Analyzing the Cyber Security … Professional
Pages: 8 (2510 words) | Style: n/a | Sources: 6
The company selected is a small and medium enterprise that offers financial services to its consumers such as provision of loans, depositing funds, withdrawal and also financial advice. Being the information technology senior analyst at the company, this written report encompasses an assessment of the firm's infrastructure and its sorts of vulnerabilities, the different security models to be employed in overcoming the related security risks, a security plan for the company and lastly a code of ethics to be applicable to the company.
The Review of the Company's Infrastructure and the Identification of all Types of Vulnerabilities -- Environmental, Physical, and Human
A risk analysis ought to pinpoint the risks to the resources, the network and also data. The analysis is purposed to determine the components, assess each of their importance, and thereafter implement a fitting level of security. The company will face environmental, physical and human vulnerabilities. Any vulnerability that is detected must be taken into consideration to alleviate any threat that could take advantage of the vulnerability. It is imperative to note that these vulnerabilities can be fixed by different approaches, comprising the application of software reinforcements, reconfiguring devices, or positioning countermeasures, for instance firewalls and antivirus software. This helps in making sure that there is a sustained and feasible poise between security and accessibility (Harris, 2013).
The physical security domain takes into account the threats and vulnerabilities that can be taken advantage of to physically safeguard the resources and sensitive information of the company. These resources take account of people, the organization in which they work, and the data, equipment, support systems, media, and provisions they employ. This encompasses the selection of a protected site, its design and alignment, and the approaches for safeguarding the facility against unsanctioned access, theft of equipment and information, and the environmental and safety measures necessary to safeguard people, the company, and its resources. Some of the threats and vulnerabilities consist of theft, loss of integrity of the system, physical damage, as well as unauthorized disclosure (Harris, 2013).
Another vulnerability faced by the organization is referred to as the integrity problem. Unnoticed change or alteration of information is much simpler to attain and achieve if the information being utilized is stored on electronic media compared to when it is stored on paper. This is both for the reason that modifications are more difficult to notice and pinpoint and also for the reason that there is more often than not a single copy of the information that necessitates alteration (Biba, 1977). Another aspect of vulnerability is authentication, which encompasses humans. To begin with, in the manual system, safe combination and also keys are entrusted to humans by their fellow humans and it is not in general hard to ascertain the trusted person. The individual opening a safe and observing the contents kept inside is more likely to be perceived by other individuals who will ascertain whether that individual is authorized (Landwehr, 2003). In addition, an individual with access to a safe is obligated to have an authorization adequate for him or her to perceive every file stored in the safe, devoid of breaching security. Persons with dissimilar clearance levels may have right of entry to the computer system, and therefore the system ought to have the capacity to make a distinction amongst its users and limit information admission to competent users. Since the computer will have admission to all the information it warehouses and taking into consideration it must provide access to those documents simply to certified persons, the authentication problem is intensified (Landwehr, 2003).
Suggestions and Discussions of Security Models that can be Used to Overcome the Associated Security Risks
A security model is an official delineation of a security policy. A security policy is able to seize the security needs of an organization or enterprise or outline the phases that have to be undertaken to attain security. In particular, security models are employed in the assessment and evaluation of security and at times for evidences of security. It is imperative to note that if the design system is intricate, it can only be delineated by complex models, and it comes to be hard to find evidences of security. If an enterprise wants security properties that can be verified, then it is better off when the intricacy of the security model is restricted. It is important to note that the more open and communicative a security model is, both with regard to the security properties and the systems it can define, the more problematic it is typically to authenticate security properties (Harris, 2013).
There are three security models that can be employed to overcome the related security risks. With regard to physical security, the model ought to take into consideration through deterrence with regard to crime and disruption safeguarding. Another element is the diminishing of damages through the utilization of delaying mechanisms, such as security staff and locks. There also ought to be the element of crime or disturbance recognition and incident assessment through reaction to events and determination of the levels of damage. In this regard, the security model selected is the Crime Prevention Through Environmental Design (CPTED) model (Harris, 2013). This model is suggested, owing to the fact that it delineates the fitting design of a physical setting through the reduction of crime by having a direct influence on human behavior. The model has three key approaches, which include natural surveillance, natural access control and lastly territorial reinforcement (Harris, 2013). Natural access control encompasses the supervision of individuals entering and exiting a space by the placement of doors, fences, lighting, and remodeling. Secondly, natural surveillance encompasses the utilization and placement of physical environmental features, workforce pathways, and activity areas in manners that take full advantage of perceptibility. The objective is to make criminals feel uneasy and make all other persons feel secure and comfortable, by means of observation. Lastly, there is territorial reinforcement, which is achieved through the use of lighting, landscape and walls (Harris, 2013).
These security models consist of open, closed and restrictive models. In this particular case, the restrictive security model is the most ideal to execute. A small number of security measures are executed in this model. The company ought to constitute prevailing hardware and software basic security proficiencies. Firewalls, virtual private networks (VPNs), intrusion detection systems (IDSs), together with other measures are carried out. The basis of this model will be having passwords and server security. In addition, if there is the need for encryption, such actions will be undertaken by individual users or on servers. This model makes the assumption that the protected assets are negligible, users are trustworthy as well as reliable, and threats are marginal. Nevertheless, this does not disregard the requirement for data backup systems in a great deal of open security policy circumstances. This model selected is particularly fitting, owing to the fact that it provides the users free access to all areas. Therefore, when breaches in security take place, they are most likely to bring about significant damage and loss. Therefore, the network administrator will not be deemed accountable for abuses and breaches in the network (Stallings and Brown, 2012).
With the company in consideration being a financial institution, another recommended security model is the Chinese Wall Model. This is for the reason that the analysts in the financial organization have to cope with a number of consumers and also have to evade conflicts of interests (Brewer and Nash, 1989). The policies in this particular security model are a simple security property. This is in the sense that accessibility to the system is granted and sanctioned if the object being requested is in the similar corporation dataset as an object previously accessed by the subject. Secondly, access is approved if the item being requested has its place to any class having a conflict of interest opened by that subject (Brewer and Nash, 1989). In the same case, the Bell and LaPadula Model (BLP) can also be employed. This particular security model places no limitations upon the interrelationships between objects. More so, it does not necessitate them to be hierarchically ranked into company datasets and conflict of interest classifications (Brewer and Nash, 1989).
The Design of a Robust Security Plan for The Company
The security plan of an enterprise takes into consideration making certain that all aspects of access are addressed and that the persons that are not granted any access do not get a hold of any element of the enterprise. The safeguarding of the business and its reputation, boils down to establishing, executing and monitoring a stout and forceful security plan that sufficiently takes into account all aspects, from physical access and theft to the risk of having technology security that is compromised. This encompasses the definition and delineation of acceptable uses of the network as well as business resources in order to dissuade and put off unfitting and wrong use. The design of the security plan of the company will encompass the following components:
1.… [END OF PREVIEW]
Cite This Paper:
APA FormatAnalyzing The Cyber Security. (2016, June 25). Retrieved March 29, 2017, from http://www.essaytown.com/subjects/paper/analyzing-cyber-security/8708204
MLA Format"Analyzing The Cyber Security." 25 June 2016. Web. 29 March 2017. <http://www.essaytown.com/subjects/paper/analyzing-cyber-security/8708204>.
Chicago Format"Analyzing The Cyber Security." Essaytown.com. June 25, 2016. Accessed March 29, 2017.