The IT Infrastructure of the Pharmacy Business - Case Study Example

Information Systems Security Introduction Information security is a particular approach of protecting confidential data within computer security system. It precisely includes protection from unauthorized access, disturbance or destruction to a set of information and data in any computer networks. It includes mitigating the threats for both the physical as well as the electronic data. Business units in the present day context have been under high alert with regard to their security towards information from cyber criminals. Likewise, companies have strengthened their cyber security procedures, so that confidential business data would be secured effectively. Notably, there are several approaches through which business sector and others domain intends to deal with the increasing issues of cyber threat. A strong security risk assessment of the information is important in dealing with network threats. Proper management of the records of a business is also deemed to be important in information security. Again, proper control and access of people to information should also be assured to deal with security threats. IT security should focus on aspects such as network security, physical security as well as data security (Olzak, 2010). This particular essay discusses about the potential physical as well as logical threats that require attention in a pharmacy with regard to networking and data storage. Potential threats of Information Security in the Pharmacy With the transforming nature of the business sector, business units have been urged to be involved in extensive use of Information Technology (IT) in their business operations. In this regard, the potential physical and networking risks associated with the use of IT in business could not be ignored. The pharmacy business will need to implement basic IT components in business such as Firewall, Desktop computers, Windows 2012 active directory domain controllers (DC), Dedicated T1 connection and File server among others. All these components will have their own physical and logical threats in case of their improper implementation. Physical and Logical Threats and its Potential Impact on Business Physical threat has become quite common in the present day business activities. One who can access to the secured information storage areas in business could be able to commit any malicious crime against the well being of the business. Hence, the organization needs to focus on enhancing its physical security control, so that overall risk and uncertainty of the business could be minimized. On the other hand, logical threat refers to the aspect of impacting the software of the IT infrastructure and not on the hardware components in any manner. Notably, the pharmacy business is currently using Firewall, Desktop computers, Windows 2012 active directory domain controllers (DC), Dedicated T1 connection and File server for its IT operations all of which are open to both physical and logical threats (Digital Preservation management, 2014). Firewall Firewall is extensively used to prevent networking theft and other computer security issues. In the absence of firewall, business units or any computer network will not be protected again external physical threats. The physical threat for the absence of firewall in the pharmacy may be in the form of human error such as improper handling of the system. The logical threat for the system may be in the form of theft of highly sensitive data. This can impact the secrecy of the business data negatively. Desktop Computers Desktop computers are important parts of IT operations in any business. Likewise, in the daily operations of the pharmacy, desktop computers are in extensive use for data storage and stock management of medicines. Desktop computers used by the pharmacy may be damaged physically, which may harm the entire business. Improper installation of desktop computer can also lead to physical damage. When the configuration of desktop computers is not configured appropriately with one another, physical damage tends to occur. This physical damage can lead to inappropriate shutdown of the system, which will result in data loss in most of the cases (Digital Preservation management, 2014). Unauthorized use of the desktop computers is a logical threat and can certainly harm data confidentiality and privacy issues for the pharmacy business. Windows 2012 Active Directory Domain Controllers (DC) It is a directory services designed by Microsoft to be used in its windows product. It provides a set of process and services mainly for the business sector. Notably, the work of an active directory (AD) is authenticating as well as authorizing the users in computers networks. Contextually, in the operations of the pharmacy, it will be important to install Active Directory within the networking of the business. Active Directory of Windows 2012 also has its own physical threat. The use of tools like Active Directory Permissions Analyzer may enhance the process of detection, which will further exploit the system. The potential impact of this particular physical attack is that once access is gained in the Active Directory domain, the overall IT structure of the business can be damaged substantially (Digital Preservation management, 2014). Again, when there is weakness in the software used within the active directory, one can take the advantage and attack the system without a systematic account by intruders. In this way, the smoothness of the system can be affected. Dedicated T1 Connection T1 connection is high speed connection that enables transfer of large files in a rapid manner. It also allows faster internet and web browsing facilities, which saves a lot of time during any business operations. It ensures maximum reliability for the pharmacy business since, it is secured and provides commendable services. In the operations of the pharmacy, a T1 Connection can lead to different physical threats that include hardware malfunction, human error and natural disaster such as fire or flood while using the network and improper maintenance of the network among others. The impact of this particular physical threat can be in the form of loss of network connection, inappropriate shut down of browsers and error in internet connection among others. These factors will certainly impact the operation of the pharmacy business by affecting the smoothness of the work process (Digital Preservation management, 2014). Logically, within the T1 connection one can dispatch ICMP packets within the network to force it to operate more than the authorized capacity. This will impact the speed of T1 connections in negative manner. File server Computers connected to any particular network for storing computer files are known as file server. This server can be used for storing documents, images as well as other important data associated with any sort of business. This sort of server can also be damaged physically or through inappropriate execution of data by the users. Improper handling can be the most vital physical threat to file server. When the users do not use file server on the standard process, problems deemed to arise in the functioning of the same (Rouse, 2014). This can lead to loss of confidential data from the server, which can extensively harm the business of the pharmacy (Digital Preservation management, 2014). With regard to logical thereat, a person can use the data in the file server, which would harm the entire IT infrastructure of the business. Security Controls of the Physical Threats There are numerous forms of security controls used to deal with physical threats including administrative, preventative, detective as well as corrective measures. The physical threats that have been identified in the earlier part must be mitigated with the assistance of corrective, preventive as well as detective control. The physical threat of improper handling of the equipment can be mitigated with the help of corrective measures. In this control, the impact caused by the physical threat to the entire IT infrastructure will need to be corrected with the assistance of IT experts. Furthermore, the physical thereat of inadequate maintenance of the system hardware will need to be mitigated by the pharmacy business with the help of the preventative control measures IT regulations and policies. In this regard, inappropriate maintenance of the hardware system will be prevented to the maximum extent. Again, the physical threats of non-adherence to the standard process of functioning in file server can be mitigated with the help of detective controls. The problems will need to be detected in a specified process and measures will be taken accordingly. The physical threat of instability of the materials can be controlled with the help of corrective approach. In such approaches, improper configuration of the IT infrastructure will be detected and likewise, measures are taken for reconfiguring the same. Again, natural disaster is also another physical threat to the IT infrastructure of the pharmacy (Enterprise Risk Management, 2014). Since, these aspects could not be predicted in the business domain, preventive measures are appropriate for controlling such threats. Security Controls of the Logical Threats With regard to the logical threats preventive, corrective as well as detective controls must be used to mitigate the issues. The logical threat of theft of the confidential data can be mitigated with the help of detective and preventive measures. This sort of threat is required to be detected initially and then, prevention measures must be adopted for avoiding any future occurrences. The logical threat of unauthorized use of the IT system can be mitigated through corrective measures such as strengthening the authentication process. The logical threat of attack on the weak parts of the IT infrastructure can be controlled with the assistance of the corrective methods. Again, in order to control dispatch of ICMP packets on the network, preventive measures control must be implemented to strengthen access to such networks. Again preventive measures must also be taken to protect the data in file server from being used appropriately against the overall IT network of the financial business (CIPP Guide, 2010). Strategy for addressing the Physical Threats Physical threats in IT infrastructure can be mitigated with the assistance of risk mitigation, risk assessment, risk acceptance, or risk avoidance strategies. The physical threat of human error can be mitigated with the use of risk acceptance. Since, this kind of risk could not be forecasted, it is appropriate to accept such risk and take measures to deal with it. The physical threat of improper system configuration can be addressed with the strategy of risk mitigation where proper measures must be taken to reconfigure systems to ensure proper flow of data within the pharmacy. The physical threat of improper handling of the equipments can be addressed with the help of risk avoidance strategies. In this regard, proper training must be provided to the pharmacy staff, so that IT infrastructure is used effectively and coordinately for the benefit of the business. Again, the physical threat of inappropriate maintenance of the IT infrastructure can be addressed with the help of risk assessment. Such risk must be assessed well in advance and measures must be taken for its eradication (Enterprise Risk Management, 2014). Strategy for Addressing Logical Threats The logical threat of information theft can be addressed with the assistance of the risk avoidance strategy. Since this sort of risk could harm the most to any business, it should be avoided well in advance. Again, the logical threat of unauthorized use of computer system should be addressed with the help of the risk mitigation strategy. Desktop computers should be authenticated in a manner that it does not allow any unauthorized access to it. The logical threat of attack on the weaker part of IT infrastructure can be mitigated through risk assessment. The section of the IT infrastructure, which needs proper amendments should be assessed and mitigated. The logical threat of unauthorized access to networks could be minimized through risk assessment strategy, while the threat of improper access of data can be addressed through risk avoidance strategy (Enterprise Risk Management, 2014). Conclusion From the overall analysis of the paper, it can be comprehended that in the present day context, security of the IT infrastructure of the Pharmacy business should be managed from various forms of threats. The threats to any IT infrastructure can be in the form of logical and physical threat. Likewise, several logical and physical threats have been identified in the IT operations of the pharmacy business. Notably, the identified threats can prove to be harmful for the entire business one way or the other. Contextually, effective risk management and control strategies have been recommended to deal with each of the threats in the long run. Hence, it can be concluded that for proper IT operations, Pharmacy business is required to adopt numerous noteworthy measures to deal with the external and internal threats. References CIPP Guide. (2010). Access controls. Retrieved from https://www.cippguide.org/2010/08/17/access-controls/ Digital Preservation management. (2014). Physical threats. Retrieved from http://www.dpworkshop.org/dpm-eng/oldmedia/threats.html Enterprise Risk Management. (2014). Physical security. Retrieved from http://www.emrisk.com/knowledge-center/newsletters/physical-security Rouse, M. (2014). Physical security. Retrieved from http://searchsecurity.techtarget.com/definition/physical-security Olzak, T. (2010). Security administrative controls - part 1. Retrieved from http://www.brighthub.com/computing/smb-security/articles/2388.aspx Read More