Aircraft Solutions Security and Policy Assessment
Table of Contents
Decentralized Anti Virus
Access Control List Policy
AlgoSec Security Management Suite
Impact on Business Processes
As Aircraft Solutions takes the next step in its growth, it is imperative that its IT infrastructure keep pace as to not counteract gains made by the company during this expansion. This is especially important given it designs and fabricates components for both commercial and defense related industry. Given the increase in staff as well as outside vendors accessing the network, a more centralized approach to antivirus protection has to be adopted. It is equally important that certain elements within the network that have been done manually, such as Access Control List policy, be automated to avoid consuming the IT department in an ever escalating bar of employee hours.
Aircraft Solutions operates within California in two separate physical locations in San Diego and Santa Ana. Working within both commercial and defense industries, their products are used globally. Aircraft Solutions is overtly technical in nature utilizing Business Process Management (BPM) for end to end processes that interacts with customers, vendors, and suppliers. BPM also fills a critical role of internal communications for IT to ensure customer needs are being fulfilled precisely as they have been ordered.
Decentralized Anti Virus
In reviewing the software utilized by Aircraft Solutions, it is stated that security is handled by anti-virus software that is independently operated for all workstations and servers. This seems to be a continuation of the host centric theme as evidenced by host based IDS. Whereas host based IDS can be seen as a more viable alternative to network based IDS, the same cannot be said for anti-virus software in this scenario. Given that the company operates two individual physical locations that run the gamut from design to production, it can be assumed that their employee pool is not small despite actual numbers not being mentioned. With these numbers, it is quite unlikely that all employees are maintaining their due diligence in ensuring that they are properly updating their anti-virus applications and operating them in such a manner that they are being used efficiently.
The primary weakness of this policy is that the end user is responsible for its upkeep. It is reasonable to assume that someone working in a loading dock may not have the same level of computer aptitude as an engineer and would be more likely to cause a break in security by allowing a virus into their computer and threaten the network (Department of Homeland Security, 2012). As security is only as strong as the weakest link, this opens the proverbial floodgates of illicit access to the company network. This is problematic in that official statistics gathered in 2012 estimated that the United States ranks third in the world with 50.1% of all unique users detecting threats from a virus (Kaspersky Security Bulletin, 2012). The most common virus credited with 75.01% of all online attacks with 712,999,644 instances are malicious URLs (Kaspersky Security Bulletin, 2012) that can infect a computer without the user even realizing what has occurred. Not even anti-virus software will keep a user completely safe as it is reported that 32% of all users have been infected with a virus despite such protection measures (Zorz, 2010). Once infected, viruses can either cause extreme lag with the network, slowly gather information to be used against the company or sold to anyone willing to purchase it, or even cause damage to physical components used in the business (Weinberger, 2012). There are many other nefarious effects of...
Please join StudyMode to read the full document