Computer Systems Security Foundations

Name: Computer Systems Security Foundations
Brand: Academic Documents Platform
Price: 2 USD
Availability: InStock
Author: Sophia Johnson

An assignment covering fundamental computer security concepts.

Sophia Johnson

Contributor

4.5

3 days ago

Preview (8 of 24)

Dorbsylinks® Page 1
Computer Systems Security Foundations
Computer Systems Security Foundations
Analyze the information security challenges faced by Soulmate Ventures, an event planning B2C firm, as
it transitions to an online sales model. Discuss the potential risks, necessary security measures, and the
impact of implementing a Designated Security Officer (DSO) and staff training programs on the
company's overall security posture. Include an evaluation of current asset vulnerabilities and suggest
cost-effective solutions to address these issues.
Word Count Requirement: 1500–2000 words

Dorbsylinks® Page 2
Computer Systems Security Foundations
Table of Contents
Week 1: Introduction to Information Security................................................................................ 2
Description of Company.......................................................................................................... 2
The need for Information Security .......................................................................................... 2
Potential risks that exist........................................................................................................... 3
Benefits gained from the new project...................................................................................... 4
Challenges encountered by consultant on-site......................................................................... 5
Challenges applied to company with recent IPO..................................................................... 5
Week 2: Security Assessment......................................................................................................... 6
Current Assets.......................................................................................................................... 6
Security and Safety Guidelines for protecting the assets ........................................................ 7
Risk Mitigation........................................................................................................................ 9
Week 3: Access Control and Security Mechanisms ..................................................................... 11
Information confidentiality.................................................................................................... 11
Access control........................................................................................................................ 12
Use in business ...................................................................................................................... 13
Use of access control in network ........................................................................................... 13
SSO & VPN........................................................................................................................... 15
Conclusion ............................................................................................................................. 15
Week 4: Software and Database Security..................................................................................... 17
Week 5: Network Security............................................................................................................ 22
References..................................................................................................................................... 27

Dorbsylinks® Page 3
Computer Systems Security Foundations
Glossary ........................................................................................................................................ 28
Week 1: Introduction to Information Security
Description of Company
Soulmate Ventures is an accredited event planning business-to-consumer and market-
driven firm which will uses the internet to sell products and services directly to customers at
cheaper prices than other companies. Typically keep a large collection of accessories for parties
and other functions, giving opportunity for customers to make their selection of accessories
before submitting their choice to the company’s professional decorators. This saves times and
they also send our professional to get the decorations done quickly. Imagine having a stress free
organized party decoration done for you with a click of a button on your computer.
The need for Information Security
Security breach has now become the order of the day and it happens in diverse means and
this can affect sales, customer service and staff productivity. When this happens, it takes a lot of
hours and even days for the system to be corrected. Therefore the need to have qualified IT staff
to detect these threats must be an optimum for the company.
The need to value the company’s data is another area that should be checked with a
security program since the existence of the business depends on it. For instance, taking into
consideration the online sales where customers use the details on their credit card, there must be
standardized and legally managed regulations in accessing customer credit card data to avoid
business losses, legal liabilities and the reputation or the company’s goodwill. Also through the

Dorbsylinks® Page 4
Computer Systems Security Foundations
online business transactions, hackers may plant Trojan horse into the less secured software that
will allow intruders to sell our secrets to rival companies and therefore causing loss of funds.
In dealing with online sales computer network should be properly secured and actively
configured to manage known threats because of introduction of malware software package that
can be mistakenly installed on the company’s pc.
Potential risks that exist
The company is planning to go public but lacks certain information security
infrastructure. It is the responsibility of management to have a well planned security measures
that will govern the information resources. In doing this helps the management to think
holistically about the security in the company.
Accessing the above mentioned company with a survey on their information security
issues, the team realized that company had only three point of sale (POS) computers running on
Window XP Professional, low processing speed and an out dated 2011 Avira antivirus giving
access to virus and malware intrusion because most of the sales associates were browsing on
social media websites and according to (Andzulis et al, 2012) adding company’s name as a page
on social media with the intention of advertising exposes Soulmate ventures which is a business-
to-consumer (B2C) company to internet threats.
Administratively, the team recognized that the company is not having a proper chain of
command as well as organized Information security policies, procedures, disaster recovery plan,
and the required human resource procedures. Last but not the least, all the employees have the
same access to classified customer information since they have the password to the system.

Dorbsylinks® Page 5
Computer Systems Security Foundations
Finally, the survey indicated that the network security of Soulmate ventures has not been
reviewed since the time they were installed.
Benefits gained from the new project
After the survey by the team, the company was advised to hire a Designated Security
Officer (DSO) who will be responsible for coordinating and executing their security programs,
making internal checks and reporting of IT security issues.
The team also did a thorough risk assessment on the operations of the company since it is
an important aspect of doing business online and therefore the need to recognized that they do
exist gives the company the opportunity to know how to manage risk base on their resources.
The team therefore documented policies and procedures which will help them to prioritize issues
on information security issues.
Organizational security awareness depends on the attitude of employees in the company.
The security governing the internet connectivity infrastructure needs to be managed by only
authorized personnel who have full access (Morgan, 2006) in order to avoid the modification of
firewalls and other network security devices.
Finally the need for all employees to have training on security awareness issues is also
important. The team planned to build the capacity of other employees who do not have IT
background to also know their responsibilities in terms of information security. IT staff will have
job specific training on how to assess data, acquire information and how to operate security
related hardware and software and regulatory compliance standards.

Loading page 6...

Dorbsylinks® Page 6
Computer Systems Security Foundations
Challenges encountered by consultant on-site
A major challenge encountered by the team was on the finances of the company. Though we
suggested the moderate and cost effective information security infrastructure, the top managers
complained about the cost. Another challenge observes was the office space which made it very
difficult for the technical team to make necessary expansion on the interconnectivity of the IT
tools. Lastly, most of the employees did not like the idea of the new policies coming into play
because they were afraid of losing their jobs and therefore they were reluctant in giving accurate
information during the survey.
Challenges applied to company with recent IPO
With the recent IPO policy act, the new company will not have enough capital and therefore
need to access a loan from a bank in order to operate effectively and on a more serious note the
cost of complying with regulatory requirements monitored by the Security and Exchange
Commission is very expensive. Investors see the company as a short term one and for that matter
doing business with them will not earn them much profit.

Loading page 7...

Dorbsylinks® Page 7
Computer Systems Security Foundations
Week 2: Security Assessment
The assets of a company include any equipment or tools used for enhancing business goals and
for that matter the need to handle them with much care should an importance for Soulmate
Ventures. These assets need to be governed by rules or policies that personnel who operate them
have to follow and these may include technological assets, intellectual property rights and
customers classified information (Shedden et al, 2010).
Current Assets
Information systems assets may include computers, emails, voicemails and internet
connectivity and these are used according to the purposes and policies of the current state of the
company. The monitoring of proper internet usage when it comes to how employees receive
voicemails and exchange emails is not effective because of unsecured systems which are liable
for multiple intrusion and the need for the company to go in for applicable laws and regulations
should be a priority. Some of the risks associated with information systems are;
 Employees habit of using the information systems for their personal interest. In this case,
the employee may send certain contents other than the company’s breaches.
 Employees also accessing the information create issues of security violation.
Intellectual property assets such as trademarks, patents, software copyrights, domain
names, database queries, and proprietary information of the company must be strongly protected
and respected. Risks of this nature that might be identified in Soulmate Ventures are;
 Unauthorized or illegal duplication copyright materials by some of the employees despite
all the policies of the company laid down for business activities.

Loading page 8...

7 more pages available. Scroll down to load them.

Preview Mode

100%

Study Now!

XY-Copilot AI

Unlimited Access

Secure Payment

Instant Access

24/7 Support

Document Chat

Document Details

Subject

Information Technology

Computer Systems Security Foundations

Study Now!

Document Details

Related Documents

Trust Relationship Between Two Domains

Cloud Technology and Virtualization

Best Use of MD5 or SHA1 Network Security

Data Breaches and Regulatory requirement

Week 5 iLab� Fireworks Stand Checkout

Cloud Computing in Education Section

HD DVD/Blu-ray Format

ERM and Database Management

Single Sign-On Access

Class Diagram Analysis for RMO CMMS

Company

Explore

Study Tools