Internet Security: A Jumpstart for Systems Administrators and IT Managers

Risk analysis is the process of determining where you most need to focus your time, efforts, and financial resources to develop a security implementation. This process will include the analysis of the threats, the impacts of those threats, and the corresponding risks. Once you have executed this process, significant business risks and weaknesses will be more evident, and this will help you develop counterstrategies.
The formula to determine risk is: Risk = Impact + Threats + Likelihood
As you perform your risk analysis, you will determine what is most important to the business in terms of security. You will also review the potential impacts to the business, which will be business-specific results of a particular attack. One significant part of the analysis is to understand the service level agreements (SLAs). If you cannot support your business requirements say, due to a service outage then you may suffer a significant loss of revenue.
As you walk through the risk analysis process, you will be introduced to the following tools: the technology security review (TSR), the control directory (CD), and the environment risk table (ERT). These tools will help you develop a strategy to accomplish the following goals:
Eliminate risk
Reduce risk to an acceptable level
Minimize the damage from an incident
Create the countermeasures needed for each incident type.
You should include at least the following factors when you perform your risk analysis.
Physical network architecture
Firewalls
Routers
Messaging servers
Web servers
Operating systems
Application services
Application servers
Server level...