...Aircraft Solutions: Security Assessment and Recommendations Phase I and Phase II Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 A Software Data Loss/Data Leak 4 A Hardware Firewall 5 Recommended Solutions 7 A Software Example Solution 7 A Hardware Example Solution 8 Impact on Business Processes 9 Summary 10 Appendix 11 References 17 Executive Summary Aircraft Solutions is aircraft Design Company that allows internal and external users to access its system. As a result of this, the company has made itself vulnerability to certain threats. This paper identifies two vulnerabilities. One is the threat of data loss or data leak. The other is intrusion by way of the internet firewall. Based on the known vulnerabilities, it was recommended that the Check Point Software Blade application is used to prevent the data loss and the Check Point Power-1 appliance be used to address the firewall vulnerability. Company Overview Aircraft Solutions (AS) design and fabricate component products and services for companies in the electronics, commercial defense, and aerospace industry. The mission of AS is to provide the customer success through machined products and related services, and to meet cost, quality, and scheduled requirements. Aircraft Solution uses Business Process Management (BPM) to handle end to end processes that span multiple systems and organizations. BPM system is designed to connect...
Words: 2691 - Pages: 11
...Risk Management JIT 2 Task 1b American International Insurance BCP William Gardner May 9, 2015 Task B. Create a business contingency plan (BCP) that the company would follow if faced with a major business disruption (e.g., hurricane, tornado, terrorist attack, loss of a data center, the sudden loss of a call center in a foreign country, the collapse of a financial market or other catastrophic event) in which you include the following: 1. Analyze strategic pre-incident changes the company would follow to ensure the well-being of the enterprise. 2. Analyze the ethical use and protection of sensitive data. 3. Analyze the ethical use and protection of customer records. 4. Discuss the communication plan to be used during and following the disruption. 5. Discuss restoring operations after the disruption has occurred (post-incident). Since 1919, A.I.I. has been in the business of insuring businesses and people from losses incurred through disasters. For 95 years (A.I.I.) has stood by its clients as they faced many challenges from the financial collapse of 1929 to the drought of the dust bowl years and even the ravages of World War Two. Assisting our clients in the face of hurricanes, tornados and even terrorist attacks is an everyday occurrence at A.I.I... However, who is planning and preparing for A.I.I.? A BCP is a plan to do exactly that, during the financial collapse of 2008 several flaws in the existing plans were exposed; flaws that not even the...
Words: 3242 - Pages: 13
...Assignment: Improving Security through Layered Security Control Learning Objectives and Outcomes * Analyze the given case study to evaluate how information technology (IT) security can be improved through layered security control. Assignment Requirements Read the text sheet named “Global Access Control Case Study” and prepare a report capturing the following points: * Synopsis of the given case problem * Analysis of the strengths and weaknesses of the steps taken by the organization * Assessment of access control/IT domains given in the business problem for data confidentiality, integrity, and availability * Evaluation of how layered security proved to be a positive solution in the given problem, including the impacts of layered security In addition, your report must also include answers to the following questions: * What is the significance of compliance and financial reporting from an insecure system? * What influence did the risk management process have in Global fulfilling its goals? * What is the significance of remote external access into the Global network? * What are the other tools comparable to the ones used by Global to solve their internal problems? Required Resources * Text sheet: Global Access Control Case Study (ts_globalcasestudy) Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: APA * Length: 1–2 pages Self-Assessment Checklist ...
Words: 1445 - Pages: 6
...Abstract Information security should be a priority for businesses, especially when they are increasingly involved in electronic commerce. With the understanding that securing an operating system successfully requires taking a systematic and comprehensive approach, security practitioners have recommended a layered approach called defense-in-depth. The cost and complexity of deploying multiple security technologies has prevented many organizations from achieving their information security goal. In view of these constraints and in compliance with recent with recent corporate and industry regulations like Sarbanes-Oxley Act and Payment Card Industry Data Security Standard, businesses now deploy application firewalls as security measures. Based on the foregoing, the author has recommended the use of application firewalls as a single platform for achieving layered security through network protection, application protection and data protection. This paper commences by examining the defense in depth theory and the types of application firewall and the author concludes by citing the Institute for Computing Applications (IAC) of the Italian National Research Council (CNR) as an example of an organization which engaged application firewalls in resolving its network security problem. Research Analysis/ Body The development of Information security is of paramount importance to organizations that have online presence. The primary goals of information security are confidentiality...
Words: 1701 - Pages: 7
...McCumber Cube What is the McCumber Cube? model framework for establishing and evaluating information security (information assurance) programs What are the three dimensions of the McCumber Cube? Desired goals, Information states and security measures What are the desired goals? Confidentiality , integrity and availability. What are the information states? Storage, transmission and processed What are the security measures? Technology, policies, people Define confidentiality as it relates to the McCumber Cube. Prevent the disclosure of sensitive information from unauthorized people, resources, and processes Define integrity as it relates to the McCumber Cube. The protection of system information or processes from intentional or accidental modification Define availability as it relates to the McCumber Cube. The assurance that systems and data are accessible by authorized users when needed Define storage as it relates to the McCumber Cube. Data at rest, information that is stored in memory or on disk Define transmission as it relates to the McCumber Cube. Data in transit, transferring data between information systems Define processing as it relates to the McCumber Cube. performing operations on data in order to achieve a desired objective. Define policies as it relates to the McCumber Cube. administrative controls, such as management directives, that provide a foundation for how information assurance is to be implemented within an organization Define people...
Words: 275 - Pages: 2
...How Do Data Breaches Occur? * Employee loses an unencrypted portable device (smartphones, laptop, thumb drive, backup tape) * Property crimes (computers prime targets) * Inside job (employee steals information) * Stray faxes, emails * Phishing scams and increasingly, Spear-Phishing (social engineering) * Malware / virus attacks (especially when working remotely on an unsecured network) * Failure to purge/scrub computing devices scheduled for destruction * Weaknesses in "Cloud" security Greek Market Vs Global Market – Security Incidents PWC – Information Security Survey 2013 “Must Do” Security Actions 1. Implement User Education & Awareness : * Communicating safely and responsibly * Using social media wisely * Transferring digital files in a safe way * Proper Password usage * Avoiding losing important information * Ensuring only the right people can read your information * Staying safe from viruses and other malware * Who to alert when you notice potential security incident? * Knowing how not to be tricked into giving information away This will ensure that all personnel who have access to information and information systems understand their daily responsibilities to handle, protect and support the company’s information security activities 2. Keep System up to date Systems and software, including networking equipment, should be updated as patches and firmware upgrades become...
Words: 681 - Pages: 3
...requiring banking and financial institutions to protect customers’ private data and have proper security controls in place. 3. Data Classification Standard – that defines how to treat data throughout your IT infrastructure. This is the road map for identifying what controls are needed to keep data safe. A definition of different data types. 4. IT Security Policy Framework- a set of rules for security. The framework is hierarchical and includes policies, standards, procedures, and guidelines. 5. Whom are you trying to catch (Black-Hat, White-Hat and Gray-Hat Hacker)- Black hacker a computer attacker who tries to break IT security for the challenge and to prove technical prowess. White hacker an information security or network professional who uses various penetration test tools to uncover or fix vulnerabilities, also called ethical hacker. Gray hacker a computer attacker with average abilities who may one day become a black-hat hacker, gray-hat hackers are also called wannabes. 6. Difference between Threats and Vulnerability – threat any action that could damage an asset. Vulnerability a weakness that allows a threat to be realized or to have an effect on an asset. 7. ? 8. Virtual private networks (VPNs), third-party e-mail redirect (i.e.,RIM/BlackBerry), laptops with VPN software, SSL-VPN tunnels. 9. Information Systems Security- the protection of information systems, application, and data. (Up Grade) 10. Access control- methods used to restrict and allow...
Words: 1761 - Pages: 8
...research paper/presentation on data security and leakage preventive solutions in the market. List all the regulations that apply to Financial Services, HealthCare industry. Data Security Summary: The major purposes of database security are confidentiality, accessibility, and honesty. The characteristics of these three are distinctive but they are correlated to each other. The information which is available in the database should be secured, must be spared from being assaulted, and to save the data or information which is secured to be done in a strong or effective way. Confidentiality is all about telling or giving the information with security. Secrecy of the information is all that much identified with the mystery. Secrecy in another word can be defined as privacy or confidentiality. Besides this, all the information or data which is stored need to be secured and also should be very easy to access to right persons. Accessibility is all about the accessibility of the information for the approved client at any given point where the customer or client needs it without any disturbance or discomfort to the client and at the same time security should strong enough that third person cannot access without permission. However, the approved client can get the way through to have access the available data. The troubles or problems occurred while accessing the data has its influence on trustworthiness that impacts the accessibility of the data as the approved client can get...
Words: 653 - Pages: 3
...$55 Million Dollar Data Breach at ChoicePoint Abstract Personal data breaches have become epidemic in the U.S. where innocent citizens sensitive information is being left unprotected and subsequently disseminated between hackers. ChoicePoint is an organization that is a premier data broker and credentialing service in the industry. The company was guilty of failing to fulfil their own policy of thoroughly evaluating prospective customer organizations which resulted in a major breach. The source of this failure will be evaluated as well as possible solutions. The punishment and repercussions will be evaluated for appropriateness and the reactions of the organization will be scrutinized for potential effectiveness. The root cause of the ChoicePoint data breach stemmed from the organizations failure to enforce their own policy of verifying the legitimacy of customers. The direct failure involved an inadequate background check which provided hackers with customer accounts. The hacker’s then utilized the accounts to illegally access databases and steal confidential data. There is a personal-data-loss database that contains data on regarding more than 900 breaches in the U.S. which is made up of more than 300 million personal records. Analysis of this database illustrated that 81% of the breaches were committed by malicious outsiders. This value relates specifically to records that were vulnerable to being stolen by identity thieves. Further this value illustrates...
Words: 1067 - Pages: 5
...customer information and the related data that is provided to the bank in order to business with them. In collaboration with Perimeter E-Security Company, West Suburban bank has excellent network security system that recognizes the threats within seconds and figures out a solution to fix the problem. Perimeter E-Security offers excellent information security and messaging services helping many businesses to secure their data from unauthorized users. West Suburban bank took advantage of the services provided by Perimeter E-Security as well in order to protect the assets of their clients. There are hundreds of defense methods however for this paper our major focus will be on the six defenses used by West Suburban bank in order to provide best security services to its clients and protect its information. We will be looking at firewalls, data security, Internet security, application security, access control and anti spyware defenses. Firewalls defense Firewalls implement security at every layer. Firewalls are barriers between a trusted network or PC and the untrustworthy Internet, it is a network node consisting of both hardware and software that isolates a private network from a public network. On the Internet, the data and requests sent from one computer to another are broken into segments called packets. Each packet contains the Internet address of the computer sending the data, as well as the Internet address of the computer receiving the data. (Turban, King & Lang, 2011, p.361)...
Words: 1408 - Pages: 6
...Security Monitoring Security Monitoring Hector Landeros University of Phoenix Security Monitoring In today’s business environment an organization may consist of various applications all in which require a certain level of risk assessment and security measures must be taken. Applications being used within the organization must be reviewed to determine security risks that application might have and how to protect the company from those vulnerabilities. Another factor that must be considered is a risk may vary between internal and external applications. There are many activities which can be incorporated into an organizations security plan which will help minimize possibility of a security breach. Policies Security monitoring is a method typically used to test or confirm security practices being used are effective. Most of the time monitoring of activities such as the review of user account logs, application logs, data backup and recovery logs or in many applications being used automated intrusion detection system logs. When using security monitoring one is trying to ensure that information security controls are in place are effective and not being bypassed at any point. One of the benefits of security monitoring is the early identification of wrongdoing or security vulnerability. Rudolfsky (1983-2010), “It will be difficult for a company to achieve information security objectives without security event...
Words: 525 - Pages: 3
...training, procedures, etc. With EPLAN, the main pieces for a disaster program would be around data. This company data is its key. This does not just contain customer data, but each individual’s data and their work needs to be backed up. Also they will need a plan for backing up all human resources filing and information, billing and finance and marketing data. First steps would be for the team to assemble a list of what are some of the hazards and assess the risks of losing this data. Second they would need to conduct an impact analysis plan to see if this will hurt the business. Third examine ways to prevent hazards from happening. With a company such as EPLAN, the team would evaluate all data and where the data is housed. Some servers are currently overseas but most data is stored in the office of Farmington Hills, MI. The server room is not protected by any Fire protection walls. The company data for employees are on their computers and are currently not being backed up onto the server as most of the employees work from home. The only employees that are backed up on the server are out of the Farmington Hills office. This office is where the Finance and human resource departments are located. So all of the electronic documentation is housed on the in house server but there currently they do not have a data warehouse to back up this data. All marketing data is housed on the marketing manager’s computer with no back up. This position works...
Words: 2318 - Pages: 10
...Data, data everywhere Information has gone from scarce to superabundant. That brings huge new benefits, says Kenneth Cukier (interviewed here)—but also big headaches A special report on managing information Feb 25th 2010 WHEN the Sloan Digital Sky Survey started work in 2000, its telescope in New Mexico collected more data in its first few weeks than had been amassed in the entire history of astronomy. Now, a decade later, its archive contains a whopping 140 terabytes of information. A successor, the Large Synoptic Survey Telescope, due to come on stream in Chile in 2016, will acquire that quantity of data every five days. Such astronomical amounts of information can be found closer to Earth too. Wal-Mart, a retail giant, handles more than 1m customer transactions every hour, feeding databases estimated at more than 2.5 petabytes—the equivalent of 167 times the books in America’s Library of Congress. Facebook, a social-networking website, is home to 40 billion photos. And decoding the human genome involves analysing 3 billion base pairs—which took ten years the first time it was done, in 2003, but can now be achieved in one week. All these examples tell the same story: that the world contains an unimaginably vast amount of digital information which is getting ever vaster ever more rapidly. This makes it possible to do many things that previously could not be done: spot business trends, prevent diseases, combat crime and so on. Managed well, the data can be...
Words: 12682 - Pages: 51
...blocked at the bus operator's convenience. 5. Full configuration be possible from bus operator's side in terms of seat layout, bus type, etc. 6. Specific attention must been given to user friendliness of the software. Complete flexibility is provided to define seat activation period. Operator can decide what period the inventory can be opened for bookings to be open. Multi-level Access The user ID's can be created for Head office, Administrator, Accounts, Agents, etc. Complete flexibility with secure access to defined functions. 7. Web Booking Bus operator will be able to power online booking on their website using their own payment gateway.8. Data Security Data is secure and access will be allowed only to bus operators with the exception of when required by law. Robust back up mechanism will be in place to ensure that there is no data loss. 9. Flexibility in fixing commissions Different commissions can be fixed for different agents based on bus operator's discretion. Commissions can also be based on route, service, etc. | | 10. Quota System Software provides for allocation of seats to particular agents or branch offices in the form of quota. Price Control Full flexibility in pricing with service level, date level, route level pricing control is possible. 11. MIS Functions Comprehensive MIS can be obtained from the system to monitor sales, collections, occupancy, etc. MIS can be fine tuned to suit individual operator requirements. Accounting Module The software allows the bus...
Words: 379 - Pages: 2
...Department of Veterans Affairs experienced a massive data theft on May 2006.A record breaking 26.5 million veterans sensitive data information went vulnerable due to a simple burglar. The data which got stolen includes names, Social Security numbers, dates of birth, as well as some disability ratings. Three personnel held accountable on this data breach, two of them are rank as a an agency supervisor had been demoted due to not reporting the security data theft immediately to their respective high ranking officials or high ranking personnel such as VA Secretary R. James Nicholson. On the other hand, the data analyst who took home the data and resulted for being stolen had been fired due to his action has violated agency procedure. The agency has estimated that it will cost between $100 million to $500 million to prevent and cover possible losses from the data theft. Though the theft occurred on May 3, 2006, the agency waited until May 22, 2006 to those who were affected. The delay was just one of many failures by Veterans Affairs in this incident. The GAO-Government Accountability Office (commonly known as the” Congressional Watchdog” organization) has issued multiple reports about VA cyber security problems since 2000, and the VA has received a failing grade in four of the past five years on an annual cyber security review by the House Government Reform Committee. The agency seems to focus on individual medical centers in fixing identified problems, instead of fixing...
Words: 446 - Pages: 2
