Abstract
Information confidentiality, privacy, threats and increased use of information system have prompted organizations to start protecting their systems to ensure electronic, physical and network information security.
To ensure information security for this organization, a review of the company’s network, information systems and security policies must be conducted. In this report, I will be a security expert for a large insurance company. My job here is to assess the company, revise and reproduce the security policies, identify the risks, threats and vulnerabilities and offer recommendations to ensure protection of the company’s network and assets.
Introduction
With the widespread of computer networks and the increasing number of
…show more content…
Organizational Security
As a large insurance company with 70 employees and nine departments; human resources, finance, audit, sales, marketing, legal, customer service and IT support. With staff having a perquisite knowledge of information technology. However, there is no adequate security plan to ensure the protection of the company’s assets. This can be noted as the background security problem as it is expected that a company of this size should have a security plan which covers all assets .i.e. data, devices and employees from all form of threats.
Current Network Architecture
Within the company are 130 devices and a multi-layer network. The company offices are equipped with Ethernet-connected windows PCs within the local area network (LAN). There is a wireless network which allows employees to connect company-owned tablet computers and smartphones.
Below is an illustration of the network architecture described above Figure 1: The current network architecture.
Network Assessment
As shown above, we can see that network that the following devices are present
• A modem used for internet service transmission from the ISP
• A cisco router used to segment networks by forwarding packets from one logical network to another.
• Switches for interconnection of other devices to form networks
• Firewall which serves as the security of the network by filtering all incoming/outgoing traffics
Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as
Sadly, there is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping to insure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe.
Routers and switches will be utilized to route network signals to all areas of this large network. Telephony systems will be introduced to serve the VOIP located at each location to assist with communication needs. Wireless technologies will also be needed to assist with mobility and other devices such as printers, laptops, fax machines, etc. Lastly, a physical firewall will be enforced at each location to protect the network from internal and external intruders.
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
Any enterprise has to pay special attention to computer security. Computer security is a field that is concerned with the control of risks related to computer use. A primary focus should be on the external threats to the computing environment. In enterprise with branches cross country, it is important to allow information from "trusted" external sources, and disallow intrusion from anonymous or non-trusted sources. In a secure system, the authorized users of that system are still
Moreover, now days using information system is not as walking as in the park, it has many new security treats that the company might lose their confidential data, financial and personal information.
While all of these technologies have enabled exciting changes and opportunities for businesses, they have also created a unique set of challenges for business managers. Chief among all concerns about technology is the issue of information security. It seems to be almost a weekly occurrence to see a news article about yet another breach of security and loss of sensitive data. Many people will remember high profile data breaches from companies such as T.J Maxx, Boston Market, Sports Authority, and OfficeMax. In the case of T.J. Maxx, a data breach resulted in the loss of more than 45 million credit and debit card numbers. In many of these incidents, the root cause is a lack of adequate security practices within the company. The same technologies that enable managers can also be used against them. Because of this, businesses must take appropriate steps to ensure their data remains secure and their communications remain
In order to properly secure the Information Technology (IT) infrastructure today, there are many different areas that need to be addressed. Each of these areas pose different vulnerabilities and challenges to properly securing an IT environment. By identifying these vulnerabilities, applying controls to address them, and designing a robust security plan the IT infrastructure at WD Enterprises will be more secure and provide better protection against these threats. This plan along with design and application of a code of ethics related to the IT profession, will ensure the staff is held accountable to the standards and objectives of the organization. To accomplish these goals, a review of the organization’s vulnerabilities will be performed followed by suggestions and discussions of the security models that can be used to overcome these risks. Following that, a security plan will be designed along with a code of ethics. These will become the blueprint for securing the IT infrastructure at WD Enterprises.
Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which
Physical media is what physically connects the computers connected on the internet. For this network two physical media will be used to allow access to the application layers of the system. The coaxial cables will be used to create a WAN. While a wireless protocol will be used in allowing users to roam within the network. A LAN will be represented as follows;
Local area network (LAN) - (p. 301) a network that connects multiple computer devices via continuous cable within a
Information systems involve the provision of information and organizations to the systems, which necessitates the adoption of processes and structures that maintain high levels of privacy. Increased reliance on organizations
The networking requirements of many small organizations can be served by a single LAN with one or two servers. The design of a small network should be simplistic, but practical, reliable and scalable. A good LAN network must easily expand as the business grows, even if the scale of the original environment is small. Avoid making technology judgments that might limit the company as it grows.