Premium Essay

Weaknesses Assignment Phase Ii- Security Assessment and Recommendations

In: Business and Management

Submitted By divaisme3
Words 1692
Pages 7
Running head: Security Assessment and Recommendations

Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations
SE571 Principles of Information Security and Privacy

Introduction
Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year.
Brief overview of the Vulnerabilities in AS
After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and was pertaining to the lack of a firewall being present in the network. This would lead to high risks as the system would be vulnerable to malicious attacks from external users, and also due to lack of any authentication mechanism, authorization of inbound traffic, there was always a possibility of information loss or damage. Another major concern was related to the software policy of AS. As per…...

Similar Documents

Premium Essay

Security Assessment for Aircraft Solutions

...Security Assessment for Aircraft Solutions Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 Hardware Vulnerability – Absence of a Firewall 4 Policy Vulnerability – Lack of Timely Updates 5 Recommended Solutions 6 A Hardware Solution 6 Impact on Business Processes 9 A Policy Solution 9 Impact on Business Processes 10 Summary 10 References 12 Executive Summary This report will seek to evaluate and address security weaknesses with the Aircraft Solutions company. As security weaknesses are pointed out relating to hardware and policy weaknesses, recommendations will be made to Aircraft Solutions to be examined and hopefully implemented to improve IT security operations. Aircraft Solutions, located in Southern California, recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. In reviewing Aircraft Solutions and its operations, uncovered were security vulnerabilities. Two vulnerabilities that were evident were issues with a lack of firewalls and the current security policy in place that is reviewed only every two years. Recommendations have been made that made help to remedy these vulnerabilities through the use of virtualization and by changing the security policy to be evaluated semi-annually instead of every two...

Words: 2450 - Pages: 10

Premium Essay

Phase Ii Marketing

...Phase II Suzette Brown MKT/421 October 11, 2012 Phase III Describe the attributes of your product or service in detail. Starbucks is an organization long built on the relationships it has built with its customers. The brand has become so recognizable and iconic, that mere outline of its logo will likely cause an unprovoked ‘Starbucks’ muttering. The connection is so strong that many customers make the mistake of ordering a ‘venti’ cup of coffee, instead of large if they ever visit a competitor. Brand loyalty is not brand popularity; instead it is based on long-term dedication from a large number of customers. The development of long-term dedication is not without a set of value attributes, which in Starbuck’s case, is found in their products and their service. The products offered by Starbucks are more than coffee. This was not always the case, however, now the menu offerings at Starbucks include sandwiches, salads, yogurts, fruit juices, and baked goods, to name a few. The coffee is a special blend of beans that makes Starbucks coffee a unique flavor. More importantly, the flavor has been a consistent blend since the company’s inception. Additionally, over the years, Starbucks has learned to cater their products to include season flavors in an attempt to reel in new customers. Starbucks was one of the first companies to offer a loyalty rewards program for its customers, which was arguably easy to obtain based on the repeat business its coffee has......

Words: 456 - Pages: 2

Free Essay

Security Assessment Recommendations

...Course Project: Security Assessment Recommendations Vincent Hill DeVry University Keller Graduate School Principles of Information Security and Privacy SE571 Professor Krell April 15, 2012 Course Project: Security Assessment Recommendations INTRODUCTION An organization that specializes in making web site and providing web business solutions is known as Quality web design is. The company’s goal is to help its customers increase consumer generated revenue to Quality Web Design customer web sites. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. Quality Web Design should be made aware of various security issues, even those that are not common. Identified are two of the potential security weaknesses that require improvement, and the possible remedies for each threat. The company Quality Web Design provides business solutions to the customers... The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, up gradation whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets......

Words: 1453 - Pages: 6

Premium Essay

Phase Ii

...[pic] Marketing Plan Phase II MKT/421 Marketing Marketing Plan Phase II The image of an unpleasant chore ripping a mother away from her precious baby appears horrifying to the Johnson and Johnson family, therefore; members of the Johnson and Johnson family are offering Johnson and Johnson’s Baby Bubbles Bath, a new baby care product. Johnson and Johnson’s Baby Bubbles Bath ensures a new mother never experiences choosing between spending her time caring for her baby or that unpleasant chore. Johnson and Johnson’s Baby Bubbles Bath never leaves a ring of soap scum around the tub for a mother to struggle cleaning after bathing her baby. This allows a mother to continue to provide attention and care to the vulnerable baby, and like each Johnson’s baby care product, Baby Bubbles Bath is safe for the most delicate member of the family. “As a parent, you're committed to providing the very best care for your baby. And so are we…we've been applying the highest JOHNSON'S® Brand standards in baby care to our products for over 100 years” (Johnson's Baby, n.d. para. 1). In 1894, “Johnson & Johnson launches maternity kits to make childbirth safer for mothers and babies. JOHNSON'S® Baby Powder goes on the market. Its success leads to the Company's heritage Baby business” (Johnson & Johnson Services, Inc., n.d., slide 4). Johnson and Johnson’s Baby Bubbles Bath Developing and marketing a baby bath product requires a commitment of time and......

Words: 1750 - Pages: 7

Free Essay

Security Weaknesses Top 25

...software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software. The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors (http://www.sans.org/top20/) and MITRE's Common Weakness Enumeration (CWE) (http://cwe.mitre.org/). MITRE maintains the CWE web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site contains data on more than 800 programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities. The 2011 Top 25 makes improvements to the 2010 list, but the spirit and goals remain the same. This year's Top 25 entries are prioritized using inputs from over 20 different organizations, who evaluated each weakness based on prevalence, importance, and likelihood of exploit. It uses the Common Weakness Scoring System (CWSS) to score and rank the final results. The Top 25 list covers a small set of the most effective "Monster Mitigations," which help developers to reduce or eliminate entire groups of the Top 25......

Words: 24162 - Pages: 97

Free Essay

Security Assessment and Recommendations for Aircraft Solutions

...Security Assessment and Recommendations for Aircraft Solutions Principles of Information Security and Privacy Keller Submitted: December 11, 2013 Executive Summary The purpose of this report is to investigate the vulnerabilities of Aircraft Solutions (AS) in the areas of hardware and policy. Furthermore, it provides recommended solutions to the security weaknesses mentioned in Phase 1. Aircraft Solutions is a well known leader in the design and production of component products and services for companies ranging from commercial industry to the aerospace industry. In addition, Aircraft Solutions maintains a large capacity plant filled with an extensive variety of equipment, which is mostly automated alongside skilled specialists in a range of fields to ensure they meet their customers’ needs. The weaknesses that are being addressed are hardware and policy. Company Overview Aircraft Solutions is a leader in the planning and production of component products and services for companies in the electronics, commercial, defense, and aerospace industry. The headquarters of Aircraft Solutions is located in San Diego, California. The goal of Aircraft Solutions is to use machined products and related services to supply customer success, and to achieve cost, quality, and schedule requisites. They have a Defense Division (DD) of Aircraft Solutions located in Orange County, California and a Commercial Division (CD) located in San Diego County, California. ......

Words: 1560 - Pages: 7

Premium Essay

Security Assessment

...Security Assessment Methodology and Tools for Conducting Security Assessment Footprinting and scanning an organization involves gathering information about the organization in both the passive and active forms. Active footprinting involves assessing the required information about the company through the website, while the passive footprinting is where one would find out the information directly with the organization through the customer care or from an employee of the organization. Security assessment of organizations is carried to identify the security issues such as the risks that the company is exposed to through the information is available from the company’s website or the customer care desk. For most organizations, important information about the company is stored in the company’s database through cloud computing of the website (Gupta, 2013). The existence of high risks in an organization requires the need for an intensive security assessment. In conducting the security assessment, the following tools and methodologies are used; Web Application Security Scanner The web application security scanner is a tool that is used by organizations in speeding up the process of identifying the web applications vulnerabilities. Company websites, for instance, are vulnerable to various risks that lead to loss or lack of privacy of the information saved in the company’s database. The tool thus, assists in identifying the vulnerabilities in the shortest time possible....

Words: 652 - Pages: 3

Premium Essay

Security Assessment and Recommendations

...SE571 Course Project:  Security Assessment and Recommendations SE571 Course Project:  Security Assessment and Recommendations Charlie Furze Professor: Eddie Wachter SE571 Principles of Information Security and Privacy Keller Graduate School of Management July 24, 2015 Table of Contents Executive Summary 1 Company Overview 1 Security Vulnerabilities 3 A Hardware Example Title 3 A Software Example Title 4 Recommended Solutions 5 A Hardware Example Solution 6 A Software Example Solution 8 Impact on Business Processes 9 Budget 10 Summary 11 References 12 Executive Summary The executive summary can’t really be completed until the course project is completed. This is because the section should summarize BRIEFLY the entire paper. There should be one or two sentences about the purpose of the report, a one to two-sentence description of the company and then a quick summary of the two vulnerabilities and the two solutions that you have identified. Company Overview Here you should identify which of the two company scenarios you are using and briefly summarize the organizations products or services, and business processes. Two Security Vulnerabilities Software Vulnerability Remember, you need to choose only two vulnerabilities from the three categories: hardware, software and policy. It is recommended that you make them limited in scope and very specific. Also, before starting on this section, be sure you have a very......

Words: 1180 - Pages: 5

Free Essay

Course 571 Weaknesses Outline

...SE571 Course Project:  Security Assessment and Recommendations Overview                                                                         This course does involve a lot of technical information and theory but, what really matters is how this knowledge can be used to identify and remediate real-world security issues. What you learn in this course should be directly applicable to your work environment. The course project that you will complete is designed to further this goal. In the first part of the project you will choose an organization from one of two given scenarios (below), identify potential security weaknesses, and in the second part of the project, you will recommend solutions. The first part of the project is due in week 3, and the second part of the project, along with the first part (presumably revised based on instructor feedback) is due in week 7. This project constitutes a significant portion of your overall grade. This is an individual assignment and may not be completed in teams.               ------------------------------------------------- Phase I In this phase you will choose either Aircraft Solutions or Quality Web Design as the company you will work with. You will then identify potential security weaknesses. Security weaknesses – You must choose two from the following three areas: * hardware * software * policy (excluding password policies) and identify an item that requires improved security. To clarify: you must identify......

Words: 914 - Pages: 4

Premium Essay

Security Assessment

...Security Assessment for JLJ Information Technology Group By John Jacobs Table of Contents Company Description 3 Management Controls 3 Operational Controls 4 Technical Controls 5 Concerns and Recommendations 6 Conclusion 7 References 8 Company Description JLJ Information Technology Group helps organizations of all sizes to successfully do business online. Their complete portfolio of technology services drives business effectiveness and profitability for many customers not only in the United States but also around the world. The breadth of their offering extends from helping small businesses build an online presence through to managing the complex technology environments of large enterprises and governments including Internet domain name services, critical web hosting, online brand protection and promotion, video content delivery, application development services, managed cloud and security services and more. JLJ IT Group’s culture of integrity, innovation, collaboration and customer centricity has been built by its large team of passionate professionals that have been delivering managed online services since 2001. The customers range from small businesses to Fortune 500 companies and internationally recognized government organizations. Here at JLJ IT Group they design, build and manage software enabled Cloud and Mobile Solutions for large Corporate and Government......

Words: 2610 - Pages: 11

Premium Essay

Linux Ii Research Assignment - Linux Security Technologies

...Research Assignment Linux Security Technologies Kristy Graves ITT Tech – Dayton Linux II IT302 Mandatory Access Control Mandatory Access Control (MAC) is a system wide policy that relies on the current system to control access (Syracuse University, 2009). Users cannot alter or make any changes to this policy. Only the administrator has the clearance and authorization to make changes (The Computer Language Company Inc., 2012). Mandatory access control mechanisms are more than Discretionary Access Control (DAC) but have trade offs in performance and convenience to all users (The Open Web Application Security Project, 2002). Users can access lower level documentation, but they cannot access higher level without the process of declassification. Access is authorized or restricted based on the security characteristics of the HTTP client. This can be due to SSL bit length, version information, originating IP address or domain, etc. Systems supporting flexible security models can be SELinux, Trusted Solaris, TrustedBSD, etc. DAC checks the validity of the credentials given by the user. MAC validate aspects which are out of the hands of the user (Coar, 2000). If there is no DAC list on an object, full access is granted to any user (Microsoft, 2012). SELinux SELinux has three states of operation. These states are enforcing, permissive, and disabled. SELinux was developed by the U.S. National Security Agency (NSA) and implements MAC in a Linux kernel (Sobell, 2011).......

Words: 875 - Pages: 4

Premium Essay

Security Assessment and Recommendations

...SE571 Principles of Information Security and Privacy James Smikonis Week 3 Project March 18, 2012 Professor George Danilovics Security Assessment and Recommendations A report needs to be assessed for Aircraft Solutions. This report consists of a security assessment that exhibits all founding flaws in their system, as well as giving AS a report regarding their current infrastructure. Aircraft Solutions is a component fabrication and equipment company that delivers different architectural designs. One of their specialties is establishing communications and solutions to defense, commercial, aerospace industries. The employees at AS are fully qualified for the tasks they entail hence making their workforce more efficient and supplying outstanding service. The purpose of this assessment is to investigate the weaknesses that are presented in the operations of Aircraft Solutions (AS). While conducting this assessment, we will expose vulnerabilities; give an analysis of any relative threats, risks that will be addressed and a comprehensive analysis of the relative threats and consequences pertaining to this mission. Assessment and Investigation After carefully examining the three sections pertaining to Aircraft Solutions, we found that policy and hardware related issues require special attention. We found that Aircraft Solutions does not utilize any firewall between the commercial division and the Internet Gateway. In fact, we exhibited that the Department Defense......

Words: 907 - Pages: 4

Free Essay

Security Recommendations

...1) General Rules a) If it sounds too good to be true, it is. b) Need to know. Only give information to those people who need to know it and whose identity and security rights are known. c) People visiting our company in person should be watched carefully. 2) Around the Office d) Do not leave your computer logged in while you are not present. e) Do not allow a visitor to access your computer. f) Do not allow a visitor to plug a flash drive or CD into your computer g) Do not leave your computer logged in while you are not present. h) Shred all computer printouts as they are discarded. i) Shred all letters, memos and other paper. j) If in doubt SHRED IT! k) Computer Rooms should be locked at all times. l) Report suspicious behavior to security at once 3) On Your Computer m) Password Recommendations i) Passwords must be changed every 30 days ii) Passwords must be a least 8 characters. Characters should include at least 1 Capital Letter, 1 Small Letter, 1 number and 1 special character like; @#?|<>)(*&^%$ iii) Forgotten passwords can only be reset by visiting the help desk or IT support department in person and provide company identification card. n) Recognizing Phishing and Online Scams iv) If it sounds too good to be true, it is. v) If the message does not appear to be authentic, it probably is not. ...

Words: 884 - Pages: 4

Premium Essay

Marketing Plan Phase Ii

...Marketing Plan: Phase II MKT 412 Marketing Plan: Phase II As a continuation of Facebook’s Marketing Plan: Phase I, Phase II will begin. As Facebook grows from the new product line, Phase II will identify segmentation criteria that will impact our target market selection. Phase II will describe the organizational buyers and consumers of Facebook and factors that influence their purchasing behavior and discuss how these factors impact Facebook’s marketing strategy. Finally, this phase will analyze current competitors and define the competitive landscape for Facebook. Facebook approaches the geographic, demographic, psychographic, and behavioral segmentation variables for the consumer market. The next three months, from the release date, Facebook will start a series of advertisements such as, on the website itself, commercials, radio, and even in magazines and newspapers. The release of the new t-shirts will coincide with the holiday season. The t-shirts are first offered in the United States, Canada, and Mexico. Research is conducted to determine where it will be most effective to expand locations in various countries in which to conduct business. Facebook will continue to sell more t-shirts that will help to meet the needs of our consumers in various counties and states by providing a quick, convenient location, just around the corner. The demographic variable will be easy enough to cover considering the product has so......

Words: 1648 - Pages: 7

Premium Essay

Security Weaknesses

...COURSE PROJECT- PRINCIPLES OF INFORMATION SEC AND PRIVACY AIRCRAFT SOLUTIONS PHASE- I Pinnah Michael Introduction Aircraft Solutions (AS), whose headquarters is in San Diego, California deals with the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Since the company’s strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses, most of the equipment is automated to increase production while reducing cost. The mission of Aircraft Solutions Company is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. Business process effectiveness begins with the IT organization. Customer data such as project information, computer-aided design and development models are sorted and stored in designated servers. The users of Aircraft Solutions are employees, customers, suppliers, and contractors who need to access the company network. System access by users at different levels of the network is set on a strictly need-to-know basis. Controls are in place to secure confidential and proprietary information from unauthorized access. Users are responsible for entering and processing data and information, such as generating reports to be used for decision-making. Despite all the controls that have been set in place to ensure that......

Words: 789 - Pages: 4