Before we begin to implement any type of network solution, we need to go through a planning stage. One of the most important elements of this phase is Requirement Gathering. We need these requirements from stakeholders so we understand what is necessary to provide in order to meet all of the needs of the requestor. Assume that we are being asked to lead a project that will upgrade or replace a company’s network infrastructure. The company has 1,000 employees in two different offices and have had their existing network equipment for five years. You are leading the project and are starting the Gather Requirement activity.

What requirements would you need to know about? For each requirement, who would you need to talk to get detailed clarification? Why is the Gather Requirements activity so important?

2. Understanding risk is also a vital element of network design. Risk is the chance that a threat will exploit or take advantage of a vulnerability. A threat is something that can cause harm (a hacker, a flood, etc), while a vulnerability is a weakness in a systems (poorly configured firewall, unpatched system, etc). Every time a threat can exploit a vulnerability (threat action), we have a risk. For example, there is a possibility (risk) that a disgruntled employee (threat) could delete sensitive data from the network (threat action) because of poor file system access controls (vulnerability).

Choose a company or industry to examine risk for. If you currently are working, try and use your knowledge of your current company. Determine and list at least 3 risks, threats, vulnerabilities, and threat actions for your company of choice. For each risk, determine how you would mitigate the risk. Mitigation is attempting to lessen the impact or likelihood of a risk occurring.