Running head: POTENTIAL WEAKNESSES Security Assessment and Recommendations Security Assessment and Recommendations I have been charged with the task of identifying potential security weaknesses and recommending solutions for Quality Web Design (QWD). The project was completed in two phases. The first phase of the project specifically identified and defined two potential security weaknesses: software and policy. The second phase recommends solutions to these potential weaknesses. I chose a scenario that outlines specifics of the organization’s type of business, business processes, assets, services, and security controls. It is crucial for any organization to take necessary steps in securing their business’ assets, and customer’s …show more content…
An attack to these mission-critical processes can mean a decrease in the organization’s revenue; client’s personal information being accessed, modified, or even deleted; and even degraded network performance. QWD would lose significant clientele and would not be as appealing to their target audience – not so good for their mission of providing top quality services. Policy Reducing the exposure of the corporate network from outside attacks is crucial in protecting mission-critical processes for QWD. The security assessment doesn’t end with software firewalls for their remote users. The company’s security policy must also address this vulnerability. QWD has policy in place that speaks to who has access to data and the type of data; username standards; password length, complexity, rotation, and history; and security training. However, their policy doesn’t address remote access devices: installation and configuration of firewall and anti-virus software on all employees’ remote computers and acceptable use. These are critical in preventing remote computers and mobile devices from compromising the corporate network (Ruskwig, 2006, pp. 1). Without such a policy in place, there is no guideline for securing QWD’s assets. Any remote employee that has Internet connection that is always on runs the risk of infection or even allowing access to
Despite the presence of network security devices such as firewalls and other security appliances, today's corporate networks are still vulnerable to both internal and external attacks by hackers intent on creating havoc. By proactively
With the use of remote access solution to balance the need for mobile access and user productivity is one way to keep corporate resources secure. The Portal app for iOS and Android devices simplifies secure mobile access to Riordan web applications that reside behind the access policy manager and Gateway. With the Portal applications, employees can access internal web pages and web applications fast. The Portal, along with customers’ existing Gateway, and access policy manager deployments, provides access to internal web applications such as Riordan intranet sites. This portal access provides a launch pad that IT department use to allow mobile access to precise web resources, without exposing full network access from unknown devices. Riordan employees can sync their e-mail, calendar, and contacts directly to the company Microsoft Exchange Server. This also permits IT department to award secure mobile access to web-based resources.
To reduce malicious code, SMC will restrict staff from certain networking sites (Hawkins, 2013a). Additionally, SMC will govern policies that discourage downloading files from the Internet and using personal computer information. Another serious threat is the malicious insider. This can be a disgruntled employee or a recently fired employee who still has access to the network system. Prompt removal of privileges is necessary to avoid issues created by terminated malicious insiders. Separation of privileges is a common security tool that helps decrease vulnerability. If one person can alter pay rate and hours worked, another person must review and approve a report before the changes take
NetQ places the utmost attention to detail when it comes to their security. You do not want to rely on half-baked solutions from a company that cannot stand behind their work. The great thing about hiring us is that we have years of industry experience, which means we will naturally have greater competence than the average company. We have encountered a variety of problems. What else makes us worth choosing? We work with you on an ongoing basis to guarantee business security, and we respond promptly when trouble turns a corner.
Sadly, there is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping to insure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe.
Identify and install the latest security software on all telecommuters' PCs and enforce strict rules for information access including password
iii. Remote access workstations must employ a virus detection and protection mechanism. (See HIPAA Security Policy # 11 – Server, Desktop, and Wireless Computer System Security)
This is an open exposure due to the uncertainties of the internet. Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity, and availability. Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Any automated attacks or personal attack or attack to exploit the company secrets/statistics/data is the biggest threat to that may occur without the firewall.
To fully explain the acceptable use policy would mean to begin from the beginning, the user domain. The user domain is the employee or people within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain is the access of LAN to Wan, web surfing, and internet. LAN to Wan is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can do on company time with company resources. Internet
accessible by assigned staff, via their corporate login. The system is deemed to be secure but
By enacting an Internet Policy, we will maximize the prevention of breaches to the security resulting in the leaking of classified material here at America West. The lack thereof could prove to be detrimental. Prevent unauthorized people outside the company potential access to Company passwords and other confidential information. Internet use also creates the possibility of contamination to our system via viruses or spyware.
Remotely utilizing these programs or software out of the company will cause QWD to be exposed to attacks from the internet. But not only that, employees put the utilization of corporate equipment such as desktops, laptops & mobile devices (iPhones and Windows Mobile 6) in very harmful situations that the company will pay for dearly later as time progress.
While all of these technologies have enabled exciting changes and opportunities for businesses, they have also created a unique set of challenges for business managers. Chief among all concerns about technology is the issue of information security. It seems to be almost a weekly occurrence to see a news article about yet another breach of security and loss of sensitive data. Many people will remember high profile data breaches from companies such as T.J Maxx, Boston Market, Sports Authority, and OfficeMax. In the case of T.J. Maxx, a data breach resulted in the loss of more than 45 million credit and debit card numbers. In many of these incidents, the root cause is a lack of adequate security practices within the company. The same technologies that enable managers can also be used against them. Because of this, businesses must take appropriate steps to ensure their data remains secure and their communications remain
“Internal controls are policies and procedures put in place to ensure the continued reliability of accounting systems” (Ingram 2017). WorldCom’s attempts at maintaining internal controls are less than favorable. Segregation of duties enables the division responsibilities to ensure that no employee completes two similar tasks. The CEO’s monitoring of WorldCom’s financial processes shows that the company has a lax segregation of duties, which makes it easier to commit fraud. Access controls protect financial data from unauthorized access, however, WorldCom’s extent is password-protected computers. No access inventories are taken to monitor employee usage, so there is no trail of when employees are doing during work.
In order to effectively implement security governance, the Corporate Governance Task Force (CGTF) recommends that organizations follow an established framework, such as the IDEAL framework from the Carnegie Mellon University Software Engineering Institute. This framework, which is described in the document “Information Security Governance: Call to Action,” defines the responsibilities of (1) the board of directors or trustees, (2) the senior organizational executive (i.e., CEO), (3) executive team members, (4) senior managers, and (5) all employees and users. This important document can be found at the Information Systems Audit and Control Association (ISACA) Web site at www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997.