recovery processes if the need arises in futures.

Table 3. Computer Incident Response Procedures

These are routine procedures to maintain computers health and to avoid
adverse information loss and damages due to attack on computers (Lelyveld &
Liedorp, 2006).
Prevention
Preparation Install and update firewall on the server with updated ACLs that
monitors incoming and outgoing traffics. ACLs should be set up on the router to limit
traffic flow. Blacklist and Whitelist websites and host email and addresses that
contain virus and other harmful materials. Ports, which are not used, should be
closed to manage harmful leaks.
Identification
Firewall should be set to a level sensitive enough to detect
unnecessary materials; additionally, sub-root directives, which notifies, when
potential threats occur should be put in place.
ContainmentSniffing software and anti-viruses should be used to eliminate threats
in DMZ and Sandbox utilized to prevent any further damage.
Recovery
Incremental backups should be restored after scanning and debugging
to ensure that no vital information is lost during the process. All ports should be
checked to ensure they are all sealed and safe from any possible leak.

The diagram below illustrates a secured Network system with IDS censors for Global
Finance, Inc.
Fig 2. Global Finance, Inc. with IDS censors

There are sensors to monitor public network since these are prime areas for
attackers. Another sensor has been placed behind the firewall LAN network and
internet. IDS can also be placed around remote servers such as VPN and dial ups.

Conclusion
It is hard to come by one hundred percent network security in financial
organizations. The root of network insecurities majorly emanates from lack of
awareness, concern, attention and commitment from organization management
team. As result, purchasing security wares contribute insignificantly on network
security management. Usually, new security measures come with regulations, which
require organization change management. The best approach is constantly assess
the organization security and makes improvement.
This Risk Assessment paper has employed multiple qualitative
methodologies, which include the use of questionnaires, scenarios and Delphi
methods. Single risks assessment methods do not offer flexibility required for the
wide variety of financial organizations threats, vulnerabilities and assets with easily
interpreted data. Based on the risk assessment findings, Global Finance, Inc. needs
to constantly update its security software, ensure security parches are effectively
sealed and develop secure VPN networks. Network security is important for this
company owing to its online transactions and storage systems. Risk assessments
also need to be conducted regularly to facilitate effective mitigation measures.

References
Acharya, V., Lasse H., Thomas P., & Matthew R. (2011). Measuring Systemic Risk,
Working
paper. New York: New York University.
Lelyveld, I., & Liedorp, F. (2006). Interbank contagion in the Dutch banking sector: a
sensitivity analysis. International Journal of Central Banking 2, 99133.

Dana P., & Arkin, W. (2010). "A hidden world, growing beyond control". The
Washington
Post. n.p. Accessed March 2014.

APPENDIX A. Network Security Checklist Scores

Global Finance, Inc. Network Security Inventory
Security Technologies
1.

Does Global Finance, Inc. has

Yes

No

(1) Up to date Firewall System

(2) Secure Private Network (VPN)

(3) Intrusion Prevention Mechanisms
(4) Network Content Security

(5) Identity control and management

(6) Secure networks system

(7) Compliance validation procedures

Organizations Digital Assets and their Users

2.
Are all organization digital systems (intellectual property and client
information) in place

3.

Are the digital system locations documented

4.

Are the access to digital systems controlled

5.

Do third parties have access to the digital systems

6.

Are there control measures on access to digital systems

The Impact of Security Breach to the Organization

7.

Is there potential financial risk in cases of network outage

8.

Could security breach disrupt organizations operations

9.

Is there a significant financial risks when network is down

10.

Are there e-commerce features in the organization

11.

Is the organization network fluctuating

12.

Is the organization network damages insured

Organization Current and Future Network Needs

16.

Are there further organization expansion strategies in place

17.

Are the network equipment regularly updated

18.

Are the organization software and antiviruses regularly updated

19.

Are employees undergo network security trainings

20.

Is there significant effect on organization growth to its digital platform

21.

Are end user network policies communicated to third parties

Physical Security System

22.

Are offices locked properly during none office hours?

23.

Are all maintenance officials have identification details?

24.

Are computers securely placed in the office desks

25.

Are methods taken to control entry and movement of people in the offices

26.
Are the computers served by uninterruptable power supply to avoid unsaved
data loses