Introduction
Conducting a security audit in an enterprise is an essential aspect, considering that “every enterprise faces a multitude of risks”, many of which are related to information systems (Dunn, Cherrington, & Hollander, 2004).
Huffman Trucking is a US based, privately held logistical company operating since 1936. The company’s information system connects the company’s intranet to public. The present report is identification and the assessment of the organization’s information security.
Security Vulnerabilities
The results of the analysis revealed that the highest risks are associated with those threats which impact and probability are the most. Such results are largely based on some of the characteristics of the network in the organization, namely the topology of the network, the absence of data protection means, and the physical security represented through the identification of people allowed to physically access to IT infrastructure components, such as servers and routers (Drumheller, 2010).
Threats and Risks to Security:
- Correspondence interception.
- Loss or deletion of information
- Unauthorized access to software, databases, and servers.
- Intrusion into servers and databases
- System failure of servers
Recommendations (Internal Risks)
The purpose of the RCC is to increase internal security through enabling centralized management of “authorization for resources distributed throughout the enterprise (Ferraiolo, Ahn, R.Chandramouli, & Gavrila, 2003).
The reliance on passwords as means of authorization is a weak form of protection, as they can “quickly get into the wrong hands and provide unauthorized access to the system” (Dunn, et al., 2004, p. 453). Other forms of protection that can be considered might include biometric scanners or smart cards and tokens.
Limiting external risks of intrusion and protection of information can be achieved through intrusion detection and prevention systems (IDPs). Such solution can be used in addition to firewalls to provide a complex protection from external threats.
Recommendations (External Risks)
Targeting interception vulnerability, including emails, and/or any other means for information exchange between the intranet and internet, encryption should be considered within the security plan of the enterprise. Encryption protects data transmitted from and to the system.
RAID method of data protection should be extended throughout the whole enterprise, adding other means that provide strategic recovery plans for the organization (Beekman & Beekman, 2010).
Network security can be improved by using firewall systems or a high performance router.
VPN devices should be configured using strong encryption methods such as IPsec/IKE.
Conclusion
The analysis reveals that Huffman Trucking has several security vulnerabilities. The recommendations can fix the risks and threats.
References
- Beekman, G., & Beekman, B. (2010). Tomorrow’s technology and you (Introductory, 9th ed.). Upper Saddle River, N.J.: Pearson Prentice Hall.
- Drumheller, R. (2010). Conducting an Information Security Gap Analysis. Faulkner Information Services. Web.
- Dunn, C. L., Cherrington, J. O., & Hollander, A. S. (2004). Enterprise information systems: a pattern-based approach: McGraw- Hill/Irwin.
- Ferraiolo, D. F., Ahn, G.-J., R.Chandramouli, & Gavrila, S. I. (2003). The Role Control Center: Features and Case Studies. Association for Computing Machinery. Web.