Security Assessment Recommendations

In: Computers and Technology

Submitted By vincehill
Words 1453
Pages 6
Course Project: Security Assessment Recommendations
Vincent Hill
DeVry University Keller Graduate School
Principles of Information Security and Privacy
Professor Krell
April 15, 2012

Course Project: Security Assessment Recommendations


An organization that specializes in making web site and providing web business solutions is known as Quality web design is. The company’s goal is to help its customers increase consumer generated revenue to Quality Web Design customer web sites. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. Quality Web Design should be made aware of various security issues, even those that are not common. Identified are two of the potential security weaknesses that require improvement, and the possible remedies for each threat.
The company Quality Web Design provides business solutions to the customers... The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, up gradation whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and the network design they provide the support to the companies by providing web solutions so that they can spread their business through internet. The company processes also include accounting, payroll marketing. The paper will contain the solution to all the mentioned problems that may occur due to the weaknesses.

The business solutions provided by quality web design helps their customers…...

Similar Documents

Security Assessment for Aircraft Solutions

...Security Assessment for Aircraft Solutions Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 Hardware Vulnerability – Absence of a Firewall 4 Policy Vulnerability – Lack of Timely Updates 5 Recommended Solutions 6 A Hardware Solution 6 Impact on Business Processes 9 A Policy Solution 9 Impact on Business Processes 10 Summary 10 References 12 Executive Summary This report will seek to evaluate and address security weaknesses with the Aircraft Solutions company. As security weaknesses are pointed out relating to hardware and policy weaknesses, recommendations will be made to Aircraft Solutions to be examined and hopefully implemented to improve IT security operations. Aircraft Solutions, located in Southern California, recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. In reviewing Aircraft Solutions and its operations, uncovered were security vulnerabilities. Two vulnerabilities that were evident were issues with a lack of firewalls and the current security policy in place that is reviewed only every two years. Recommendations have been made that made help to remedy these vulnerabilities through the use of virtualization and by changing the security policy to be evaluated semi-annually instead of every two...

Words: 2450 - Pages: 10

Computer Security Assessment

...Answer a) The MPS is a very large organisation which employs over 50,000 people. A dedicated “solution” is needed for- • Keeping the records of the employees. • Limited access to data from the database. • Automatic upgradation as promotions and demotions of employees takes place. • A single, unique and effectively managed identity repository to help reduce cost and save time. RBA approaches are accepted as strong and efficient technologies for access control. Answer b) If MPS is to strengthen user authentication then biometric techniques will bring a definite improvement by increasing the level of security and being cost effective. That’s because biometric techniques are the authentication methods that use one or more intrinsic physical or behavioural characteristics for recognising an individual. So, there is no question of forgetting passwords or access by some other person by steeling password of the authentic person. Current biometric systems use the enrolment process. This process has a risk of an attacker gaining access to the stored template. If once the biometric measurements are stolen then it is impossible to change the owners’ physical characteristics. So, there is need for template free biometric techniques which is free from templates which stores pre-captured data for comparison before authentication is achieved. This will reduce unauthorised access to confidential information and fraudulent information authoring. Answer c) Biological identity......

Words: 550 - Pages: 3

Security Risk Assessment

...Security Risk Assessment Southern New Hampshire University Michael Hallin Security risk analysis, which is also known as risk assessment, is essential to the security of any company and benefits the overall business goal. It is vital in ensuring that controls and costs are fully equal with the risks to which the organization is exposed. Having a well laid plan for disaster recovery comes from a good risk analysis of a company. A company’s IT Business Manager and associated team must identify and assess the organizations assets and give them a value. A good IT risk assessment involves identifying what functions need to be reestablished first after a disaster or an attack to the system. Restoration to full operational capability is significantly enhanced when the company is prepared and has taken appropriate action prior to an emergency or disaster (Group, 2005). The steps to identifying IT risks in a company include: determining which of the company’s assets have the most value to the business, identifying the risks that are applicable to those assets. After the risks are identified, they need to be logically examined to see how likely the risk can occur. If the risk is likely to be a factor, then the companies must take action to mitigate those risks. An example of this would be the company’s exchange server, which in almost all companies is a priority 1 asset, also called an essential entity. A server always has a risk of crashing; an exchange server has......

Words: 902 - Pages: 4

Security Assessment

...The residence that will be assessed for security vulnerability is located in Rancocas, New Jersey. The house is situated in a small historic town that is completely encircled with trees. There are currently 125 houses in the community with no prospects for future development. The youngest house within the small town is 135 years old with the oldest being 165 years old. The residence that is being assessed is approximately 2000 square feet and is partnered with a 500 square foot detached garage and a 250 square foot storage building. Dwelling Description: The main house has three points of entry including the front entrance, a side entrance, and a basement entrance. The front entrance has a gridded glass entrance door and a metal security door with a normal entry lock and a deadbolt lock. Having a strong, well-constructed door is key to preventing a break in. According to the Washington Post (2008), “34 percent of all burglaries usually occur by way of the front door”. The side entrance has a wooden door and a metal security door with a normal entry lock and a deadbolt lock. The basement entrance is a standard weather door that has a latch that fastens the doors together to prevent access. The residence has 32 windows scattered across four floors. Of the 32 windows, 24 of the windows are new double-hung windows with security latches and double locks. The remainder of the windows is wooden weighted windows original to the house, with circle latch fasteners......

Words: 901 - Pages: 4

Recommendations for Wireless Network Security Policy

...RECOMMENDATIONS FOR WIRELESS NETWORK SECURITY POLICY Introduction One of the newer technologies being increasingly used in today's business is that of wireless networks. While this technology has the advantages of providing greater user mobility and temporary access, it does have the disadvantage of an intrinsic lack of security. SECURITY THREATS There are a number of types of attack that wireless LANs are vulnerable to, based on different aspects of their operation and configuration. These include. i. Broadcast medium Wireless is a broadcast medium, where there is no way to control where the information is sent and who therefore has access to it. If an access point is set up and used in its default Configuration, then the user of such a system is vulnerable to attack, because anyone running sniffer software can see and capture everything that a user does across that network... ii. WEP Vulnerabilities. There were two problems with the original WEP encryption system. Firstly, the shared key system requires the use of the WEP key to verify a user attempting to connect to the wireless network. The second was the actual implementation of the encryption system itself. iii. Denial of Service This type of attack can be perpetrated by a jamming attack which can be either intentional attack which is one in which the attacker broadcasts a very high-power signal at the same frequency that the wireless network is operating on, causing interference to the......

Words: 906 - Pages: 4

Security Assessment and Recommendations for Aircraft Solutions

...Security Assessment and Recommendations for Aircraft Solutions Principles of Information Security and Privacy Keller Submitted: December 11, 2013 Executive Summary The purpose of this report is to investigate the vulnerabilities of Aircraft Solutions (AS) in the areas of hardware and policy. Furthermore, it provides recommended solutions to the security weaknesses mentioned in Phase 1. Aircraft Solutions is a well known leader in the design and production of component products and services for companies ranging from commercial industry to the aerospace industry. In addition, Aircraft Solutions maintains a large capacity plant filled with an extensive variety of equipment, which is mostly automated alongside skilled specialists in a range of fields to ensure they meet their customers’ needs. The weaknesses that are being addressed are hardware and policy. Company Overview Aircraft Solutions is a leader in the planning and production of component products and services for companies in the electronics, commercial, defense, and aerospace industry. The headquarters of Aircraft Solutions is located in San Diego, California. The goal of Aircraft Solutions is to use machined products and related services to supply customer success, and to achieve cost, quality, and schedule requisites. They have a Defense Division (DD) of Aircraft Solutions located in Orange County, California and a Commercial Division (CD) located in San Diego County, California. ......

Words: 1560 - Pages: 7

Information Security Modification Recommendations

...Tft2 Task3 In: Computers and Technology Information Security Modification Recommendations Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc. After careful review of the current Service Level Agreement(SLA) “A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.” we have determined that standard Information Technology security measures have not been addressed fully. Following are the recommended changes highlighted in the specific sections that need to be addressed. These changes are being recommended to protect Finman’s data and intellectual property. Established standards such as Best Management Practices(BMP), International Organization of Standards(ISO) and the Information Technology Infrastructure Library(ITIL) for the proper handling, storage and protection of IT resources are used as guidelines for these recommendations. Recommended Changes to SLA: Section 3 Background and Rationale Modifications: Finman views this SLA as a groundbreaking venture to harness the diverse array of IT-borne customer demands and opportunities that cannot be met by adhering to traditional paradigms. Finman’s objectives in the SLA are to compete more effectively in a highly competitive industry by offering its customers a unified IT management plan across an entire organization or even, if the customer wishes, across separate departments and divisions....

Words: 1323 - Pages: 6

Security Risk Assessment Process

...Security Risk Assessment P1. Operational risk assessment is the process of determining what threats and vulnerability’s affect an organizations critical business processes. Operation risk assessment is a life cycle process that needs to be conducted often to determine if there are new threats and vulnerability’s to the organization. Without conducting a routine risk assessment an organization is left with exposure to hazards and accidents which lead to a loss. An operational risk assessment consist of risk identification, risk analysis and risk evaluation. The assessment is used to create a risk management policy which gives the best courses of action to mitigate from any threat and vulnerability’s. A risk is the possibility of a loss from exposure to a hazard by conducting an operational risk assessment the end result is to reduce the amount of risk to a project, equipment and personnel. Management are the ones who use risk management to minimize loss which reduces monetary loss and time for the organization. P4. The information assurance control procedures are the identification of assets, the classification of assets. The goals are to protect the confidentiality, integrity of availability of information by providing control measures. They are important because a company assets need to controlled due to so many exposures. The control procedures are used as a set of process and guidelines to ensure that an asset is classified correctly and given the correct level of......

Words: 1525 - Pages: 7

Security Assessment

...Security Assessment Methodology and Tools for Conducting Security Assessment Footprinting and scanning an organization involves gathering information about the organization in both the passive and active forms. Active footprinting involves assessing the required information about the company through the website, while the passive footprinting is where one would find out the information directly with the organization through the customer care or from an employee of the organization. Security assessment of organizations is carried to identify the security issues such as the risks that the company is exposed to through the information is available from the company’s website or the customer care desk. For most organizations, important information about the company is stored in the company’s database through cloud computing of the website (Gupta, 2013). The existence of high risks in an organization requires the need for an intensive security assessment. In conducting the security assessment, the following tools and methodologies are used; Web Application Security Scanner The web application security scanner is a tool that is used by organizations in speeding up the process of identifying the web applications vulnerabilities. Company websites, for instance, are vulnerable to various risks that lead to loss or lack of privacy of the information saved in the company’s database. The tool thus, assists in identifying the vulnerabilities in the shortest time possible....

Words: 652 - Pages: 3

Security Assessment and Recommendations

...SE571 Course Project:  Security Assessment and Recommendations SE571 Course Project:  Security Assessment and Recommendations Charlie Furze Professor: Eddie Wachter SE571 Principles of Information Security and Privacy Keller Graduate School of Management July 24, 2015 Table of Contents Executive Summary 1 Company Overview 1 Security Vulnerabilities 3 A Hardware Example Title 3 A Software Example Title 4 Recommended Solutions 5 A Hardware Example Solution 6 A Software Example Solution 8 Impact on Business Processes 9 Budget 10 Summary 11 References 12 Executive Summary The executive summary can’t really be completed until the course project is completed. This is because the section should summarize BRIEFLY the entire paper. There should be one or two sentences about the purpose of the report, a one to two-sentence description of the company and then a quick summary of the two vulnerabilities and the two solutions that you have identified. Company Overview Here you should identify which of the two company scenarios you are using and briefly summarize the organizations products or services, and business processes. Two Security Vulnerabilities Software Vulnerability Remember, you need to choose only two vulnerabilities from the three categories: hardware, software and policy. It is recommended that you make them limited in scope and very specific. Also, before starting on this section, be sure you have a very......

Words: 1180 - Pages: 5

Company Security Assessment

...investigating the issue would be to complete an assessment of the network. A review of the traffic that is produced in and out of the company’s network is key to understand what is going on with the network. It is critical to select the appropriate personnel to make up the team that will oversee the security management and assessment activities. Needed on the team are people that have experience in security management and also people that have experience in the financial industry. Team members will have one person from each department, preferably the head or second in command: Network security Personnel: This person is part of the network security team. They are on the team that manages and maintains all network related security devices such as the Intrusion Prevention Systems, Firewalls...etc. Operations personnel: These people understand the company’s daily operations. Finance: This person is on the team that manages the finances of the company. They will be able to provide info on what type of resources can be used for the assessment and the correction of issues. Executive representative: This person will either be an executive or on the board. Buy-in must come from the top of an organization so it is very important that the CEO has someone within the company to be aware of the actions being performed as part of the assessment. There will be different roles and tools that will be used as part of the company’s assessment. On the assessment team there will be......

Words: 1289 - Pages: 6

Security Assessment

...Security Assessment for JLJ Information Technology Group By John Jacobs Table of Contents Company Description 3 Management Controls 3 Operational Controls 4 Technical Controls 5 Concerns and Recommendations 6 Conclusion 7 References 8 Company Description JLJ Information Technology Group helps organizations of all sizes to successfully do business online. Their complete portfolio of technology services drives business effectiveness and profitability for many customers not only in the United States but also around the world. The breadth of their offering extends from helping small businesses build an online presence through to managing the complex technology environments of large enterprises and governments including Internet domain name services, critical web hosting, online brand protection and promotion, video content delivery, application development services, managed cloud and security services and more. JLJ IT Group’s culture of integrity, innovation, collaboration and customer centricity has been built by its large team of passionate professionals that have been delivering managed online services since 2001. The customers range from small businesses to Fortune 500 companies and internationally recognized government organizations. Here at JLJ IT Group they design, build and manage software enabled Cloud and Mobile Solutions for large Corporate and Government......

Words: 2610 - Pages: 11

Weaknesses Assignment Phase Ii- Security Assessment and Recommendations

...Running head: Security Assessment and Recommendations Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and......

Words: 1692 - Pages: 7

Security Assessment and Recommendations

...SE571 Principles of Information Security and Privacy James Smikonis Week 3 Project March 18, 2012 Professor George Danilovics Security Assessment and Recommendations A report needs to be assessed for Aircraft Solutions. This report consists of a security assessment that exhibits all founding flaws in their system, as well as giving AS a report regarding their current infrastructure. Aircraft Solutions is a component fabrication and equipment company that delivers different architectural designs. One of their specialties is establishing communications and solutions to defense, commercial, aerospace industries. The employees at AS are fully qualified for the tasks they entail hence making their workforce more efficient and supplying outstanding service. The purpose of this assessment is to investigate the weaknesses that are presented in the operations of Aircraft Solutions (AS). While conducting this assessment, we will expose vulnerabilities; give an analysis of any relative threats, risks that will be addressed and a comprehensive analysis of the relative threats and consequences pertaining to this mission. Assessment and Investigation After carefully examining the three sections pertaining to Aircraft Solutions, we found that policy and hardware related issues require special attention. We found that Aircraft Solutions does not utilize any firewall between the commercial division and the Internet Gateway. In fact, we exhibited that the Department Defense......

Words: 907 - Pages: 4

Security Recommendations

...1) General Rules a) If it sounds too good to be true, it is. b) Need to know. Only give information to those people who need to know it and whose identity and security rights are known. c) People visiting our company in person should be watched carefully. 2) Around the Office d) Do not leave your computer logged in while you are not present. e) Do not allow a visitor to access your computer. f) Do not allow a visitor to plug a flash drive or CD into your computer g) Do not leave your computer logged in while you are not present. h) Shred all computer printouts as they are discarded. i) Shred all letters, memos and other paper. j) If in doubt SHRED IT! k) Computer Rooms should be locked at all times. l) Report suspicious behavior to security at once 3) On Your Computer m) Password Recommendations i) Passwords must be changed every 30 days ii) Passwords must be a least 8 characters. Characters should include at least 1 Capital Letter, 1 Small Letter, 1 number and 1 special character like; @#?|<>)(*&^%$ iii) Forgotten passwords can only be reset by visiting the help desk or IT support department in person and provide company identification card. n) Recognizing Phishing and Online Scams iv) If it sounds too good to be true, it is. v) If the message does not appear to be authentic, it probably is not. ...

Words: 884 - Pages: 4

Prison.Break.S02.COMPLETE.GERMAN.DL.DTS.BDRiP.720p.WS.x264-TvR | [AniDL] Akage no Anne | Anne of Green Gables [10bit x265 720p BD English Subbed][IamTsukasa] | Serrapeptase 250,000IU Tabs (30 pack) Mega Potency,enteric coated [Lindens 5996]