Risk Assessment for Gfi Group, Inc. (Gfi)

Risk Assessment for GFI Group, Inc. (GFI)

RISK ASSESSMENT

Company Network, Interconnection, and Communication Environment

When it comes to the company network, GFI Group, Inc. (GFI) operates as a dealer brokerage company, which was discovered in the U.S. It is in network with over the counter (OTC) related securities and derivative products. The company mostly offers market data brokerage services, and analytics software merchandises to commercial and investment banks, insurance corporations, large businesses and hedge funds in places such as Asia Pacific, North America, and Europe. Furthermore, it offers brokerage services in four broad product classes which consist of credit, equity, financial and commodity. What is more, the company functions through a network of offices in New York, London, Cape Town, Paris, Sydney, Hong Kong, Seoul, Singapore, Tokyo, Englewood Calgary, and Sugar Land. GFI is headquartered in New York City, New York, the U.S.

T As far as Global Finance, Inc. (GFI) interconnection is concerned the world's top networks, carriers and ISPs have recognized strategic points of presence sites and centers all over the globe. Global Finance, Inc. (GFI) boasts the largest number of networks under one roof of any data center provider. With 9M+ ft 2 sq. ft. Of data center capacity across 31 strategic markets in the Americas, EMEA and Asia-Pacific. Global Finance, Inc. (GFI) Global Finance, Inc. (GFI) directly interconnect with every major worldwide network and to satisfy the peering, transit and traffic exchange obligations.

The communication environment has declined over the years at the GFI Group, Inc. (GFI).It is clear that the Business continuity for disaster recovery is considered to be a high priority for GFI and its subsidiaries, as well as GFI Securities, LLC. Our objective is to guarantee our continued ability to serve their clients and to protect their possessions and the individuals and possessions of their company. At the moment, the communication has been a failure due to the fact that its network security has not been able to keep up with the company growth. Their Business Continuity Program (the "program") has been developed to provide reasonable assurance of business communication in the event that there are disruptions of normal operations at the firm's critical services which at the moment are taking place.

Risk Assessment

The risk assessment is helpful for GFI Group, Inc. (GFI) because identify the approaches to be applied for elimination of avoidable risks and the minimization of the risks that are inevitable. The discussions following will restrict the risk assessment to IT connected issues: security, auditing and disaster recovery. Risk assessment is determining two quantities of the risk, the magnitude of the potential loss and the probability that the loss will occur. Risk assessment then is a step in the risk management procedure, http://en.wikipedia.org/wiki/Risk_Assessment. An association has to have procedures in place to manage and identify the certain risks that are involved. Santomero and Oldfield and developed the following guidelines to positively implement the risk management policy that happens to be set up by GFI Group, Inc. (GFI): It has to be essential to the company's business plan.

For that reason, a Risk Assessment and Management project team must be formed to conduct a thorough analysis of the system and provide policies and recommendations to deal with disaster. At GFI Group, Inc. (GFI), the design of the system network will affect auditing security, and disaster recovery, as a result a comprehensive analysis of the network design, security and disaster recovery will go a long way to mitigate against all of the possible risks.

Disasters, Backup and Recovery Plan

GFI Group, Inc. (GFI) has to have data which is based on analysis of risk factors that are also based on their probability and progressive nature of incidence accessible to mature the backup and recovery plans. However, this data could possibly be utilized in order to create effective and balanced measures for mitigation, loss prevention, mitigation, and recovery.

Disasters can be classified into three broad categories:

1. Technical Disasters: Equipment Failure, Loss of A/C, Software Failure, Database Service Failure, Loss of Power.

2. Natural Disasters: Fire, Tsunami, Earthquake, Flood, Airplane Impact, High Winds, Human-Caused Disasters: Theft, Vandalism, Virus,

3. Unauthorized Access: Tampering, Code/Data Error

Measures that will have to be taking to mitigate technical disasters consist of the following:

1. UPS for every one of the critical devices.

2. Deliberate the use of localized (directed) cooling and maintain back-up equipment cooling procedures.

Risk Assessment: Security

Security can be looked at in the following three major areas:

1. Physical security which consist of right of entry to the plants, to the rooms housing servers and other computing maneuvers.

2. External threats that involve the computing network

Access and permission to authorized users of the system

Physical security will involve the company securing its assets by devices for instance alarm system for off hour utilization, and identification cards for workers. A process will need to be should in place to make sure that guests are correctly identified before getting any kind of assess to the facility. Users will not be able to take computer home except they are protected by the encryption software. Also downloading proprietary data onto CD, floppies, thumb/flash/memory drives and other portable media will need to be rejected unless such dealings are pre-approved and appropriate security actions are then taken.

Any enterprise will have to pay special consideration to computer security. Computer security is considered to be a field that is bothered with the control of risks connected to the utilization of the computer. A main focus will need to be on the external threats to the computing environment. In enterprise with branches cross country, it is important to allow information from "trusted" external sources, and disallow intrusion from non-trusted or anonymous sources. In a secure system, those that are the official users of that system are still able to do what they are supposed to do. Strong verification approaches can be used to safeguard that communication end-points of who they say they are, for instance, passwords should have no less than 8 complex character and must be changed every 130 or so days. Furthermore, ability and admission control list methods can be used to make sure privilege separation and mandatory access control are in order.

Mandatory access control is something that will be utilized in order to make that privileged entry is removed when rights are rescinded. Passwords are considered to be one of the most usually used approaches of authenticating user authority. Chain of trust practices can be utilized to endeavor to make sure that all software inserted has been certified as true by the system's designers. Merely official users will need to be able to set up software on the system.

Firewalls are software and/or hardware mechanisms that protect computers from those that are considered to be intruders. However, the firewall will not permit anything to enter come into the computing environment without the accurate markings. Every kind of the networks requires a firewall in order to keep out files and people that are dangerous to the system. In a production arrangement, an application that offers no way to cover already known security errors do not need to be used until the fix is made obtainable. Publicly recognized flaws are the main entry utilized by worms to routinely break into a system and then extend to other systems that are in connection with it. Secunia.com is an enterprise that looks over vulnerabilities in over 13,000 merchandises (Patton, 2003). Secunia's site is something that needs to be put to use as a search instrument for unpatched recognized defects in products that are popular. Software that is Anti-virus quarantines or deletes viruses on your computer, in principle shielding a person against viruses. However, this software once it gets on the computer will of course need to be updated from time to time, as there are new viruses made every day. There are a few things that are vital section of any software that is antivirus, one will need to look for a good discovery rate, compatibility with the companies system, easy to use, and must have the capability to make it update (Crump, 2009). Intrusion-detection systems are able to scan a network for individuals that are on the network but then again who should not be there or are doing things that they should not be doing, for instance trying out a lot of passwords to gain admission to the network.

Cryptographic Methods

In the future, as GFI Group, Inc. (GFI) expands, cryptographic methods can be utilized in order to defend information that is in transit among systems, decreasing the probability that data replaced among systems can be modified or intercepted. Computer security is considered to be an area of computer science that is concerned with the control of risks connected to the use of a computer. There are two dissimilar methods to security when it comes down to the computing. One puts the emphases mostly on external threats, and usually treats the computer system itself as a system that is trustworthy (Crump, 2009). In a secure system, the official users of that system are still capable of doing whatever they need to do.

GFI Group, Inc. (GFI) can use secure crypto processors in order to influence physical security methods into shielding the security of the computer system. Cryptographic methods are something that does include transforming statistics, scrambling it so it turns out to be illegible during transmission. The envisioned receiver can unscramble the message, nevertheless eavesdroppers will not be able to do this. Encryption is utilized in order to protect your message so that others will not be able to use it. This can be done in numerous ways by swapping the characters around, substituting characters with others, and even eliminating characters from the communication. These have to be utilized in combination in order to make the encryption secure enough that is to say, adequately hard to crack. Public key encryption is an advanced and practical way of doing encryption (Suter, 2006). It permits for example anyone to transcribe a message for a list of receivers, and simply those receivers will be able to declaim that message.