...Enterprise Security Plan University Of Phoenix CMGT 430 Carol Eichling March 26, 2014 Enterprise Security Plan Huffman trucking company is a national transportation company. The company’s 1,400 employee’s work in its logical hubs located in Los Angeles, California, St. Louis, Missouri, and Bayonne, New Jersey; its central maintenance facility is in Cleveland, Ohio; and as drivers of its 800 road tractors. (University of Phoenix, 2005) Team A has been consulted to create an enterprise security plan that will identify the information security challenges within Huffman trucking company network and establish mitigation plans to offset those challenges. The enterprise security plan will address some of the top vulnerabilities and risks that Huffman trucking company has the potential of experiencing. The plan will also include a list of physical and logical vulnerabilities within the company, and a specific list of remediation or mitigation steps for those vulnerabilities or threat pairs. “Enterprise security planning (ESP) is the aligning of information security policies and practices and applicable security technologies with the business rules and the evolving information models and technical architectures being used by a government or business”. (Erutal, L., Braithwaite, T., Bellman, B., 2012 pg. 144) As we started our examination of Huffman trucking vulnerabilities and risk, we took a strategic look at their assets and the possible vulnerabilities that could have an...
Words: 1665 - Pages: 7
... |SYLLABUS | | |Axia College/College of Criminal Justice and Security | | |CJS/250 Version 2 | | |Introduction to Security | Copyright © 2009, 2007 by University of Phoenix. All rights reserved. Course Description This course is an introduction to contemporary security practices and programs. Students will study the origins of private security, its impact on our criminal justice system, and the roles of security personnel. Students will also examine the growth and privatization of the security industry, and study the elements of physical security including surveillance and alarm systems. The course will cover legal and liability issues, which determine the extent of private security authority as well as its limitations. This course will also focus on the current and future integration of private security services in law enforcement agencies. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must...
Words: 1941 - Pages: 8
...Enterprise Security Plan Enterprise Security Plan Smith Systems Consulting (SSC) is a major regional consulting company. Headquartered in Houston, Texas, the firm’s 350 employees provide information technology and business systems consulting to its clients in a wide variety of industries including manufacturing, transportation, retail, financial services and education. Smith Systems Consulting (SSC) is a service provider. It provides IT services for other companies. Security is essential for SSC because it not only requires security for itself, but SSC also has many customers depending on it to provide top level IT services, which also includes security. Enterprise risks are a part of all business and how we address these risks determines how successful we are in the business world. Risks can be defined by “any exposure to the chance of injury or loss.” (Cheryl l. Dunn, 2005) Risks can be internal or they can come to us from outside sources in the form of external risks. Both types of risks pose a threat to the overall security of the enterprise. An Enterprise Security Plan (ESP) outlines possible risks by identifying the vulnerabilities within the business process and ranks the vulnerabilities for ease in developing a mitigation plan. The ESP also identifies technologies and policies that will help in the development of an operational plan that protects the business process and intellectual property of your corporation. Within this ESP we have developed 3 different...
Words: 1749 - Pages: 7
...* Technical Project Paper: Information Systems Security Due Week 10 and worth 110 points You are the Information Security Officer for a small pharmacy that has recently been opened in the local shopping mall. The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access controls to protect medication and funds maintained located on the premises and personally identifiable information and protected health information of your customers. Your supervisor has tasked you with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate the risks identified. 1. Firewall (1) 2. Windows 2008 Active Directory Domain Controllers (DC) (1) 3. File Server (1) 4. Desktop computers (4) 5. Dedicated T1 Connection (1) Write a ten to fifteen (10-15) page paper in which you: 6. Identify and analyze any potential physical vulnerabilities and threats that require consideration. 7. Identify and analyze any potential logical vulnerabilities and threats that require consideration. 8. Illustrate in writing the potential impact of all identified physical vulnerabilities and threats to the network and the pharmacy. 9. Identify all potential vulnerabilities that may exist in the documented network. 10. Illustrate in writing the potential impact of all identified logical vulnerabilities to the...
Words: 520 - Pages: 3
...Business Continuity Plan (BCP) * Align the major elements of a Business Continuity Plan with required policy definitions * Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization * Review the results of defined Recovery Time Objectives (RTOs) for mission-critical business functions and applications * Create a BCP policy defining an organization’s prioritized business functions from the BIA with assigned RTOs Week 4 Lab Part 1: Assessment Worksheet (PART A) Sample Business Impact Analysis for an IT Infrastructure Overview When conducting a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The prioritization of the identified mission-critical business functions will define what IT systems, applications, and resources are impacted. The RTO will drive what type of business continuity and recovery steps are needed to maintain IT operations within the specified time frames. 1. Fill in the sample BIA with prioritization in (parentheses): Business Function Business Impact RTO/RPO IT Systems/Apps Or Process Factor Infrastructure Impacts Internal and external voice communications with customers in real-time | (Medium) Depends on the...
Words: 1852 - Pages: 8
...outside of the United States, Europe, Russia, and Japan are the other field offices. All contractual work, interviews, and security background checks are handled at each location. Aside from having its own non-contractual employee, ManIT bids on government contracts to obtain positions that they can hire whatever type of employee needed for the contract. Their coverage is anywhere from tier one IT Support to high level Program Managers as well as Engineers for an Enterprise Infrastructure services. They continuously operate and assure a global presence as well as additional support to government agencies and other mission partners across many different types of operations and regions around the world. Currently ManIT has roughly 400 employees with a majority located in the United States. Each facility including Head Quarters is responsible for posting jobs for the contracts they support. They will then interview potential candidates and then have them do an interview for the actual job on the mission project site. All projects or contracts are on government designated sites where military and contractors work together on these contract projects. Along with hiring, each facility must follow guidelines in order to get employees security clearances, re-up their clearance, and handle any other security obligations outlined by the government security team. A1 I have identified Risk #7 (Loss of Funding) as emanating from the aspect of the company’s global marketplace...
Words: 1890 - Pages: 8
...the overall networking community to be the most logical and efficient sequence of steps necessary in the creation of a network. Having stated this, it is of value for the reader to know that the aforementioned sequence of steps, as examined in Oppenheimer’s work, will correspond closely to the order of WLAN design and management issues that are addressed in this document, and can be followed up by way of documentation found under the same title and author at the end of this article. The major design and management issues found unique to a WLAN involve those pertaining specifically to the transmission and reception of radio frequency (RF) waves. For example, there is the strategic placement of access points (AP), which are devices designed to send and receive radio signals between nodes. This, in turn leads to a consideration of any possibility of physical materials that may be found that could hinder radio signals between APs, which will here be replaced by a ‘worst case’ factoring. Protocols and standards dealing with wireless technology are also unique, as they correlate directly to WLANcharacteristics. In support of wireless communications, physical wiring is also necessary, as the WLAN must at some point connect to a WAN....
Words: 2801 - Pages: 12
... Security Assessment Report November 7, 2015 Report Prepared by: {YOUR NAME}, {YOUR CREDENTIALS} {YOUR EMAIL ADDRESS} {YOUR PHONE NUMBER} {YOUR ORGANIZATION} {YOUR MAILING ADDRESS} Executive Summary 5 Top-Ten List 5 1. Information Security Policy 5 2. {Security Issue #2} 5 3. {Security Issue #3} 5 4. {Security Issue #4} 5 5. {Security Issue #5} 5 6. {Security Issue #6} 6 7. {Security Issue #7} 6 8. {Security Issue #8} 6 9. {Security Issue #9} 6 10. {Security Issue #10} 6 Introduction 7 Scope 7 Project Scope 7 In Scope 7 Out of Scope 7 Site Activities Schedule 7 First Day 7 Second Day 7 Third Day 7 Background Information 8 {CLIENT ORGANIZATION} 8 Asset Identification 9 Assets of the {CLIENT ORGANIZATION} 9 Threat Assessment 9 Threats to the {CLIENT ORGANIZATION} 9 Laws, Regulations and Policy 10 Federal Law and Regulation 10 {CLIENT ORGANIZATION} Policy 10 Vulnerabilities 10 The {CLIENT ORGANIZATION} has no information security policy 10 {State the Vulnerability} 10 Personnel 11 Management 11 Operations 11 Development 11 Vulnerabilities 11 There is no information security officer 11 {State the Vulnerability} 11 Network Security 12 Vulnerabilities 12 The {CLIENT ORGANIZATION} systems are not protected by a network firewall 12 {State the Vulnerability} 13 System Security 13 ...
Words: 3242 - Pages: 13
...Security weaknesses within an organizations system put the organizations assets at risk. After reading and viewing the infrastructure and architecture of AS, there are a few vulnerabilities that are very noticeable that would put their system at risk. The two evident areas are the vulnerabilities with the policy and the hardware. The first vulnerability apparent is the policy on updating the firewall and router rule sets. The security policy of AS, require that all firewalls and router rule sets are to be evaluated every two years. This is a lengthy amount of time to go without evaluating the rule sets. The intervals in the evaluation of the rule sets would put the organization at great risk for potential threats. The second vulnerability that is noticeable is that the backups are stored at the server location. This would put the company at great risk if there were ever some kind of disaster to occur. The security weaknesses mentioned above can be decreased with proper security controls. Vulnerabilities Hardware Vulnerabilities The hardware infrastructure of the AS Headquarters in San Diego, California had been identified during our recent security assessment as being a potential security weakness to the company's overall information systems security infrastructure. The system hardware infrastructure comprises of Five (5) Individual Servers One (1) Switch Two (2) Routers One (1) Firewall The hardware area of concern was the lack of Firewalls being used to protect...
Words: 2393 - Pages: 10
...Table of Contents Executive Summary 3 Company Overview 3 Vulnerabilities 3 Hardware Vulnerabilities 3 Policy Vulnerabilities 6 Recommended Solution - Hardware 7 Impact on Business Processes 10 Recommended Solution – Policy 10 Impact on Business Processes 11 Budget 11 Summary 11 References 13 Executive Summary The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates. Company Overview Aircraft Solutions, headquarters located in San Diego, California develop and fabricate products and services for companies in the electronic, commercial, defense and aerospace industries. AS is made up of two (2) different divisions, the Commercial Division and the Defense Division. The Commercial Division is located in Chula Vista, CA and the Defense Division is located in Santa Ana, CA. AS company strategy is to offer low cost design and computer aided modeling packages to companies and assists them through the lifecycle of their product in an effort to save money for the consumer while profiting from their business....
Words: 2440 - Pages: 10
...confidential company information. Another employee then took it upon himself to find out who the individual was. This employee then illegally obtained the information of the blogger by hacking into his home computer. The main issue for the manager was to determine whether or not she should use the information obtained illegally to discipline the employee that violated the non-disclosure agreement. In the Veiled Identity, the manager was in the process of implementing a security system and was leaning towards a system that used photo identification as a means of entry into the building. The manager was made aware of a Muslim employee who would be breaking the rules of her religion if she were photographed without the traditional veil. The main issue was in developing a security policy that provides for employees’ physical safety and accommodates special needs. The decision making steps used in choosing the best options for each dilemma consisted of first determining the issue and the stakeholders. Once these are determined, the use of the Rights and Responsibilities lens, Results lens, Relationship lens, and Reputation lens help the manager to weigh the outcomes in order to make the best decision. In the case of the Mysterious Blogger, the issue was determined as whether or not the manager should use the information that was illegally obtained by an employee to discipline another employee who created an internet blog that revealed...
Words: 779 - Pages: 4
...SR-rm-013: Network, Data, and Web Security CMGT/441 June 18, 2012 Abstract Riordan Manufacturing conducts an information systems security review over IT security issues that exist in different plants to prepare for an upcoming audit in accordance to the Sarbanes-Oxley Act. Several elements of the organization's information systems require revisions and updates to optimize physical and network security, data security, and Web security. SR-rm-013: Network, Data, and Web Security The Sarbanes-Oxley Act (SOX), passed in July 2002, requires publicly traded companies to submit accurate and reliable financial information. Securing private information is not included in its requirements; however, establishing security controls for confidentiality, availability, and integrity of the reporting are (Kim & Solomon, 2012). Riordan Manufacturing is preparing for an audit in compliance with SOX and is conducting an information systems security review over its physical and network security, data security, and Web security. Physical and Network Security Riordan Manufacturing performs an information systems security analysis over its physical and network security. Several elements of the IT system require revisions, such as restrictions to physical access to vital IT systems and upgrades to outdated systems within the network. Physical Security After analyzing the headquarters and Riordan’s other sites it was found that they were not designed nor equipped in the same fashion...
Words: 2582 - Pages: 11
...Information System Security CIS 333 Technical Paper: Information System Security Donald Shipman CIS 333 Prof. Clapp March 11, 2012 In consideration of the security of the network of the pharmacy, the following physical vulnerabilities and threats are to be considered. The threat of disaster is considerable in almost any case. Such an occurrence would have a substantial impact on the network. Such threats include flooding, lightning, earthquake, wind, tornadoes, hurricanes, fire, environmental failure, and electrical interruption as these can destroy whole infrastructures and can cause valuable and important data to be lost. For example, in case of flood or fire it is certain that infrastructure will be destroyed that contains many hardware and storage system that contains valuable data such as detail of customers, product etc. so we would need to provide security to this data because loss of this information would have extreme consequences to the business, as well as being virtually impossible to recover at a total loss. We can use the method “backup and recovery” for to substantially reduce the impact of this disaster threat. Cloud technology can be deployed which would create a remote cold site that would allow access to critical system information with limited physical resources if necessary. When considering logical vulnerabilities and threats, the following is to be considered. Unauthorized modification of the database is a major threat issue or concern when...
Words: 2526 - Pages: 11
... risks and recommendations for information security Rev.B – December 2012 2 Cloud Computing Benefits, risks and recommendations for information security Document History Date December 2009 Version 1.0 Modification Initial Release, Rev.A Author Daniele Catteddu, Giles Hogben Thomas Haeberlen Lionel Dupré December 2012 2.0 Rev.B About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact details This report has been edited by: Lionel Dupré, Thomas Haeberlen For contacting ENISA or for general enquiries about this report, please use the following details: Email: resilience@enisa.europa.eu Internet: http://www.enisa.europa.eu Cloud Computing 3 Benefits, risks and recommendations for information security Legal notice Notice must be taken that...
Words: 12166 - Pages: 49
...Running head: Security Assessment and Recommendations Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and was...
Words: 1692 - Pages: 7
