1 / 11

USAID Peru Enterprise-Wide Risk Assessment Overview - February 1999

This document outlines the purpose and activities related to the USAID/PERU Risk Assessment conducted in February 1999. It highlights the critical importance of identifying essential organizational information, assessing systems for vulnerabilities, and recommending solutions to enhance security. The assessment involved pre-assessment activities including data collection, vulnerability identification, and analysis of potential threats, followed by on-site reviews and staff training. The expected outcomes include the development of security and contingency plans tailored to the mission's specific needs.

adora
Télécharger la présentation

USAID Peru Enterprise-Wide Risk Assessment Overview - February 1999

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide USAID/Peru Risk Assessment In-Briefing February 19, 1999

  2. Team Introduction • USAID ISSO - Jim Craft • Risk Assessment Program Manager - Rod Murphy • Consulting Manager, Information Technology - John Zobel • Senior Computer Scientist - Mike Reiter • UNIX Team Lead - Steve Bui

  3. Purpose • A Risk Assessment allows one to: • Determine which information is critical to the organization • Identify the systems that process, store, or transmit that critical information • Identify potential vulnerabilities • Recommend solutions to mitigate or eliminate those vulnerabilities

  4. Determine the Scope USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Identify the boundaries of the system(s) being evaluated • Cisco Routers • Servers • Workstations • Communication Lines • Identify the level of detail expected from the Assessment • Compliance with Agency/Mission requirements • Compliance with best practices

  5. Pre-Assessment Activity USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Collected and Analyzed Mission Data • Asset Information (Hardware/Software/Financial) • Automated Survey Questionnaires • 51 surveys sent out • 22 responses received • 34 potential vulnerabilities identified • Conducted an Automated Network Scan using HYDRA • Identified 8 major and 17 minor vulnerabilities • Developed and forwarded an Immediate Needs Report to TCO and Mission staff for action • Conducted a follow-up HYDRA scan to confirm Mission Configuration changes

  6. On-site Activities USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Friday: • Receive a Mission Threat Briefing • Coordinate Assessment Logistics • A room for the Assessment team to work out of • A room scheduled for conducting training (Wed) • A room for in-briefing and out-briefing • Interviews scheduled for Mon and Tue, if necessary • Schedule meeting with Functional Management on Tues. • Schedule all staff training for Wed. (one hour sessions) • Schedule meeting with Security Plan and Contingency Planning staff. (Wed) • List of mission phones number ranges for scan

  7. On-Site Activities (continued) USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Conduct a Physical Review of the Mission Facility • Meet with System Administrators • Establish System Ids as needed • Conduct UNIX review • Conduct Banyan review • Review NT Security • Monday: • Conduct staff interviews • Additional System (UNIX,Banyan,NT, Cisco) reviews • Conduct an after-hours modem scan

  8. On-Site Activities (continued) USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Tuesday: • Conduct additional interviews as needed • Meet with Functional Mission Management to discuss: • Connectivity/Business needs • Mission impact with regards to Agency requirements • Roles and Responsibilities associated with policies • Wednesday: • Conduct Mission staff training • Assist in the development of Mission Security Plan and Contingency Plan

  9. On-Site Activities (continued) USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Conduct any activities needed to wrap-up assessment. • Analyze information gathered from pre-assessment and on-site assessment activities. • Develop “Draft” Assessment Executive Summary Report. • Develop Out-Briefing • Present Out-Briefing to Mission Management/Staff

  10. Expected Outcome USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • What the Assessment Team expects to Accomplish: • Identify areas of concern • Provide recommendations that will enable management to make decisions associated with risks • Assist in the development of a Mission Security Plan • Assist in the development of a Mission Contingency Plan • Provide an annual Security refresher Training class to all Mission personnel • Develop a standardized approach to conducting Mission Risk Assessments • Identify Mission Concerns associated with UNIX, Banyan, NT, Cisco configuration checklists • Identify and address specific Mission concerns

  11. Additional Activities Being Conducted at Each Mission USAID PRIME PRIME Principal Resource forInformation Management Enterprise-wide • Assist in the development of a Mission System Security Plan • Provide a template for developing a Mission Contingency Plan • Provide on-site training • General User • System Administrator • System Managers/Executive Officers • Address any additional concerns

More Related