Network Risks

What kinds of risks do you associate with your network/network design/management/infrastructure outside of “security”? Do your auditors take any focus on your network “security” issues, if so can you let me know some examples of what? Or do you buy in independant 3rd parties to look at any other aspect of your network for what is ultimately a risk? Do these risks match up with those associated with security issues, in terms of likelihood/impact?
LVL 3
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
1) Security. I included this even though you said outside of security

2) Availability.

3) Performance.

3) Serviceability.  Sort of the same as availability, but I include it separately.  This is the ability to do service (firmware upgrades. equipment replacement) without causing major outages.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve JenningsIT ManagerCommented:
Change control . . . auditors -- serious auditors -- will look at change control records to make sure that every time (on a Cisco router) "config t" is entered there's a corresponding change control record.

Security is reviewed as a part of configuration management . . .are we adequately protecting our resource based on communication requirements? For example, do we allow ports and protocols through our stuff that serves no purpose?

Good luck,
SteveJ
0
giltjrCommented:
It seem you have asked a lot of "risk" related questions.  If you can give us the background we may be able to give you more gudiance.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

pma111Author Commented:
Just general enquiry and research really, it seems folk focus on security as risk in fact I asked an it manager for his view on risk and it was all about access to confidential data, nothing on other stuff.
0
pma111Author Commented:
Just general enquiry and research really, it seems folk focus on security as risk in fact I asked an it manager for his view on risk and it was all about access to confidential data, nothing on other stuff.
0
giltjrCommented:
Typically "security" does deal with access to resource(s) that you are not authorized to access.

A server crashing so that an application is not available for use is not considered a security risk, but is considered a availability risk.

So asking about security as a risk may not lead down the road of availability risks or performance risks.

What are you trying to research?

Again, the more specific you are the better the answers you will get.
0
pma111Author Commented:
Thanks, I worded the question poorly it was more 'non security network risks' those that still have a business impact
0
pma111Author Commented:
And best practice tech guide to mitigating the non security network risks if such a thing exists..
0
giltjrCommented:
Are you trying to write a guide?

Or are you trying to find one?

0
Steve JenningsIT ManagerCommented:
hmmmm . . . so in this sense, you are considering misconfiguration a risk?

SteveJ
0
pma111Author Commented:
Find one and stevej yeah anything that constitutes a risk to the business we are essentially trying to write a top level risk universe for our org and not just focus on security which has long took centre stage
0
Steve JenningsIT ManagerCommented:
We run high level design review and detailed design reviews for all "significant" changes and peer review for "lesser" changes to our network to avoid the risk of misconfiguration, bad, poorly or inadequately thought thru design. This includes design or change that is too complicated to debug at 3:00am on a Sunday morning . . . because an inability to easily debug is a risk.

Good luck,
SteveJ
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.