The Security Issues that are Faced by a Particular Organization - Case Study Example

PROPOSED SOLUTION TO THE NETWOTKING PROBLEM OF AN ORGANIZATION Networking is an important aspect for any organization. This is because it facilitates communication between the staff of the organization, as well as facilitates the communication of the organization with other companies. Networking also helps in the sharing of the resources in an organization. Some of the resources that could be shared through the network include files, printers, and other computer resources. Networking also enables an organization to conduct its operations over the internet. Networking in any organization is vital and it should be done ensuring that all the necessary security measures are put in place. This paper intends to analyze the security issues that are faced by a particular organization, and provide solutions to curb the problem. Introduction According to the description given about the company, some of the assumptions that could be formulated are that: The company has no security policy in regards to their network. This means that the network is prone to many risks in regards to the confidentiality of their data. It is most likely that the company has experienced hacking because proper security measures have not been put in place. This also implies that the staff does not have confidence on the network when it comes to their personal data. They know that their personal information can be easily be accessed by malicious people for their own benefit (Oppliger, 2000, 19). The network as well as the database system of the company is not encrypted. This means that in the event of hacking by an unauthorized party into the DBMS of the company, the hacker can be able to steal the password of the staff and gain access into the system, where he/she can be able view and maybe tamper with the important information of the company. At some point, the hacker could steal the information and use it against the company either for money or for other personal reasons (Shim, Qureshi, & Siegel, 2000, 26). The email structure of the system is not secured. This means that the company is prone to many risks during the exchange of emails between the staff. One of the key challenges is eavesdropping. An unauthorized person taps into the system during the exchange of emails, and intercepts some of the important information by this process. The company has a high likelihood of experiencing this risk because their email system is not secured. Encryption, which is the process of transforming a piece of information into a way that cannot be understood by another person other than the sender and the receiver, has not been implemented into the email system (Prasad & Prasad, 2005, 27). In encryption, the only way the sender and the receiver can be able to understand the piece of information is through decrypting the message. This is the safest mode of transmitting an important piece of information on the web. Another assumption is that there is a problem of provision of the localized resources by the server of the company. The company lacks the services to make this provision, therefore in the event that a project, which is located in another network and needs use the resources that are located in the local server, the project cannot use the resources. This implies that the task will need to make use of the resources located in another server that is in another country. This process has a negative impact of the organization’s performance. It reduces the productivity of the company mainly because the project, which is part of the company, is using other resources that are not customized for the company. This means that the resulting project will not be of a high quality (Maxim & Pollino, 2002, 23). It will also have another negative impact on the company since the resources on the company will not be utilized effectively. This means that the company will be purchasing resources that are not fully utilized. This wastage of the company’s resources is not effective and productive for the company. The three networks can be assumed not to be networked. This means that communication between the staff in the different networks is not efficient. Without an effective communication in the company, the productivity of the staff will reduce. This is because there is no proper consultation between the staff. Communication breakdown has a major negative impact in any organization. From the problem statement, the following are the major issues that have been presented: First, the company suffers from a major amount of IT server sprawl, which puts pressure on the company to fund extra resources, as well as increase work force in order to cater for the repairs. Some parts of the network are not managed. This subjects the network to many risks, which according to the company, the risks are usually anticipated for. Based on the new corporate plans set for the company, the current network system will not be scalable in the next five to ten years when it comes to handling the company’s demands. As at the present time, the company does not support the use of personal devices, and this sets a drawback to the company some times, especially during new projects, the When a project that is located on a corporate site and requires making use of the resources on the localized server, the company does not have that provision. The project will therefore be forced to use the resources located on the server that is in another country. This will have an adverse effect on the performance of the company and reduce its productivity immensely. The productivity of the users in regard to the system, particularly when it comes to the use of email is generally poor. The email service of the company is not currently encrypted. This poses a great threat on the company when it comes to the security of the confidential information that is being exchanged through the emails. Currently, there is no VPN incorporated in the company. The internal network of the company is divided into three: (for the financial services contract), GEN (general use including for personal devices), and CORP (for corporate devices only). The VPN is essential to co-ordinate the three networks, but it is not present in the company. Due to the poor performance of the company, the video conferencing activities between offices as well as sites are not working optimally as they are required. The issue of security in the company is not managed properly in the company. This brings along a negative impact for the company. For instance, the testing for setups is not put into use. A wide range of devices, for example the operating system is not linked to a network currently. As of the present time, the company does not support a centralized management that can be used for patching through the systems. This means that there is no audit that is done on the versions of OS for the three networks of the company; the FINCON, CORP and GEN. When new systems are constructed, the process of installation is performed from the CD-ROM of the manufacturer of the software. Each of the software packages are set up by hand. Often, the packages that are required by specified members of staff are not made available. The infrastructure of the server, mostly the relational database, which is at the heart of the corporate networks, is described to be fragile, which results to the failure of the system. The MySQL RDBMS does not seem to handle the high demand of the company. The RDBMS that is confidential is utilized in the process of web facing the Internet of the web site. The network is out dated and the infrastructure of the server needs extensive sorting of all the web services/applications on the system. This practice is said to be a costly one. The entire infrastructure of the network, the process of its development, its function, among other attributes of the network, is not under supervision and it is controlled using the ad-hoc methods. The appropriate technological solutions that can be employed are: The use of encryption: This technology will help to ensure that the information that is being sent through the email system from one staff to another in the company is secured. The sender and the receiver of the message are the only ones who will be able to understand the information. The encrypted information will be transformed back to a form that can be understood through the process of decryption of the message upon its arrival to the receiver (Bhasin, 2003, 18). The sender and the receiver will poses an encryption as well as the decryption key that will enable this activity. VPN should be incorporated in the network of the company. This helps in securing the organization. Apart from that, VPN will enable the employees to gain access to the network of the organization without having to be in the organization (Beasley, 2004, 36). Through the internet, one will be able to gain entry into the system of the organization from anywhere. This is important for the organization since an employee might be away, through the VPN, he/she simply needs to have access to the internet to log into the network of the organization remotely and perform his/her tasks. The three networks in the organization should be properly networked to ensure efficient communication between the different staff in the organization. Proper networking system across the three networks will also facilitate the sharing of resources, for instance, printers. This will result to a reduction in the budget of the organization (Knipp, & Danielyan, 2002, 29). When some resources in the organization are shared, then the need to purchase more resources will be eliminated. The cost that was budget for purchasing these extra resources could be used in other activities of the company. Some potential solutions for the organization are: The organization has to ensure that the security of the organization is given priority. All measures of security should be incorporated in the organization. For instance, antivirus should always be updated and the staff should be warned against downloading files that they are not sure of preventing viruses from attacking the system (Merkow, & Breithaupt, 2000, 43). On top of that, the staff should be advised to change their system passwords as often as possible as well as use passwords that are a minimum of six characters and a combination of letters and numbers to prevent unauthorized users from hacking their passwords (Bhatnagar, 2002, 29). The organization should make it possible for projects located in other networks but within the network of the organization to access the resources from the local server. This will eliminate the wastage of the company resources and will ensure that the productivity of the organization is increased (INSTITUTE FOR CAREER RESEARCH, 2005, 35). This is because the projects of the company are using the resources that are customized for the company, therefore, the result of the projects will be satisfactory. This will also save on time because the access to the localized resources will be much easier as opposed to looking for resources that are located in other servers. The network should also be modified in a way that it can meet the company’s needs in the five to ten years to come. The network should handle the demands of the company as the years go by. Proper network system needs to be incorporated in the company to handle the company’s future demands. The installation might require a lot of capital, but if it is implemented, it will service the organization for a long time, and this will increase the performance of the company. When considering the installation of a new network system, the security aspects of the organization in terms of the network should also be put into consideration. In the design of the network, the security measures should also be enforced to help in the mitigation of the threats that might be faced by the network when in operation. The security measures will secure the information when being transferred from one party to another in the network. The server should constantly undergo the maintenance to prevent it from experiencing persistent breakdowns. The breakdowns are adding extra costs to the organization, as resources for repair as well as extra work force have to be budgeted for the process. These extra costs could lead to the financial challenges to the organization. This is so because maybe the organization had not set aside money for this purpose. However, since it is a pressing need, the organization will have to squeeze the available money to make a provision for the cost of repair that have cropped up. To avoid this situation, the organization should ensure that maintenance program has been budgeted for, especially the maintenance of the server. Reference List BEASLEY, J. S. (2004). Networking. Upper Saddle River, NJ, Pearson Prentice Hall. BHATNAGAR, K. (2002). Cisco security. Cincinnati, Ohio, Premier Press. BHASIN, S. (2003). Web security basics. Cincinnati, Ohio, Premier Press. INSTITUTE FOR CAREER RESEARCH. (2005). Computer security management. Chicago, Institute for Career Research. KNIPP, E., & DANIELYAN, E. (2002). Managing Cisco network security. Rockland, MA, Syngress. MERKOW, M. S., & BREITHAUPT, J. (2000). The complete guide to Internet security. New York, AMACOM. MAXIM, M., & POLLINO, D. (2002). Wireless security. New York, McGraw-Hill/Osborne. OPPLIGER, R. (2000). Security technologies for the World Wide Web. Boston, MA, Artech House. PRASAD, A., & PRASAD, N. (2005). 802.11 WLANs and IP networking security, QoS, and mobility. Boston, Artech House. SHIM, J. K., SHIM, J. K., QURESHI, A. A., & SIEGEL, J. G. (2000). The international handbook of computer security. Chicago, Ill, Glenlake Pub. Read More