The reassessment of security issues and their impacts on Adventure Works business processes - Essay Example

? Full Paper Executive Summary This document will highlight the reassessment of security issues and their impacts on Adventure Works business processes. Security and contingency planning is vital for any organization, as they ensure protecting critical assets as well as maintain business processes. A security policy is essential, as it defines the overall action plan of a security incident or procedure. Apart from the Firewall installation at WAN interfaces, there are no security measures, which may demonstrate a safe network environment. Moreover, Adventure Works is planning to make an online presence. In order to promote business on the web requires certain security measures and a fail / safe network environment. After reviewing, the factors that may disrupt organization services are identified below: No Security Policy Defined No Protection of critical Assets on the network No proper data backup policy Moreover, some critical issues or weaknesses that may influence an organization’s business operations need to be addressed on an urgent basis. The top rated issues are: {Security Issue No 1}: No data backup policy defined {Security Issue No 2}: No Disaster recovery plan defined {Security Issue No 3}: No Support for Server requiring 100% uptime {Security Issue No 4}: No IP surveillance for critical server {Security Issue No 5}: In sufficient security for LAN It is vital for Adventure Works to overcome these issues as soon as possible, as these vulnerabilities will directly affect the business operations of the organization. Creating Security Policy As there is no security policy defined currently for Adventure Works, the new security policy will illustrate the implementation procedures of security controls that are identified by analyzing the current network and business practices. {Security Issue No 1}: As the organization is maintaining Entity Resource Planning and Customer Relationship Management Server that are considered as core servers may face loss of data or server crash that may result in halting the services. Adventure Works is dependent on these servers, as these servers process most of the paperless work, creating a backup on a regular basis is essential. Recommendation: In order to incorporate a mirror of these servers, disk-mirroring techniques using RAID is recommended. As RAID will synchronize the data on two servers simultaneously, if any one of the server stops responding, the other service will be triggered to ‘primary operation’ mode. {Security Issue No 2}: As one of the branches of Adventure Works is in Mexico, there is a possibility of an earthquake. The impact of earthquake may create disrupt the overall operation of an organization’s network, as well as loss of data. Recommendation: Relocating the instance of critical server data on a different location may be a better choice. In that case, if an earthquake affects Adventure Works network seriously, the data can be extracted from the second location. {Security Issue No 3}: As the core servers of Adventure Works are CRM and ERP, there is a requirement of making their availability 24/7. Moreover, an alternate connectivity is also required that may make them operational if the primary network access is not available due to some issues in a switch. Recommendation: in order to ensure stable power supply, a Power over Ethernet technology is recommended. A comprehensive definition is available in network dictionary, which states as “Power over Ethernet (PoE) technology describes any system to transmit electrical power, along with data, to remote devices over standard twisted-pair cables in an Ethernet network. This technology is useful for powering IP telephones, wireless LAN access points, webcams, Ethernet hubs, computers, and other appliances where it would be inconvenient or infeasible to supply power separately.” Moreover, the network engineer can rout a dedicated alternate network connection for making the server operational. {Security Issue No 4}: As the servers process most of the organization’s critical data, there is a requirement for protecting them from vulnerabilities and threats. One of the threats will be an unauthorized access to steal or delete critical data that reside on them. Recommendation: In order to prevent unauthorized access, Installation of IP surveillance cameras is recommended. The surveillance system will monitor the presence of organization’s employees on these servers, as only authorized personnel will be allowed to access the system. {Security Issue No 5}: The current network scenario of Adventure Works is lacking adequate security measures. Currently, only the firewall is responsible for handling internal as well as external threats of the network. In order to handle threats and vulnerabilities, there is a requirement of a security appliance, which may monitor internal network for possible threats. Recommendation: incorporating an Intrusion detection based system is recommended, as it will provide adequate security internally as well as from threats that may bypass firewall. Configuring VLAN may also be beneficial, as the network contains financial data from the finance department. VLAN will create dedicated channels of data transmission within each department and ensures security with encryption techniques. Assets Identification Identification of an asset is necessary. The owners of respective assets that might be a server, application or a network device on a network, needs to evaluate and categorize assets on the basis of three criteria (Identification and assessment of assets and risks ): Confidentiality Integrity Availability The core assets for Adventure Works are: Entity Resource Planning Server Customer Relationship Management Server Threat Assessment Threats that are associated with Adventure Works are categorized in to three sections i.e. Natural Threats include Earthquake, Fire, and Floods Intentional Threats include data theft, hardware component theft, eaves dropping Unintentional Threats include human errors, overlooked configured network device etc. Laws Regulation and Policy As Adventure Works is located worldwide, every country is associated with different data protection laws. As Adventure Works is recognized, as a manufacturing company, engineering designs related to metal and bicycle must be protected. Moreover, in order to maintain documentation of international standard, Adventure Works must incorporate ISO standard documentation. Furthermore, Adventure Works is bound under the agreement of meeting all the safety measures by law. Current Organization Policy Adventure Works currently have no policy that may relate to laws and regulations. As there are no policies in place, the organization is in risk of making mistakes related to strategic goals. Moreover, utilization of resources may not be at the optimal level along with unprotected critical assets. Furthermore, without a policy, Adventure Works may not be able to generate 100 % productivity and may make critical mistakes. Recommendations Adventure Works must create and enforce an organizational policy that may demonstrate security goals. Policy creation is followed by regular reviews and updates. Vulnerabilities As per network dictionary, vulnerability is defined as “Vulnerability refers to a flaw or weakness in a system’s design,implementation, or operation and management that could be exploited to violate the system’s security policy.”As mentioned before, Adventure Works requires 100% availability of an ERP and CRM server. Server Vulnerability Loss of Power Justification The power source cannot provide electricity because short circuit has damaged the cables or it is accidently plugged out by the maintenance staff, vendors or network engineers. The server shuts down accidently due to certain loss of power, resulting in halting all the services and primary operations of the organization. Risk Servers can be affected by a power loss or failure from a short circuit, unplugging the server, or damaging wires if not cabled properly. Recommendations PoE (Power over Ethernet) will provide a dedicated power supply to the servers. References Power over ethernet. (2007). Network Dictionary, , 382-382. Identification and assessment of assets and risks Retrieved 6/25/2011, 2011, from http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Identification_and_Assessment_of_Assets_and_Risks.htm Vulnerability. (2007). Network Dictionary, , 520-520. Read More