Concepts of IT Security - Coursework Example

IT SECURITY ANALYSIS IT Security Analysis Introduction Information technology (IT) security deals with the security issues that involve computer systems. The security problem here means the data protection through discovery of unauthorized activities by the user of these computers. Most companies that have computer systems typically contain some sensitive information that they must protect. This paper is going to give an analysis of the security background carried out by Enigma Security Services analyst about a particular company. Some of these will be the most likely security threats, physical protection of resources, personal issues involved in the security matter, some ways of security awareness, education and training. IT Security Analysis Based on the findings, the company has been found to contain various assets and computer accessories that might be at risk. Among the property, found involves both the hardware and the software. Some of the hardware assets that were realized are computers themselves, and connection cables including the data cables, the hubs, routers, switches, internet modems and software disks among many others. On the other hand, some software like computer application program, account passcode and users account among many others were found to be at risk in the company. From the analysis that was conducted using different mechanisms, the following are the two categories of some of the security threats that are most likely to cause insecurity within the company. These categories are natural threats and human threats. Among physical risks, we have hurricanes, earthquakes, fire and floods that can cause severe harm to the company computer system. This danger in case of their occurrence, they can cause destruction of hardware that may lead to loss off some valuable information and some software through the destruction of the hardware. On the other hand, we have human threats. These can be caused by both the inside employees, former employees or some outsider attackers who are after getting information from the company system to attain their goals or to harm the company. Inside employees who are aware of the system codes and applications can plant viruses, worms or Trojan horses in the company system so that they can browse through all of the company file systems. Other threats are from malicious attackers who will hack into the company system to disrupt business activities or taking some information that may be of importance to the business competitors. Some of them may just have interest to steal some of the computer hardware like modems, routers, laptops among others. Other than these threats, the company may also face threats from authorized users that may not be aware of how to operate the computers. Sometimes, the operators carry out activities that they are unaware of leading to errors and omissions. These can cause more significant data to be damaged, lost, or altered (Communicatingcomplexity.com, 2015). Other threats the company is likely to face is activities of untrained employees in computer and do not know the security vulnerabilities and threats. Example of these employees includes like those who opens a Microsoft Word document, edit it and saves it using notepad. As a result, severe damage is caused by the saved document. In addition to these threats, also wrong entries by system administrators and clerks, installation of incorrect programs in the computers and more other activities that may cause the system to crash leading to loss of information. More threats may also arise because of carelessness of some employees. Examples of them are those who leave their accounts open on computers used by different users. There are also those employees who accept to be bought to give out some of the companies important information is including passwords. By so doing, they enable hackers to access company system files easily and do anything they want with them. All these and more are some of the threats that the company is likely to face, and it has put some controls in place to prevent them from happening. Among the controls the company has brought in place, includes the following. To prevent company assets from getting lost, the company has employed security officers to be keeping safety by ensuring that neither the employees nor any visitor leaves the company with its property (Evan Perez, 2015). In addition to that, the company has strategized firefighting equipment to fight fire in case it breaks out. Likewise, the company has constructed a tall wall around it to prevent floods from destroying its assets in case it occurs and to prevent thieves from sneaking into the company. To avoid sharing of computers in the company, the company has bought enough computers for every employee so as no one can see what the other one is doing. The other control that the company has put in place is on how to prevent employment of untrained workers. The company has attained that by having employed IT experts to be interviewing the applicants before they are used (Falcon and Falcon, 2015). Lastly, the company has installed active antiviruses in all of its computers to be scanning for viruses in its file systems. These are among the current controls that the company has put in place to increase on its security matters. Though the company has employed all these measures in place, still there are more countermeasures that it should take on to improving the protection of its assets. Some of these suitable measures include the company needs to employ a central system administrator with an advanced technology, which will be in control of all the machines from the server point. The involved individual should have the ability to detect the operation of every computer and check if it is in line with whatever that computer should be doing. If not, then they should recognize whoever is using that computer as a hacker trying to access information from the system without permission (Ieeexplore.ieee.org, 2015). In addition to that, for the sec of the company to protect its assets from theft, the company should install some CCTV cameras all over to be taking videos of every event and activities that goes on within it. This will help the company to detect in case of any of its assets missing who the thief is. In addition, these cameras will assist the company to monitor its employees and identify any malicious behavior among them (Info.com, 2015). Moreover, to prevent the risk of unawareness among the employee, the company should come up with a training team. The main purpose of this group should be to train the company’s new employees on how to use some of the company’s system application software. The group should also be responsible for teaching them of the company’s rules and regulations as far as security and secrets are concerned. Apart from that, the company should encrypt its entire system file with a different passcode to protect them from hackers. The company should also need to be updating its systems now and then to make it hard for the hackers to realize its exact IP address. The company needs only to install application programs that are only used for the company production and not any other application. The essence of this is to protect the computers from crashing due lack of enough spaces in the hard disks and from protecting employees from doing other thing with the machines which can cause loss or change the stored data in the system. Other than that, the company system needs to have system file recovery application. The application should be used to recover lost or deleted file from the systems that may have arisen from a mistake by the employee or removed intentionally from some employees who may be have been bought by the company competitors to do so. The data may have also lost because of the system crash or failure. Still this can be as a result of some outside hackers who may have managed to hack into the company database and interfered with its files (Info.com, 2015). Still on that, the company needs to generate its password for each user in the system. The passwords should only be editable by the server and not the user. This will help to improve the security by limiting the possible guesses by hackers who may guess common passwords used by many people. For example the year of birth, names of their loved one and more others. Similarly, the company needs to be encoding its information that it needs to transfer through Internet before sending. The essence of this is to safeguard it from those hackers who regularly take advantage of the weakness of the communication protocol to access data. The above listed are among the other many security measures that the company should put into considerations. For the company to improve the security of its assets, it needs to employee some of the following physical security policies. First, every employee should have a personal room from which he or she works. The rooms should have padlocks with only keys being accessed by the owner of that office. This will reduce the rate of theft among the employees, as none will be able to access other ones assets (Info.com, 2015) The company also needs to install a gate and other access controls with sensors, CCTV cameras and biometrics. It should do this to detect anyone tampering with any of the company’s assets and taking his or her image thus making it easy to be found. The company should also install alarms in every room and have communications such as LAN/WAN and phone lines so as to ease communication among the workers in case of anything like fire breakout, network problem amongst others. Moreover, the company should employ more security guards in every corner to ensure that no unauthorized person gets in the company. They should also make sure that vulnerability of the company assets by both the employees and outsiders is not compromised. Finally, the company should employ secret agents to be going round and round to monitor the activities of the company employees. They should also be monitoring on the productivity of the company as well as on the security of the employees (Mcafee.com, 2015). Since the company has no option other than protecting its business, it has to have some legal laws that would help it to protect its business. To start with, the company must have an agreement with its employees on the secrets of the company. None of the employees should ever reveal or give out any of the company’s private information like the passwords (Mcafee.com, 2015). Still on the same, the employees should agree with the company that none of them should even attempt to walk away with any of the company’s assets. Every employee should stick to his or her duties without interfering with other ones activities. They should agree that breaking any of the rules should lead to him, or her being sued by the company. The company information and operation should be considered private. That is to say, any hacker caught attempting to access any of the company system should be sued, and legal action taken upon him or her. It should also be well known that if found mishandling or misusing the company assets, you be taken to court for legal actions to be taken upon you. On the other hand, it should also be made clear that no employee is allowed to go beyond what the company is legalized to do by the government. If anyone found, he or she should also be taken to court for legal action to be taken upon him or her (Medical News Today, 2014). The above stated legal actions are recommended due to various assumptions. To start with, legal actions should be taken to any employee found giving out some of the company’s private information because; some works can easily be bought by the company’s competitors to given then the company’s passwords. The competitors may use these passwords to hack into the company system and interferes with its operations. Likewise, none of the employees should be allowed to leave the company with any of the company’s assets because; some of the employees, if allowed, can end up stealing some of the company’s properties (Seek.com.au, 2015). In addition, none of the employees should be allowed to operate beyond the company’s restricted limits. Some of them can end up doing some things that are against the government law. They may also do them intentionally as a way of ravaging to the company, or the company’s competitors may hire them. The actions may lead to the close of the company by the government hindering it to attain its goals. Legal actions should also be taken to anyone found mishandling the company’s assets because, it is assumed that some people just have that nature of misusing things thus if nothing is done to them, they will make the production costs of the company expensive us it will be required to repair its machines now and then (Webcrawler.com, 2015). To improve the efficiency of operation and its system security, some security training, awareness and education needs to be conducted. The company can achieve all these through various ways. There is a need to have some training manuals on every software application that is installed on its system. The new employees who may not be much sure with the way that the application works should use the manuals. The company also ought to employ a team of professionals who know all the required security issue. The team should be there for consultations by the other members of the company who may not be much aware of the security issues (System.webcrawler.com, 2015). There should also be organized outings for the employees to some more advanced IT center. The employees should take those opportunities to learn more about system securities in the areas that they are not much informed off. Thus, they may come back and the employ that knowledge gained from those trips in their company when they come back to resume their normal duties. Additionally, the company should be organizing its internal seminaries to allow its employees to share whatever they know among themselves. It should organize internal competitions among its employees and encourage security awareness among its employees by awarding the best-informed ones. As a result of this, every employee would work extra hard to be much informed so as also to win an award next time thus promoting awareness among them(Traplana.com, 2015). Apart from all that, the company can also create awareness among its employees by providing them with online tutorials on the matters concerning system securities. These tutorials should also involve videos on how to tackle natural threats like fires and some human threats. Examples of these human threats should involve the safety ways of transmitting information over internet, protecting your system from unauthorized intrusions, how to recover lost data, ways of protecting your computer from crashing, and more other system security measures (Tripathi, 2015). Conclusion In conclusion, IT system security is an essential aspect that the company must deal with it seriously. It is all concerned about information security that is very private to the company and must not be linked to any outsider. Though the company has some control measures in place, it still needs to do something about it. As stated in this report, the company needs to employ the new measures to improve its security. The company also needs to create some of the legal measures stated in this report to increase its system security and to create security trainings and awareness to its employees. The company must also do all this else it risks facing insecurity issues that may interfere its business activities. References Communicatingcomplexity.com, (2015). Creating Awareness - reaching your target audience | Communicating Complexity. [online] Available at: http://communicatingcomplexity.com/adoption-ladder/creating-awareness [Accessed 21 Mar. 2015]. Evan Perez, C. (2015). Massive Postal Service breach hits employees and customers - CNN.com. [online] CNN. Available at: http://www.cnn.com/2014/11/10/politics/postal-service-security-breach/ [Accessed 21 Mar. 2015]. Falcon, A. and Falcon, A. (2015). 60 Creative Public Awareness Ads That Makes You Think. [online] Hongkiat.com. Available at: http://www.hongkiat.com/blog/creative-public-awareness-ads/ [Accessed 21 Mar. 2015]. Ieeexplore.ieee.org, (2015). IEEE Xplore - Sign In. [online] Available at: http://ieeexplore.ieee.org/.../05... [Accessed 21 Mar. 2015]. Info.com, (2015). Computer Actions‎ - info.com. [online] Available at: http://www.info.com/Computer+Actions‎ [Accessed 21 Mar. 2015]. Info.com, (2015). Computer System Security‎ - info.com. [online] Available at: http://www.info.com/Computer+System+Security‎ [Accessed 21 Mar. 2015]. Info.com, (2015). It Security Analysis - info.com. [online] Available at: http://www.info.com/It+Security+Analysis [Accessed 21 Mar. 2014]. Mcafee.com, (2015). Network Security – Virus Alerts | McAfee Threat Center. [online] Available at: http://www.mcafee.com/us/threat-center.aspx [Accessed 21 Mar. 2015]. Medical News Today, (2014). What is physical therapy (physiotherapy)? What does a physical therapist (physiotherapist) do?. [online] Available at: http://www.medicalnewstoday.com/articles/160645.php [Accessed 21 Mar. 2015]. Secure Cloud System, (2014). 5 Reasons Free File Sharing Can Be Insecure - Secure Cloud System. [online] Available at: http://securecloudsystems.com/5-reasons-free-file-sharing-can-be-insecure/ [Accessed 21 Mar. 2015]. Seek.com.au, (2015). IT Security Analyst / Consultant Job in Auckland - SEEK. [online] Available at: http://www.seek.com.au/job/28356510 [Accessed 21 Mar. 2015]. System.webcrawler.com, (2015). WebCrawler Web Search. [online] Available at: http://system.webcrawler.com/‎ [Accessed 21 Mar. 2015]. Traplana.com, (2015). Easy trip planner - Traplana.com. [online] Available at: http://www.traplana.com/insecurity+issues‎ [Accessed 21 Mar. 2015]. Tripathi, V. (2015). COMPUTER INSECURITY. [online] Cyberlawsindia.net. Available at: http://www.cyberlawsindia.net/computer-insecurity.html [Accessed 21 Mar. 2015]. Webcrawler.com, (2015). WebCrawler Web Search. [online] Available at: http://www.webcrawler.com [Accessed 21 Mar. 2015]. Read More