Step 1:
Identify Critical Systems and Time Sensitive Information
Hardware: NAS server, network infrastructure, cabling and blade racks Software: Windows Server, Barracuda firewall and filter, Symantec Anti Virus
Step 2:
Estimate the Value of System Components
Hardware: NAS server, network infrastructure, cabling and blade racks
$6,035 replacement cost Software: Windows Server, Barracuda firewall/filter and Symantec Anti Virus
$ cost already incurred by district
Step 3:
Identify Threats
Natural Threats: Lightning, Humidity, High Temperatures, Dirt Rain/Water Damage Human Threats (Intentional): Physical theft, computer viruses (includes slow speed and hyper speeding), intellectual theft Human Threats (Unintentional): Computer Viruses, unnecessary file storing, unintentional deletion
Step 4:
Identify Vulnerabilities
Physical Concerns: Climate control, remote location, power surge/power failure
Hardware: Power failure, overcapacity, loss of data Software Issues: File parent security, additional server mapping Human Concerns: Teacher as administrators, student storage, loss of data
Step 5:
Estimate the Likely hood of Potential Penetration Becoming Actual Penetration
Network: A breach of the school network while unlikely is a possibility. So remote outside access is denied through the use of an up to date firewall protection system. Also no information will be stored on the server which is confidential for private. Hardware: Servers are kept in a secure area of a school district building that students do not have access to. The area is kept locked at all times and is also video monitored.
Step 6:
Identify Countermeasures Against Perceived Threats and Vulnerabilities
Physical Threats/Vulnerabilities Prevention: All hardware will be kept in a secure area that has limited human access it is also climate controlled and is located in a interior area with no exterior windows. Human Threats/Vulnerabilities Prevention: All users will be trained on how to keep their information secure. Students and teachers will learn how to keep their unique usernames secure and why not too let others share their login. Hardware/Software Threats/Vulnerabilities Prevention: All user activity is logged and improper use will be dealt with according to the student hand book. The third party firewall is updated twice a day to keep up to date on potential threats.
Step 7:
Estimate Costs of Implementing Countermeasures
Money & Time: The Avon Grove School District already subscribes to a firewall protection system and anti virus protection. The addition of the NAS under my initiative will not increase the subscription cost. However training staff and students how to properly use the technology will consume time. This additional time will occur during required department meetings.
Countermeasures already available:
1: Every computer requires a login and is also timed out after thirty minutes of inactivity.
2: There is no outside access to the server system which makes it difficult to gain access remotely.
3: All user computer activity is tracked and stored for later use.
4: Teacher monitoring of student computer use.
Projected increase in cost of security $0
Step 8:
Overview of Risk Assessment and Selected Suitable Countermeasures for Implementation
A. Risk assessment
Identify Critical Systems and Time Sensitive Information
Software: Windows Server, Barracuda firewall and filter, Symantec Anti Virus
Estimate the Value of System Components
$6,035 replacement cost
Software: Windows Server, Barracuda firewall/filter and Symantec Anti Virus
$ cost already incurred by district
Identify Threats
Human Threats (Intentional): Physical theft, computer viruses (includes slow speed and hyper speeding), intellectual theft
Human Threats (Unintentional): Computer Viruses, unnecessary file storing, unintentional deletion
Identify Vulnerabilities
Hardware: Power failure, overcapacity, loss of data
Software Issues: File parent security, additional server mapping
Human Concerns: Teacher as administrators, student storage, loss of data
Estimate the Likely hood of Potential Penetration Becoming Actual Penetration
Hardware: Servers are kept in a secure area of a school district building that students do not have access to. The area is kept locked at all times and is also video monitored.
Identify Countermeasures Against Perceived Threats and Vulnerabilities
Human Threats/Vulnerabilities Prevention: All users will be trained on how to keep their information secure. Students and teachers will learn how to keep their unique usernames secure and why not too let others share their login.
Hardware/Software Threats/Vulnerabilities Prevention: All user activity is logged and improper use will be dealt with according to the student hand book. The third party firewall is updated twice a day to keep up to date on potential threats.
Estimate Costs of Implementing Countermeasures
Countermeasures already available:
1: Every computer requires a login and is also timed out after thirty minutes of inactivity.
2: There is no outside access to the server system which makes it difficult to gain access remotely.
3: All user computer activity is tracked and stored for later use.
4: Teacher monitoring of student computer use.
Projected increase in cost of security $0
Overview of Risk Assessment and Selected Suitable Countermeasures for Implementation
B. Avon Grove Security Policy Plans
1. Student code of conduct
http://www.avongrove.org/district/images/pdfs/HSStudentParentHandbook0910.pdf
2. Acceptable Use Policies
Student users
http://www.avongrove.org/district/images/pdfs/policies/241R.pdf
http://www.avongrove.org/district/resources/technology/policies/AUP_StudentsWeb/AUP_StudentsWeb.swf
Adult users
http://www.avongrove.org/district/images/pdfs/policies/341R.pdf
http://www.avongrove.org/district/resources/technology/policies/AUP_8-09/AUP_8-09_controller.swf
3. Security Login screen capture
http://www.avongrove.org/district/resources/technology/Windows%20XP/Windows%20XP_log_on.pdf
4. Firewall protection and internet filter
http://www.barracudanetworks.com/ns/?L=en