In the process of setting up a VPN company, several aspects have to be put into consideration. Among the several aspects that are critically examined is the aspect of risk and risk management. In this scope, the area of specialization being in provision of shared secure network has some technical risks associated with the sector. The most common threats or risks most likely to happen are physical damage to the network devices, poor quality cabling, malicious threats posed by an intruder who may penetrate into the local network. Another risk which might occur is theft of the equipment or poor network security which may have loopholes making the network much vulnerable to malicious attacks (Trojans and viruses) and intruders accessing very sensitive and confidential data (hacking) (Alice, 2002).
Having assessed the greatest impacts, it is necessary to assess the project and equipment to determine the process of managing the risks. The project covers a number of network equipment which can be taken to be about 50 workstations, network equipment like servers, routers and cables. Since the major task is to provide a secure shared resources network, aspects of theft and damage have been taken as constants. For this reason, the risks have been modeled to be caused by intrusion into the network. Any network is highly vulnerable to attacks thus a number of preventive measures have to be taken. To begin with, an intruder or malicious software aims at getting confidential information in a network. For this reason, a number of steps have to be taken (Hubbard, 2009).
The first aspect is to protect the internal data or network resources from external attacks. This would be best based on use of firewalls. This would help protect any person from outside the network from accessing any local data. This leaves the risk of unauthorized data access only to internal intrusion. To protect the data internally, several aspects can be looked into. The first aspect is the element of granting access to confidential information only to the management or concerned staff of the company. This can be achieved by use of passwords and network authentications requiring a network user to verify identity before accessing any resources in the network. Contractual employees can be given temporary access to confidential information and upon end of the contracted period the user is deprived any access privileges (Alice, 2002).
Another aspect that can be taken is to ensure that any data which can be sniffed by a malicious program is encrypted. This is mainly because the malicious software targets mainly data in transit from one device to the other. By encryption, informational security is heightened making the probability of risk occurrence to be very low. This would mean use of other pieces of software to encrypt and decrypt the data and firewalls as well as passwords. These security measures would increase the ability of the company to handle any threat or risk likely to occur infringing on data integrity within the network (Alice, 2002).
Taking a look at other risks likely to occur in the project, budget costs can impact negatively on the business. To cover this, risk, the company should first ask for quotations from several suppliers and check who will supply products of the best quality at the lowest cost. This helps reduce the effect of budget risk on the project. Though the additional security features may come at an extra cost from the estimated amounts, it is worth incurring the costs since in the long run there would be reduced running costs due to increased security measures curbing any attack on the network and its equipment (Mark, 2007).
In conclusion, a risk management scheme is very essential in any business venture. Though many people tend to ignore this aspect, mostly in the IT sector, it is very crucial since by securing a network, no information leaks out of the company unnoticed. This helps create public trust among the clients.
Hubbard, D 2009 the Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons
Mark S. 2007. Introduction to Risk Management and Insurance, Englewood Cliffs, Prentice Hall
Alice, A. 2002 Risk Management Guide for Information Technology Systems Gaithersburg, MD: National Institute of Standards and Technology