1) Define your audit
·
9
Labs
·
2
Classroom
·
Admin
(15pc)
·
Theater
Room (1pc)
·
Library
(3pc)
·
Wireless
Access Point (9)
·
Information
– Student & Lecturer
·
Internal
– School Payment, Employee Salary & Policy
Ø
To
be audited:
o
Salary.
o
Information.
o
Admin.
o
Lecturer
Room.
o
Wireless
Access Point.
o
Internal.
Ø
Not
important:
o
Library.
o
Classroom.
o
Theater.
o
Lab.
2) Define your threats
·
Natural
Disaster.
·
Malware.
·
Hacker.
·
Physical
Breach.
·
Negligence
employees.
·
Malicious
Insiders.
3) Security Performance
·
Network
Scanning.
·
Virus
Detection.
·
Password
Cracking.
·
Vulnerability
Scanning.
·
Interview
employees.
4) Prioritize (Risk Scoring)
·
Natural
Disaster
-
Damage
(3)
-
It
can occur (2)
·
Malware
-
Damage
(3)
-
It
can occur (3)
·
Hacker
-
Damage
(4)
-
It can
occur (2)
·
Physical
Breach
-
Damage
(2)
-
It
can occur (4)
·
Negligence
employees
-
Damage
(2)
-
It
can occur (1)
·
Malicious
Insider
-
Damage
(4)
-
It
can occur (3)
·
Higher
– lower risk :
o
Physical
Breach.
o
Malware.
o
Malicious
Insider.
o
Hacker.
o
Natural
Disaster.
o
Negligence
employee.
5) Formulate Security Solutions
·
Physical
Breach
-
Limit
access to hardware (Solution)
-
Tracking
device (How to improve)
·
Malware
-
Install
and update anti-virus (Solution)
-
Add
Firewall (How to improve)
·
Malicious
Insider
-
Apply
one-time password (Solution)
-
Give
access to trusted specific employee (How to improve)
·
Hacker
-
Create
strong password (Solution)
-
Filter
suspicious links and emails (How to improve)
·
Natural
Disaster
-
Back-up
data (Solution)
·
Negligence
employee
-
Employee
educations
