Submitted To: Professor Kevin Reynolds
SEC571 Principles of Information Security and Privacy
Keller Graduate School of Management
Submitted: September 21, 2014
TABLE OF CONTENTS
Aircraft Solutions (AS) is worldwide provider in the design and fabrication of component parts and services to industries such as aerospace, defense, electronics and commercial. Its headquarters, located in San Diego, California, has easy accessibility to various modes of transportation. Its locality creates an advantage to transportation modes either by land, sea, air or rail to anyplace on the globe. It also is homed with two (2) divisions which service either the Commercial Sector, whose locality is in San Diego County and its Defense Sector located in Santa Ana. Aircraft Solutions has an organizational structure divided into various departments to adhere to the mission of the company, which is to provide excellent service to its customers. It is dedicated to providing timely delivery, high quality, and low-cost product solutions to its customers, so as to keep long term, satisfied customers. These departments include a set of well trained staff of machinists, assembly workers, design engineers and programmers. In addition to its well trained workforce, AS has state of the art equipment and a plant facility to handle various sizes of order request and storage capacities to meet the needs of the customer. It also offers end to end assistance through its many computer-aided modeling packages, educated workforce and automated production systems, in an effort to assist in developmental costs while still maintaining an overall profit. The Information Technology Department of AS is organized to handle all network capabilities. It works hand in hand with all users of the network. The users of the network are AS employees, customers, contractors and suppliers of the company. It also, interacts with all departments and supports all business operations. These business operations are managed with an action plan referred to as Business Process Management. It is designed to process and monitor the workflow, through all phases and user interactions. The ultimate goal is that the workflow processes are performing efficiently and effectively.
(School, 2014) (Reynolds)
In the review of Aircraft Solutions (AS) network Infrastructure and architecture, there are two areas of vulnerabilities that are of an apparent high risk to the company’s system. The first vulnerability is the Security Policy in place. This security policy rules that updating firewalls and routers be completed on a schedule of every two (2) years. These time intervals are significantly long, especially with the products and services it provides and its customer market. The vulnerabilities associated with this policy procedure are as follows: A) Meeting compliance requirements
B) Asset Protection
C) Accessing untrusted sites
D) Unauthorized Usage
E) Outdated anti-virus
F) Network Configuration
G) Unauthorized remote devices
H) Business Objective
I) Inabilities to discover any minor holes in security during time interval The lack of a sufficient security policy can open unwanted doors to the company’s information system. It gives a loose advantage to users, third parties, customers and administrators to possible unauthorized usage. As noted, all users have access on a need to know basis. This identifies a question as to why each of the user’s needs to know all of the information. It should only be user accessible for those whose job description entails. For instance, is...
References: (A. Kanellos, 2004)
The Second Vulnerability involves its Hardware Security Controls
Oracle, under fire, admits to database security holes [Online] / auth. Niccolai James // NETWORKWORLD. - August 3, 2004.
Security Policies for Small and Medium Enterprises [Report] / auth. A. Kanellos V. Dimopoulos and N. Clarke. - Plymouth, United Kingdom : Network Research Group, University of Plymouth, 2004.
Please join StudyMode to read the full document