Global Finance, Inc. is an international organization with expansions in many states. In every state, the company has a number of sites and each site has several workers and customers. Offices are interconnected to each other and to the host organization. As an international organization, Global Finance, Inc. requires a robust network that can support its daily operations, a secure network system and efficient network management strategies. Normally, network choices rely on the company budget, network coverage, and internal and external regulations. Effective network security requires constant upgrades and close monitoring to ensure possible loopholes are sealed in time.Executive SummeryGlobal Finance, Inc. network is constructed by sets of routers and switches. The network switches and routers are designed with unique typologies including different sizes of meshes. The network adopted packet switching and circuit technologies. Packet switches are effective transfer paths and sharing carriers. The network system allows sharing with clients and other management teams. There are also virtual circuits connected to the main path to serve various needs. Additionally, the network has circuit system, which facilitates data transfer only when needed. Global Finance, Inc. has employed Integrated Services Digital Network (ISDN), which only transfer data when initiated (Acharya, Lasse, Thomas & Matthew, 2011).Apart from Wide Area Network (WAN) and Local Area Network (LAN) connections, Global Finance, Inc. has utilized other forms of connections such as different internet ISPs, private networks and telephone connections. The design has also incorporated Virtual Private Network (VPN) for in public switched networks (PSTN) to enhance information privacy and security. Global Finance, Inc. developed an encrypted network system as a security measure against its data (Dana & Arkin, 2010).The expansion of Global Finance, Inc. has created openings for new threats, risks and vulnerabilities. Some of these network challenges were not envisioned during network structure development. Despite the expansion, Global Finance, Inc. has experienced any incident as per PCI DSS. However as move to maintain network security compliance, this Risk Assessment has been undertaken to limit any future network risk that might have been overlooked during network initiation and over the past risk assessments. During the Global Finance, Inc. Risk Assessment, a number of potential network threats were found. The company has no measures to contain physical harm to computers and security measures to manage tampering from end users are minimal. Global Finance, Inc. has no continuity plans to manage in the organization, in case, the internets go out. Financial intuitions are vulnerable to attacks, owing to the nature of business. As a result, mitigation measures should be in place for any form of incompliance. Priority should be put in the most vulnerable places, which could harm the organization in short term. Security breach in Global Finance, Inc. might result into losses and loss of customers confidence. The diagram below illustrates the major risk domains in Global Finance, Inc. (Dana & Arkin, 2010).

Fig 1. Global Finance, Inc. Network Risk Domains While several organization network system can pose risk to the organization, during this risk assessment priority was put on:1.Un-Patched Servers. These are servers used in the organization network. Un-Patched Servers exposed to internal servers and internet without direct connection are vulnerable points. Many companies, including Microsoft have not succeeded in managing their patches, despite their diligence in patch maintenances. Usually, patches leads to internet disruption by warms such as Code Red. The most vulnerable points are the internal servers, which do not directly connect to the internet (Acharya, Lasse, Thomas & Matthew, 2011). 2.Un-patched Client SoftwareInternet client applications such as Internet Explorer, Outlook and Outlook Express have many security vulnerabilities. The weaknesses can be easily exploited by Viral code or Worms. Usually, they slip through anti-virus and add their signature to anti-virus software making them difficult to identify. The solution to the problems is to update all browsing and emails with available security patch. Today, emails are widely used in work places, while at the same time they offer the greatest security threats. However, Microsoft Office XP and Microsoft Outlook offers automatic blockage to potential email threats.3.Insecure File Sharing Daily routines in Global Finance, Inc. include sending files, printing and making file copies with an office. Usually, this happens between or among office computers. This is essential part organization administration; however, maximum security must be taken in managing risks associated with file sharing. Warms and virus spread easily among computers within LAN. At times, data managers even spread the risks through portable devices such as hard disks and compact disks. To manage possible file transfer risks, program folders, root folders and operating system folders should not be shared (Acharya, Lasse, Thomas & Matthew, 2011).4.Insecure PasswordsPasswords are common risks in organization networks. Passwords need to be guarded with a lot of secret and hard to guess. Passwords should be given only to specific individuals and at set times. It is important to determine password sharing and usage during network risk evaluations (Dana & Arkin, 2010).5.Dial-up ConnectionsCorporate computers can be configured to use dial up connections, which bypasses security implement on the corporate network. Usually, such activities exposes corporate network to email borne Trojans, viruses and warms. Servers should be parched to limit the use of dialup connections in corporate network.6.Corporate owned laptopsCorporate portable laptops are big security threats. They are exposed to several networks including client networks and dial up connections. The disk space of laptops, memory and speed makes them hard to keep up to date with patches. In some corporations, employees are allowed to use their own laptops, which offer similar security challenges to corporate laptops. The portability nature of laptops also increases data insecurity when they are stolen.Network Risk Assessment ToolNetwork Security Designs should be geared towards meeting organization goals and objectives. While planning financial organization network, the following should be taken into consideration:Managers should focus on value return and not investment return. The harm security breach can cause to an organization should be the key consideration rather than the profit on the network investment. Assumptions should not be made on possible sources of network vulnerabilities. Network threats and risk emanates from both within the organization and external sources.Security threats should never be tackled in piecemeal. A unified strategy, which protect the entire network should be put in place when handling security challenges.Network security issues should be rolled out as a collaborative approach. All network users should be trained and advise accordingly on security matters.A balance of network security and usability should be put in place. Normally, more secure networks are very complex to use. The following table indicates the risk assessment tool that was used to determine Global Finance, Inc. network vulnerabilities, threats and risks. The major areas of concern included acceptance use policy, communication activities, antivirus use, identity policy, information encryptions, password policy and remote access policy. Table 1. Organization Network ChecklistGlobal Finance, Inc. Network Security Inventory Security Technologies 1. Does Global Finance, Inc. has Yes No(1) Up to date Firewall System (2) Secure Private Network (VPN)(3) Intrusion Prevention Mechanisms(4) Network Content Security(5) Identity control and management (6) Secure networks system (7) Compliance validation proceduresOrganizations Digital Assets and their Users2.Are all organization digital systems (intellectual property and client information) in place3.Are the digital system locations documented4.Are the access to digital systems controlled5.Do third parties have access to the digital systems6.How are there control measures on access to digital systems The Impact of Security Breach to the Organization7.Is there potential financial risk in cases of network outage 8.Could security breach disrupt organizations operations9.Is there a significant financial risks when network is down 10.Are there e-commerce features in the organization 11.Is the organization network fluctuating 12.Is the organization network damages insuredOrganization Current and Future Network Needs16.Are there further organization expansion strategies in place17.Are the network equipment regularly updated18.Are the organization software and antiviruses regularly updated19.Are employees undergo network security trainings20.Is there significant effect on organization growth to its digital platform21. Are end user network policies communicated to third partiesPhysical Security System 22.Are offices locked properly during none office hours? 23.Are all maintenance officials have identification details? 24.Are computers securely placed in the offices 25.Are methods taken to control entry and movement of people in the offices26.Are the computers served by uninterruptable power supply to avoid unsaved data loses27.Are there measures in place against vandalism and any other form of attacks

Analysis of Global Finance, Inc. value chain was also important in determining the type of risks organizations are exposed to. Values chains were used to illustrate the organization activities, which can expose its network to vulnerabilities. Through value chain analysis, we were able to understand how various activities and stakeholders interact with the organization network. Examination of organization value chain was also important in determining critical network paths, which required utmost security procedures from those that posed limited threats. Among the activities that was identified include Global Finance, Inc. online and offline inbound and outbound logistics, operations, marketing, services and sales. These activities expose the financial institution to interaction with different stakeholders, which exposes its network to external vulnerabilities. Value chains enumerated network components of the value activities. Based on the assessment, each of Global Finance, Inc. value chain presented both physical and online processing components. While the physical components are concerned with physical handling of products, information components functions on information delivery and data management. Financial institutions have very comprehensive information components that their health is vital for organization performance. Global Finance, Inc. have in place many computer aided programs such as automatic teller machines, money withdrawals, deposit alerts, and automatic money transfers services. As a result, secure network system is vital for Global Finance, Inc. survival. The company has employed its information system in multimedia marketing and sales, the value chain include telecommunications, scheduling service force, answering clients on social sites and desktop publishing. The information was vital in determining possible sources of network vulnerabilities for enhancing their remedies. The assessment also linked organization value chain and that of supplies such as entry systems on inbound and outbound logistics, and communication within and outside organization with systems such as electronic data interchange. The linkages provide information on how organization assets are linked to the network system and dollar value of investing in network technology can computed. Delphi technique was employed to determine the asset list and characteristic of network assets. Table 1. Organization Risk Compliance Table

Risk - Threat - VulnerabilityPrimary Domain ImpactedRisk Impact/FactorRecommendationsService Provider SLA is not achievedLAN-to-WAN1Alternative service provider should be sought and non-functional networks terminated.Unauthorized public internet access LAN-to-WAN1PCI compliance should be maintained by Creating DMZ to protect data.Hacker bypasses security system and gain access to organization dataSystem/Applications1Create DMZ to keep hackers out.Primary data is destroyed by fireLAN1Offsite back up station should be constructedMobile employees should have security measures in place while accessing organization information Remote Access1Use encryption software to tunnel the system.Users uses personal storage devices on organization computers User1Rules and regulations should be put in place to control the use of personal devices in organization computers.VPN tunneling between remote computer and egress/ingress router is neededRemote Access1Set up systemNeed to prevent eavesdropping on WLAN due to customer privacy data accessWAN1Create DMZ and encryption softwareDoS/DDoS attack from the WAN/InternetWAN1Create DMZ for data protection. Ensure the use of up to date software to prevent such attacksUser destroys data in application and deletes all filesUser2Create back up of all data after use and limit user access to deletion permissions.Unauthorized access to organization owned workstationsUser2Authorization protocols should be made stricter.Loss of essential production dataSystem/Applications2Create multiple reflection system and ensure data is continuously backed up to prevent lossService denial attacks on DMZ and e-mail serverLAN-to-WAN2Allow access to DMZ using only specific sourcesRemote communications from any given organization home officeRemote Access2Use encryption softwareUser downloads and popups on unknown e-mail attachmentUser2Policies should be in place, which restrict opening of unknown emails. An up to date virus protection software should be used to scan the system for potential risksWeak ingress/egress traffic filtering hampers performanceLAN-toWAN2New filtering methods should be put in place to replace the none functional onesWLAN access points are required for LAN connections within warehouseLAN-to-WAN2Secure point should be established inside warehouse for LAN connection to WANIntra-office employee communications such as romantic affairs User3Fraternization policy should be established and employees involved should be separated when working.Workstation Operation Software has a known software vulnerabilityLAN-to-WAN3All patches should be updates to date as per the growing concerns.LAN server OS has a known software vulnerabilityLAN3All patches should be updates to date as per the growing concerns Workstation browser experiencing software vulnerabilityWorkstation3All patches should be updates to date and anti-virus software should be installed. Service provider is experiencing a major network outageWAN3The provider should be replaced with new person.

Legend: 1= Critical these are threats, risks, or vulnerability affect network compliance and affect organization network system 2= Major - these are threats, risks, or vulnerability affecting confidentiality, integrity, or intellectual property rights 3= Minor - these are threats, risks, or vulnerability, which impacts on users or employees productivity to the organization.Risk Assessment PlanThe risk assessment method employed in this project enabled risk auditors to identify, score and rank risks in Global Finance, Inc. high priority risks were included in the project schedule and marked appropriately for risk managers to take the most appropriate steps in coming up with risk implementation strategies (Lelyveld & Liedorp, 2006). It was recommended that risk managers to provide monthly status update on the assigned areas. Based on the reports, the project managers will determine risk improvement strategies, which could be necessary for feature projects. During the risk assessment, short-term mitigation recommendations were put in place to manage risks, which could have high impacts on the organization within a short time. These include back up procedures and incidental responses.

Table 2. Network Server Disaster Back-up Procedures. Step 1Use the backup recovery tool for Windows Servers. Open the current backup recovery for the operating server and reset the system to restore.Step 2After restore process, restart the main server managers should restart the main server for old pre-fetching data to be released. The backup system is important at this level since the systems require very negligible downtime.Step 3Bring the main server back up and determine whether the backup process is complete. Install necessary updates, anti-virus, other vital software and operating system definitions.Step 4Switch control of the main server and stop the backup server from storing addresses and other network information.Step 5Back up current data should be backed up on the main server to facilitate recovery processes if the need arises in futures.

Table 3. Computer Incident Response ProceduresThese are routine procedures to maintain computers health and to avoid adverse information loss and damages due to attack on computers (Lelyveld & Liedorp, 2006).PreventionPreparationInstall and update firewall on the server with updated ACLs that monitors incoming and outgoing traffics. ACLs should be set up on the router to limit traffic flow. Blacklist and Whitelist websites and host email and addresses that contain virus and other harmful materials. Ports, which are not used, should be closed to manage harmful leaks.IdentificationFirewall should be set to a level sensitive enough to detect unnecessary materials; additionally, sub-root directives, which notifies, when potential threats occur should be put in place.ContainmentSniffing software and anti-viruses should be used to eliminate threats in DMZ and Sandbox utilized to prevent any further damage.RecoveryIncremental backups should be restored after scanning and debugging to ensure that no vital information is lost during the process. All ports should be checked to ensure they are all sealed and safe from any possible leak.

The diagram below illustrates a secured Network system with IDS censors for Global Finance, Inc. Fig 2. Global Finance, Inc. with IDS censors There are sensors to monitor public network since these are prime areas for attackers. Another sensor has been placed behind the firewall LAN network and internet. IDS can also be placed around remote servers such as VPN and dial ups.

Conclusion It is hard to come by one hundred percent network security in financial organizations. The root of network insecurities majorly emanates from lack of awareness, concern, attention and commitment from organization management team. As result, purchasing security wares contribute insignificantly on network security management. Usually, new security measures come with regulations, which require organization change management. The best approach is constantly assess the organization security and makes improvement. This Risk Assessment paper has employed multiple qualitative methodologies, which include the use of questionnaires, scenarios and Delphi methods. Single risks assessment methods do not offer flexibility required for the wide variety of financial organizations threats, vulnerabilities and assets with easily interpreted data. Based on the risk assessment findings, Global Finance, Inc. needs to constantly update its security software, ensure security parches are effectively sealed and develop secure VPN networks. Network security is important for this company owing to its online transactions and storage systems. Risk assessments also need to be conducted regularly to facilitate effective mitigation measures.

ReferencesAcharya, V., Lasse H., Thomas P., & Matthew R. (2011). Measuring Systemic Risk, Working paper. New York: New York University.Lelyveld, I., & Liedorp, F. (2006). Interbank contagion in the Dutch banking sector: a sensitivity analysis. International Journal of Central Banking 2, 99133.Dana P., & Arkin, W. (2010). "A hidden world, growing beyond control". The Washington Post. n.p. Accessed March 2014.

APPENDIX A. Network Security Checklist ScoresGlobal Finance, Inc. Network Security Inventory Security Technologies 1. Does Global Finance, Inc. has Yes No(1) Up to date Firewall System (2) Secure Private Network (VPN)(3) Intrusion Prevention Mechanisms(4) Network Content Security(5) Identity control and management (6) Secure networks system (7) Compliance validation proceduresOrganizations Digital Assets and their Users2.Are all organization digital systems (intellectual property and client information) in place3.Are the digital system locations documented4.Are the access to digital systems controlled5.Do third parties have access to the digital systems6.Are there control measures on access to digital systems The Impact of Security Breach to the Organization7.Is there potential financial risk in cases of network outage 8.Could security breach disrupt organizations operations9.Is there a significant financial risks when network is down 10.Are there e-commerce features in the organization 11.Is the organization network fluctuating 12.Is the organization network damages insuredOrganization Current and Future Network Needs16.Are there further organization expansion strategies in place17.Are the network equipment regularly updated18.Are the organization software and antiviruses regularly updated19.Are employees undergo network security trainings20.Is there significant effect on organization growth to its digital platform21. Are end user network policies communicated to third partiesPhysical Security System 22.Are offices locked properly during none office hours? 23.Are all maintenance officials have identification details? 24.Are computers securely placed in the office desks25.Are methods taken to control entry and movement of people in the offices26.Are the computers served by uninterruptable power supply to avoid unsaved data loses