Transcorp Company System Security - Case Study Example

Name………………………………………………………………xxxxxx Tutor………………………………………………………………. xxxxx Institution……………………………………………………………xxxxx Title………………………………………………….Systems Security Course………………………………………………………………..xxxxx @2010 Systems security-Option 2 Introduction Transcorp Company, a transport company uses the break-in security in the management of its systems for security purposes. This type of security uses passwords to systems and files as well as locking systems in offices together with managing modem dial-in. To improve the employees and clients access to the information, Transcorp Company has decided to upgrade its LAN using a previously developed implementation plan. During the process of changing the equipments and the installation of new operating systems, some workstations will be used for Microsoft Office applications and others will be used infuture for graphics and web design applications as the company attempts to expand its E-commerce funtionality. The following scenarios will be integrated in the implementation process. Scenario 1 Personal information for the company is stored within the HR section relating to the company employees. This information will have to be protected under privacy legislation. Privacy is a very important aspect in systems security and all information should be held with much integrity, authenticity and confidentiality. Personal information includes passwords, credit card numbers aqnd bank account numbers (Frenzel, 1999). Transcorp Company has decided to upgrade its LAN so that all employees will be able to access the Internet and email on the upgraded LAN and this means that the company will be doing everything online and these calls for the need to secure the personal data by putting stringent procedures and policies into place. Personal data in the company need to be protected from online fraud and theft (Frenzel, 1999). The IT support team will see to the implemetation of the following measures or steps in the process of implementing personal security in the organization: i. Develop a security policy- The IT support team shall establish information security policies and practices with the aim of ensuring uninterrrupted security of the personal information in the company. The security plan or policy should address all areas of the companys operation, it should be appropriate to the size, activities and complexity of the consumer information handled by the company. The team shall ensure that the employee understand the security policy, sign agreements with the employees, develop a data recovery plan incase of a natural disaster and ensure that all practices and policies are reviewed continually to enhance security in the company. ii. Train the management and supervise for security- the IT support team shall insitute training to the management and the designated security team. All the employees with access to the information will be trained and supervised. The team will ensure that the company has a full time and designated team, which will develop and implement security in the organization. It will also ensure that the required resources to enhance security in the company are provided. The team will also ensure that a security audit is conducted once a year, security policies are revied periodically, passwords are changed everytime an employee leaves the organization. These policies should be accompanied by a penalty incase of a breach of security and should be known by all the employee and management as well. iii. The available or current technology will then be used to protect personal data- a technological wall to contain personal information shall be constructed and tests should be run to ensure that the system is working. That is the team should define the companys security needs, use the technology that meets the defined needs, use the latest and upadated antivirus, have a backup system so as to ensure an uninterrupted continuity of information and have a system of shredding all paper and electronic data before dumping in a move to enhance security. iv. Make a move to inform all Business Partners and Data Suppliers on their responsibilities towards meeting security specifications- transfer of any personal data for the company without informing the business partners should not be permitted. This will act as a move enhancing security standards in the company. All potential partners for the company shall be informed of their data security responsibilities and security practices to enhance security in the company. Scenario 2 The existing passwords in the companys systems have remained unchanged for two years. During the period of two years, employees have been leaving the organization by either retirement or resignation and it quite possible that some level of hacking or data security had taken place. To begin with, the IT support team should change all existing passwords for the company computer system (Frenzel, 1999). Since these employees have had the company passwords, it is possible that they will crack the new passwords. In the process of installing a new operating system, a back up should be used to create a secondary storage for all the company information. The main aim of this is to prevent total lose of data in case cracking takes place. To enhance security in the company, a strategy to change passwords every 90 days or in a period of three months or every time an employee leaves the organization will be implemented to limit or to minimize the ability of hackers having access to the functioning password (Frenzel, 1999). The systems passwords should be changed as part of the implementation process. Control panel will then be used to change passwords where the ‘passwd’ command performs the trick. During the password change, the computer users should ensure that no one is watching them when they type both the old and the new passwords. If possible, the password shall be changed over a secure connection like a secure shell (SSH). As part of the implementation process, the administrators and managers of Transcorp Company shall enhance security in their networks by setting a strong passowrd policy, which shall be built into the organizations policies. The role of the managers will be to remind the computer users on the need to change passowrds regularly in the move to minimizing hacking who may get their passowrds through online attacks and social engineering. Any new user in the company will be trained on good password ethics, practices, and the need to change passwords regularly. Transcorps Company password policy will then be intergrated into the company’s security policy and all the company members should abide by the policies. Similarly, the administrators of the company systems shall implement a safeguard, which will ensure that all users of the system are using strong passwords. The administartors shall set expiry dates of passwords on all systems of the organization, it shall also keep a password history to avoid reuse and ensure that all accounts are locked after 3-5 unsuccessful password attempts. Scenario 3 Viruses have corrupted the email servers. Virus corruption can be very detrimental to the companys informations system as it may lead to crushing of the system. Computer viruses are internal threats to the company. In the implementation process, an anti virus software will be run into the system (Frenzel, 1999). The anti virus to be used will be the latest in the market and upon installation in the computer system, it will scan all files, hard drives and any detected virus will be deleted. Updating the system using the latest anti virus in the market will reduce nasty viruses, which might be detrimental to the whole system. After all the viruses in the mail servers have been got rid of, the IT support team shall educate the company employees about viruses, how to update the anti virus software and they will also be discouraged from opening any email attachment from unknown senders since it is virus vulnerable. After that, the latest antivirus software should be permanently installed in each server, as it will ensure that all virus updates are periodically send to all client systems. The IT support team will also install an exchange server recovery or Visual Recovery for Exchange Server, which are types of exchange servers, and will be responsible for data recovery and especially for corrupted Microsoft® Exchange Server email database (Frenzel, 1999). This program will be used on healthy databases like EDD to PST conversion tool and it will have supported exchange sever versions like 2007, 2003, 2003 SPI, 2003 SP2, 2000 and 5.5 depending on availability and window type. The IT support team will also install an exchanger server for recovering email clients. They will choose between recovery for outlook and undelete for outlook depending on efficiency and windows type. This recovery for exchange server and email clients will be advantageous to the company due to their features, which include: The ability to recover folders, file attachments and messages The ability to recover email address from Active Directory storage Ability to recover creation dates for all objects Ability to recover contacts, notes, appointments and tasks It is capable of supporting Microsoft® Exchange server like 2003, 2007, 2003 SP2, 2003 SP1 and 5.5 It has full uninstall/install support It has the ability to recover password-protected files Undelete for outlook does not delete contacts, notes, messages, folders, file attachments and tasks Upon installation of the exchange server recovery, the company will be certain that it will not be prone to losing its information incase the system crushes (Frenzel, 1999). This software will increase information security in the company since no information will be lost incase of corruption of email servers. Systems failures may result to a total lose of data. To avoid this, the above exchange server recovery should be accompanied by back ups like diskettes and flash disks. Back ups will ease recovery of data incase the exchange server fails to work accordingly. Scenario 4 Employees who are no longer working with the company still have an existing logon and password and could log on to the system. If these former employees have a logon into the company system, hacking may take place and it will be possible for them to configure the information system to their favour. Displeased employees from Transcorp Company might have used their passwords to damage the company’s data, financial standing or even reliability (Frenzel, 1999). These former employees may have destroyed the hardware, entered data incorrectly, changed data, changed passwords or even deleted useful information to the company from the systems. The first thing the team will do is to delete all the existing logons for the employees who are no longer part of the company together with the deactivation and deleting of their accounts so that they may not have any access to the companys information system. In the process of changing the equipments and the installation of new operating systems, the following steps should be implemented to prevent hacking from former employees: i. Firewall implementation- This will act as a barrier and it will keep hackers out of the computer networks. The firewalls act as an intercept between the network traffic and the hackers and it denies access to any unauthorized access. ii. Corporate security policy development- the IT support teams will establish a corporate security policy with detailed information on the better practices to secure the network. Each employee of the company will choose a convinient password for himself or herself. This policy will ensure that all the passwords are changed in a period of 90 days to minimize hacking. If any employee leaves the company as in this case, their usernames and passowrds should be deleted immediately hence making them incapable of accessing the companys information system. Deleting the employee’s usernames and passwords will make them incapable of accessing the companys information without authorization. iii. Conducting a vulnerability test- the IT support team will begin a vulnerability test, which will be conducted twice a year with the aim of evaluating the security of the systems. This test will also be aimed at determining any hacking or flaws. iv. Keeping an up to date operating system- avoiding hacking and cracking was one of the main reasons behind upgrade of LAN in Transcorp Company. Upgrading an operating system involves the installation of the latest versions of software, which are free over the web. Maintaining the latest software in Transcorp Company will enable it to keep off hackers and especially its former employees. Therefore, the move by Transcorp Company to upgrade its operating system will see to the reduction of hacking by former employees. v. Design a network security- it should comprise of components like network attack recovery, network attack detection, network attack prevention and network attack isolation. This will enable the organization to detect any external threat from its former employees who might be out for ill motives. References Turban, et.al, (2000). Electronic Commerce. Prentice-Hall, Ins: New Jersey. Pages 341-379 Frenzel, C. (1999). Management of Information Technology. International Thomson Publishing. Canada Read More