Computer Systems Security Foundations

Preview (8 of 24 Pages)

100%

Purchase to unlock

Loading page image...

Dorbsylinks®Page1Computer Systems Security FoundationsComputer Systems Security FoundationsAnalyze the information security challenges faced by Soulmate Ventures, an event planning B2C firm, asit transitions to an online sales model. Discuss the potential risks, necessary security measures, and theimpact of implementing a Designated Security Officer (DSO) and staff training programs on thecompany's overall security posture. Include an evaluation of current asset vulnerabilities and suggestcost-effective solutions to address these issues.Word Count Requirement:1500–2000 words

Loading page image...

Dorbsylinks®Page2Computer Systems Security FoundationsTable of ContentsWeek 1: Introduction to Information Security................................................................................2Description of Company..........................................................................................................2The need for Information Security..........................................................................................2Potential risks that exist...........................................................................................................3Benefits gained from the new project......................................................................................4Challenges encountered by consultant on-site.........................................................................5Challenges applied to company with recent IPO.....................................................................5Week 2: Security Assessment.........................................................................................................6Current Assets..........................................................................................................................6Security and Safety Guidelines for protecting the assets........................................................7Risk Mitigation........................................................................................................................9Week 3: Access Control and Security Mechanisms.....................................................................11Information confidentiality....................................................................................................11Access control........................................................................................................................12Use in business......................................................................................................................13Use of access control in network...........................................................................................13SSO & VPN...........................................................................................................................15Conclusion.............................................................................................................................15Week 4: Software and Database Security.....................................................................................17Week 5: Network Security............................................................................................................22References.....................................................................................................................................27

Loading page image...

Dorbsylinks®Page3Computer Systems Security FoundationsGlossary........................................................................................................................................28Week 1: Introduction to Information SecurityDescription of CompanySoulmate Venturesisan accreditedeventplanningbusiness-to-consumerandmarket-drivenfirmwhichwillusesthe internet to sell products and services directly to customers atcheaper prices than other companies.Typically keepa large collectionofaccessories for partiesand other functions, givingopportunity for customers tomake their selectionof accessoriesbeforesubmitting their choice to the company’sprofessionaldecorators. This saves timesandtheyalso send our professional to get thedecorations done quickly. Imagine having a stress freeorganized party decoration done for you witha click of a button on your computer.The need for Information SecuritySecuritybreachhas now become the order of the dayand it happens in diverse means andthis can affect sales, customer service and staff productivity.When this happens, it takesa lot ofhours and even days for the system to be corrected.Thereforethe need to havequalified IT staffto detect these threats must be an optimumfor the company.The need to value the company’s data is another area that should be checked with asecurity program since the existence of the business depends on it. For instance, taking intoconsideration the online sales where customers use the details on their credit card, there must bestandardized and legally managed regulations in accessing customer credit card data to avoidbusiness losses, legal liabilities and the reputation or the company’s goodwill. Also through the

Loading page image...

Dorbsylinks®Page4Computer Systems Security Foundationsonline business transactions, hackers may plant Trojan horse into the less secured software thatwill allow intruders to sell our secrets to rival companies and therefore causing loss of funds.In dealing with online salescomputer network should be properly securedand activelyconfigured to manageknown threats because of introduction ofmalwaresoftware packagethatcan bemistakenlyinstalled on the company’s pc.Potentialrisks that existThe company is planning to go public butlacks certain information securityinfrastructure.It is the responsibility of managementto have a wellplannedsecuritymeasuresthat willgoverntheinformationresources.In doing this helpsthemanagement to thinkholistically about the security in the company.Accessing the above mentionedcompany with asurvey on theirinformation securityissues, the team realized that company hadonlythreepoint of sale (POS)computers running onWindow XP Professional,low processing speedand an out dated2011Avira antivirusgivingaccess to virus and malware intrusionbecause most of the sales associates were browsing onsocial media websites and according to(Andzulis et al, 2012)addingcompany’s name as a pageon social mediawith the intention of advertisingexposes Soulmate ventures which is abusiness-to-consumer (B2C)companyto internet threats.Administratively, the team recognized that the company is not having a proper chain ofcommand as well as organized Information security policies, procedures, disaster recovery plan,and the required human resource procedures.Last but not the least,all the employees have thesame access to classified customer information since they have the password to the system.

Loading page image...

Dorbsylinks®Page5Computer Systems Security FoundationsFinally, the survey indicated that the network security of Soulmate ventures has not beenreviewed since the timethey were installed.Benefits gainedfrom the new projectAfter the survey by the team, thecompanywas advised to hire a Designated SecurityOfficer(DSO) who will be responsible for coordinatingandexecuting their security programs,making internal checks and reportingof ITsecurityissues.The team alsodid a thorough risk assessment on the operations of the companysince it isan important aspect of doing business onlineand therefore the need to recognized that they doexistgives the company the opportunity to know how to managerisk base on their resources.The team therefore documented policies and procedureswhich will help them to prioritize issueson information securityissues.Organizational security awarenessdependson the attitude of employees in the company.Thesecurity governing theinternet connectivityinfrastructureneeds to bemanaged byonlyauthorizedpersonnelwho have full access (Morgan, 2006)in order to avoidthemodificationoffirewalls and other network securitydevices.Finally the need for all employees tohave training on securityawarenessissues is alsoimportant. The teamplanned to build the capacity of other employees who do not have ITbackground to also know their responsibilities in terms ofinformationsecurity.IT staff will havejob specific trainingon how to assess data, acquire information and how to operate securityrelated hardware and software andregulatory compliance standards.

Loading page image...

Dorbsylinks®Page6Computer Systems Security FoundationsChallenges encountered by consultant on-siteA major challenge encountered by the team was on the finances of the company. Though wesuggested the moderate and cost effective information security infrastructure, the top managerscomplained about the cost. Another challengeobserveswas the office spacewhich made it verydifficult for the technical team to makenecessaryexpansionon the interconnectivity of the ITtools. Lastly, most of the employees did not like the ideaof the new policies coming into playbecause they wereafraid of losing their jobs and therefore theywerereluctant in giving accurateinformation during the survey.Challenges applied to companywith recent IPOWith the recent IPO policy act, thenew company willnot have enough capitaland thereforeneed to access a loan from a bankin order to operate effectively and on a more serious notethecost of complying with regulatory requirementsmonitored by the Security and ExchangeCommission isvery expensive.Investorssee the company as a short term oneand for that matterdoing business with them will not earn them much profit.

Loading page image...

Dorbsylinks®Page7Computer Systems Security FoundationsWeek 2:SecurityAssessmentThe assets of a company include any equipment or tools used for enhancing business goals andfor that matter the need to handle them with much care should an importance for SoulmateVentures. These assets need to be governed by rules or policiesthatpersonnel who operate themhave to follow and these may include technological assets, intellectual property rights andcustomers classified information(Shedden et al, 2010).Current AssetsInformation systems assets may include computers, emails, voicemails and internetconnectivity andtheseare used according to the purposes and policies of the current state of thecompany.The monitoring of proper internet usagewhen it comes to how employees receivevoicemails and exchangeemails is not effectivebecause of unsecured systems which are liablefor multiple intrusionandtheneed for thecompanyto go in for applicable laws and regulationsshould be a priority.Some of therisks associated with information systems are;Employees habit of using the information systemsfor their personal interest. In this case,the employee may sendcertain contents other thanthecompany’sbreaches.Employees also accessingthe information createissues ofsecurityviolation.Intellectual property assetssuch as trademarks, patents, software copyrights, domainnames, database queries,and proprietary informationof the companymust be stronglyprotectedand respected. Risksof this naturethat might beidentifiedinSoulmateVenturesare;Unauthorized or illegal duplication copyright materialsby some of the employeesdespiteallthe policies of the company laid down for business activities.

Preview Mode

This document has 24 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

DevOps and Its Importance Study Notes

Veeam Certified Engineer VMCE-V12

Modules 1 - 3 Basic Network Connectivity and Commu

Notes CCNA

CCNA 200-301 Portable Command Guide 5th Edition 20

CCNA 200-301 Portable Command Guide 5th Edition 22

CCNA 200-301 Portable Command Guide 5th Edition 36

Foundations of Novell Networking Section 26

Modulo 7 DHCPv4

Build and troubleshooting Integration Challenge

Company

Explore

Study Tools