Premium Essay

Weaknesses Assignment Phase Ii- Security Assessment and Recommendations

In:

Submitted By divaisme3
Words 1692
Pages 7
Running head: Security Assessment and Recommendations

Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations
SE571 Principles of Information Security and Privacy

Introduction
Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year.
Brief overview of the Vulnerabilities in AS
After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and was pertaining to the lack of a firewall being present in the network. This would lead to high risks as the system would be vulnerable to malicious attacks from external users, and also due to lack of any authentication mechanism, authorization of inbound traffic, there was always a possibility of information loss or damage. Another major concern was related to the software policy of AS. As per

Similar Documents

Free Essay

Course 571 Weaknesses Outline

...SE571 Course Project:  Security Assessment and Recommendations Overview                                                                         This course does involve a lot of technical information and theory but, what really matters is how this knowledge can be used to identify and remediate real-world security issues. What you learn in this course should be directly applicable to your work environment. The course project that you will complete is designed to further this goal. In the first part of the project you will choose an organization from one of two given scenarios (below), identify potential security weaknesses, and in the second part of the project, you will recommend solutions. The first part of the project is due in week 3, and the second part of the project, along with the first part (presumably revised based on instructor feedback) is due in week 7. This project constitutes a significant portion of your overall grade. This is an individual assignment and may not be completed in teams.               ------------------------------------------------- Phase I In this phase you will choose either Aircraft Solutions or Quality Web Design as the company you will work with. You will then identify potential security weaknesses. Security weaknesses – You must choose two from the following three areas: * hardware * software * policy (excluding password policies) and identify an item that requires improved security. To clarify: you must identify ...

Words: 914 - Pages: 4

Premium Essay

Review

...Questions 1. What is the purpose of an IT audit? Response: The purpose of an IT audit is to provide an independent assessment of some technology- or systems-related object, such as proper IT implementation, or controls over computer resources. Because most modern accounting information systems use IT, IT plays a significant role in a financial (external audit), where the purpose is to determine the fairness and accuracy of the financial statements. 2. Discuss the concept of independence within the context of a financial audit. How is independence different for internal auditors? Response: The auditor cannot be an advocate of the client, but must independently attest to whether GAAP and other appropriate guidelines have been adequately met. Independence for internal auditors is different because they are employed by the organization, and cannot be as independent as the external auditor. Thus internal auditors must use professional judgment and independent minds in performing IA activities. 3. What are the conceptual phases of an audit? How do they differ between general auditing and IT auditing? Response: The three conceptual phases of auditing are: i. Audit planning, ii. Tests of internal controls, and iii. Substantive tests. Conceptually, no difference exists between IT auditing and general...

Words: 8859 - Pages: 36

Premium Essay

Bcp Planning and Development

...Introduction 5 About Company Virtual Solutions 6 The Current Status of Business Continuity Planning 6 Historical Context 6 The New Plan 8 Using Recovery Planner 8 Configuration for TPT 9 Presentation 9 Compliance 10 Comprehensive Planning 10 Leadership Approval 12 The Plan Strategy 12 Team Structure 12 Figure 1: The Business Continuity Plan Team Organizational Chart 13 Emergency Management Team 13 Business Continuity Team 14 Business Unit Teams 15 Fly Out Teams 16 Fire Teams 16 The Four Phases of the Plan 16 Figure 2: The four phases of the Plan 16 Phase I - Appraisal 17 Phase II – Recovery Coordination 18 Phase III - Production 18 Phase IV – Site Restoration 19 Business Unit Plan Structure 20 Alternative Sites 21 Planning Refinement Recommendations 22 Risk Assessment 22 Business Impact Analysis 22 Emergency Response 23 Disaster Recovery 23 Testing and Restoration 24 Future State 25 Comprehensive Business Planning 25 ACP Workflow Planning 26 Awareness and Training 27 Maintaining Support 27 Projected Timeline 28 Figure 3: Projected Timeline 29 Tasks 29 Conclusion 30 Sources 31 Appendix A 32 Appendix B 34 Executive Summary Business continuity at Company has been undergoing a significant transformation from July to October of 2009. This analysis...

Words: 6761 - Pages: 28

Premium Essay

Bop Report

...SENTRY database to determine whether inmate data entered in SENTRY is valid, properly authorized, and completely and accurately processed.1 Our criteria for conducting the review was the Federal Information System Controls Audit Manual (FISCAM).2 We reviewed the accuracy and timeliness of SENTRY’s input, processing, and output controls and judgmentally selected 3 of the BOP’s 29 Community Corrections Offices (CCO) to conduct onsite reviews of their operational workflow (Annapolis Junction, Maryland; Philadelphia, Pennsylvania; and Chicago, Illinois). These sites were selected because they process large volumes of inmate data into SENTRY. Our application review of SENTRY identified weaknesses in 4 of the 27 FISCAM control areas that we tested. We do not consider our findings in these areas to be major weaknesses and assessed SENTRY overall at a...

Words: 14625 - Pages: 59

Free Essay

Aar Lesson

... |DATE |PARA/ | | | | |PAGE | | | | |NO. ALL | |TC 25-20 |A Leader’s Guide To After Action Reviews |Sept 93 |All | |TC 25-10 |A Leader’s Guide To Lane Training |Aug 96 |Chapter 5 | Student Provide Slides to students one day prior to the start of class. Students Study must be prepared to discuss the Slides during class. Scan TC 25-20. Assignments Instructor One instructor, familiar with TC 25-20, Requirements Additional None Personnel Requirements Equipment Overhead Projector, Screen Required Materials INSTRUCTOR MATERIALS: After Action Review Transparencies Required STUDENT MATERIALS: None Classroom, One Standard Classroom Training Area, and Range Requirements Ammunition None Requirements Instructional Note: Before presenting this lesson, instructors must thoroughly prepare by...

Words: 4137 - Pages: 17

Premium Essay

Ggao-09-232g

...United States Government Accountability Office GAO February 2009 GAO-09-232G FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM) This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office Washington, DC 20548 February 2009 TO AUDIT OFFICIALS, CIOS, AND OTHERS INTERESTED IN FEDERAL AND OTHER GOVERNMENTAL INFORMATION SYSTEM CONTROLS AUDITING AND REPORTING This letter transmits the revised Government Accountability Office (GAO) Federal Information System Controls Audit Manual (FISCAM). The FISCAM presents a methodology for performing information system (IS) control 1 audits of federal and other governmental entities in accordance with professional standards, and was originally issued in January 1999. We have updated the FISCAM for significant changes affecting IS audits. This revised FISCAM reflects consideration of public comments received from professional accounting and auditing organizations, independent public accounting firms, state and local audit organizations, and interested individuals on the FISCAM Exposure Draft issued on July 31, 2008 (GAO-08-1029G)...

Words: 174530 - Pages: 699

Premium Essay

Business Continuity Plan

...Plan/Maintenance Responsibilities 9 F. Plan Testing Procedures and Responsibilities 10 G. Plan Training Procedures and Responsibilities 10 H. Plan Distribution List 11 Section II: Business Continuity Strategy 12 A. Introduction 12 B. Business Function Recovery Priorities 12 C. Relocation Strategy and Alternate Business Site 12 D. Recovery Plan Phases 13 1. Disaster Occurrence 13 2. Plan Activation 13 3. Alternate Site Operations 13 4. Transition to Primary Site 13 E. Vital Records Backup 13 F. Restoration of Hardcopy Files, Forms, and Supplies 14 G. On-line Access to <ORGANIZATION NAME> Computer Systems 14 H. Mail and Report Distribution 15 Section III: Recovery Teams 16 A. Purpose and Objective 16 B. Recovery Team Descriptions 16 C. Recovery Team Assignments 16 D. Personnel Notification 17 E. Team Contacts 17 F. Team Responsibilities 17 Business Continuity Coordinator – <Insert Name> 19 EOC Communications Team – 19 EOC Human Resources Team – 20 EOC Administration Team – 20 Emergency Response Team – 21 Information Technology Recovery Team (See also Disaster Recovery Plan) – 21 Section IV: Recovery Procedures 23 A. Purpose and Objective 23 B. Recovery Activities and Tasks 24 PHASE I: Disaster Occurrence 24 PHASE II: Plan Activation 28 PHASE III: Alternate Site Operations 33 PHASE IV: Transition to Primary Operations 35 Section V: Appendices 38 Appendix A - Employee Telephone Lists 39 Appendix B - Recovery Priorities for Critical Business...

Words: 8008 - Pages: 33

Free Essay

2013

...Society of Management Accountants of Canada. All rights reserved. ®/™ Registered Trade-Marks/Trade-Marks are owned by The Society of Management Accountants of Canada. No part of this document may be reproduced in any form without the permission of the copyright holder. May 2013 Case Examination TABLE OF CONTENTS May 2013 Case Examination Page Case Question: Backgrounder ................................................................................... 1 Additional Information ..................................................................... 15 General Comments on Performance ....................................................... 30 Steps for Approaching Business and Corporate Strategy ........................ 41 Marker Assessment Guide ....................................................................... 48 Solution Notes for Markers....................................................................... 58 Sample Response – Successful Attempt #1 ............................................ 79 Sample Response – Successful Attempt #2 .......................................... 111 Sample Response – Unsuccessful Attempt ........................................... 152 May 2013 Case Examination May 2013 Case Examination Backgrounder The background information relating to the Case Examination (Backgrounder) is provided to candidates in advance of the examination date. The Backgrounder contains information about both the fictitious company and the industry...

Words: 26997 - Pages: 108

Premium Essay

Continutity Template

...Plan/Maintenance Responsibilities 9 F. Plan Testing Procedures and Responsibilities 10 G. Plan Training Procedures and Responsibilities 10 H. Plan Distribution List 11 Section II: Business Continuity Strategy 12 A. Introduction 12 B. Business Function Recovery Priorities 12 C. Relocation Strategy and Alternate Business Site 12 D. Recovery Plan Phases 13 1. Disaster Occurrence 13 2. Plan Activation 13 3. Alternate Site Operations 13 4. Transition to Primary Site 13 E. Vital Records Backup 13 F. Restoration of Hardcopy Files, Forms, and Supplies 14 G. On-line Access to <ORGANIZATION NAME> Computer Systems 14 H. Mail and Report Distribution 15 Section III: Recovery Teams 16 A. Purpose and Objective 16 B. Recovery Team Descriptions 16 C. Recovery Team Assignments 16 D. Personnel Notification 17 E. Team Contacts 17 F. Team Responsibilities 17 Business Continuity Coordinator – <Insert Name> 19 EOC Communications Team – 19 EOC Human Resources Team – 20 EOC Administration Team – 20 Emergency Response Team – 21 Information Technology Recovery Team (See also Disaster Recovery Plan) – 21 Section IV: Recovery Procedures 23 A. Purpose and Objective 23 B. Recovery Activities and Tasks 24 PHASE I: Disaster Occurrence 24 PHASE II: Plan Activation 28 PHASE III: Alternate Site Operations 33 PHASE IV: Transition to Primary Operations 35 Section V: Appendices 38 Appendix A - Employee Telephone Lists 39 Appendix B - Recovery Priorities for Critical Business...

Words: 8018 - Pages: 33

Premium Essay

It255

...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300...

Words: 4114 - Pages: 17

Premium Essay

Word

...Army Regulation 350–1 Training Army Training and Leader Development Rapid Action Revision (RAR) Issue Date: 4 August 2011 Headquarters Department of the Army Washington, DC 18 December 2009 UNCLASSIFIED SUMMARY of CHANGE AR 350–1 Army Training and Leader Development This rapid action revision, 4 September 2011-o Implements the Don’t Ask, Don’t Tell Repeal Act of 2010 by deleting all references to developing and conducting training concerning the Army’s Homosexual Conduct Policy (paras 2-21p and 2-22k.) o Rescinds paragraphs 2-6r, 2-46ac, and G-14e.) o Makes administrative changes (app A: marked obsolete forms and publications; corrected forms and publication titles; and corrected Web site addresses; glossary: deleted unused acronyms and corrected titles/abbreviations as prescribed by Army Records Management and Declassification Agency). *Army Regulation 350–1 Headquarters Department of the Army Washington, DC 18 December 2009 Effective 18 January 2010 Training Army Training and Leader Development History. This publication is a rapid action revision (RAR). This RAR is effective 20 September 2011. The portions affected by this RAR are listed in the summary of change. Summary. This regulation consolidates policy and guidance for Army training and leader development and supports a full-spectrum, force protection, expeditionary Army. Applicability. This regulation applies to the active Army, the Army National ...

Words: 129456 - Pages: 518

Premium Essay

“Overall Practice on Unnayan Shamunnay Organization

...------------------------------------------------- Introduction A nonprofit organization or not-for-profit organization (often called an NPO), is an organization that uses surplus revenues to achieve its goals rather than distributing them as profit or dividends. These organizations play important roles in society by placing public service above profits. It can operate both in the public & private sectors and includes-museums, libraries, charitable& religious organizations, colleges, universities government agencies, political parties, labor union etc. Unnayan Shamannay denotes coordination of developmental activities, not in the narrow sense, but in the wider context of all the aspects of a living society and human race - reckoning with all the quantifiable and qualitative actions a society carries out. The members of Unnayan Shamannay have been striving to invigorate and further strengthen private sector initiatives for socioeconomic and cultural development of Bangladesh through a concerted grassroots approach.It is an innovative non-profit research organization of resourceful professionals working in the arena of research and development. It is engaged in quantitative and qualitative research work, training, communication and advocacy, cultural learning and developmental activities. The organization was incorporated in July 1994 under the Companies Act, 1913 (section 26) with the Registrar of Joint Stock Companies under the Ministry of Commerce, Government of Bangladesh...

Words: 24970 - Pages: 100

Premium Essay

Seeking Help

...Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies...

Words: 4296 - Pages: 18

Free Essay

Ngos in Bangladesh

...ACNOWLEDGEMENT At the very first moments, thanks to Allah for especial blessing in completing the assignment. A single individual can achieve no perfect goal. I am indebted to a number of people for their kind advice, suggestion, direction, cooperation that enable me to have an experience in the dynamic and challenging environment NGO sector ultimately to prepare this assignment. Then I likely thank from the core of my heart to Dr. Naznin Islam for his excellent guidance which has helped me preparing this assignment properly. I express my sincere gratitude to Honorable Executive Director A K Arzoo and other officials of Jagorani Chakra Foundation (JCF) for helping me providing information’s whenever we asked for it. Without their kind co-operation in all respect it would not been possible for me to prepare this assignment. CONTENTS Sl.No. 01. 02. 03. 04. 05. 06. 07. 08. 09. 10. 11. 12. 13. 14. 15 16 17 18 19 Introduction Objectives of the study Methodology of the study Theoretical discussion Concept of NGOs Historical background of NOGs in Bangladesh Types of NGOs Functional coverage of NGOs Role of NGOs behind the rural development Advantages and disadvantages Findings Jagorani chakra foundation (JCF) Objectives Working area Programs Programs related rural development Exceptional and successes of JCF Achievements of JCF Concluding remark Subject Page 02 02 02 03 03 04 05 06 08 09 10 10 11 12 13 15 15 16 17 1 INTRODUCTION: Bangladesh has a strong tradition...

Words: 4917 - Pages: 20

Premium Essay

Au2 Blueprint

...weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives and competencies. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of auditing concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in assurance needed to function properly in the association’s capstone courses. Examination Guidelines for Questions i) Question Type The following are guidelines on the type of questions and their approximate weightings: Percentage Weighting 20-30% 70-80% Question Item Multiple-choice questions Short-answer and/or short case-type problems...

Words: 7165 - Pages: 29