1. The need for Network Security
1.1. Access - authorized users are provided to communicate
1.2. Confidentiality - Information in the network remains private
1.3. Authentication - Ensure the users of the network
1.4. Intergrity - Ensure the message has not been modified
1.5. Non-repudiation - Ensure the user does not refute that he used the network
1.6. Non-repudiation - Ensure the user does not refute that he used the network
2. Potential Risk to Network Security
2.1. Email attachments - workers opening an attachment could unleash a worm or virus
2.2. Diversionary tactics - Hackers slip on and attack another part of the network when security administrator busy recovering the services
2.3. Blended attacks - worms and viruses may be able to execute itself or even attack more than one platform
2.4. Renaming documents - Company might fail to pick up outgoing message if the subject name has been changed
3. Legal Issues and Privacy Concerns
3.1. Legal issues: information theft (trademark, trade secret)
3.2. Privacy concernsL confidentiality of transmitted data, spyware program
4. Security Goal
4.1. Asset Identification
4.1.1. network equipment such as routers, switches and firewalls
4.1.2. involve taggiend each physical and intangible asset
4.1.3. use physical (bar code) or a tag with RFID to tag physical assets
4.2. Threat Assessment
4.2.1. possible danger that might exploit a vulnerability
4.2.2. involve listing all possible threat
4.2.2.1. ex-employee who desire revenge
4.2.2.2. cyber-spy looking to accumulate competitive information
4.2.2.3. unauthorized access to resources or information
4.2.2.4. denial of sevice
4.2.3. Type of threat
4.2.3.1. Malicious Code
4.2.3.2. Hacking
4.2.3.2.1. Data Loss
4.2.3.2.2. Disruption of Service
4.2.3.3. Natural Disaster
4.2.3.4. Theft
4.2.3.4.1. Information theft
4.2.3.4.2. Identify theft
4.3. Risk Assessment
4.3.1. Internal Network Risk Assessment
4.3.2. External Network Risk Assessment
4.3.3. Internet Penetration Test
4.3.4. Mobile Device Risk Assessment
4.3.5. Firewall Penetration Test
4.3.6. Database Risk Assessment
4.3.7. Can protect from data leaks, virus, malware, social media risk