Introduction
Hake is a financial services provider that offers homebuyers mortgage options which are considered to be cheap. It is a privately owned company managed by its founder and CEO, Alan Hake. The focus of this enterprise is to allow consumers to get access to home loans at a low interest rate. These goals can be achieved with the design, development, and implementation of an efficient computer network with the intention of controlling expense by keeping labor costs low. The company’s system will need to meet tight security guidelines. The security and privacy of the consumers’ personal information will be at the center of the system’s design. The system should be able to maintain the integrity of the data while allowing the appropriate access to brokers and customers. The network must be expandable as the Hake’s company continues to grow. The online mortgage application process should have fast, easy and user-friendly instructions for the convenience of the customers. The response for the loans will be sent electronically as a way to keep the customers updated on the status of their application. The system will allow for a home office in Boise, Idaho and seven other offices located in the Northwestern United Sates. All locations will have the ability to communicate instantaneously with the home office with multi-media. For example, teleconference, email, fax, text, and internet video conferencing will ensure secure lines and immediate responses for all customers and employees. Each office will also be its own Local Area Network (LAN) that offers peer-to-peer transfer of files and information. The company is doing very well and its turnover per year is across DH 10 million with DH 35 per market share. The company is expanding and has forecast more revenue in the coming years, therefore; the main concern is protecting its asset and data. The company has allocated a budget of DH 3 million to upgrade all of its IT facilities including Hardware, Software, Workstations, Network Facilities, IPS, Data Center, Servers, and Backup system, Wireless Networking, Physical and Logical Security. Another budget of DH 2 million is allocated to hire new staff in the company which includes, administration and IT services. The figure below illustrates the network diagram.
Figure 1: Network Diagram
Project Current status
The company is considering an upgrade of its operating system to the new windows 8 and Windows 2012 server. It also intends to install Windows Domain controller that will allow the implementation of the group policy that was initially absent. The absence of this security policy is a major source of risk.
Secondly, there is no user access policy in the organization. Hakes lack an elaborate authentication policy. The users of the systems do not use strong password policy hence exposing the company to immense security risks. Additionally, remote users do not have remote access to the data in the company hence they are forced to physically visit the company to deliver data and information or submit it through the file server.
The company needs to authenticate users of wireless devices such as laptops and mobile phones who often remotely use the organization resources. Using the group policy, X.509, PKI and IPsec the company can push for the authentication of remote users.
Other activities in the company that need to be changed for improved security include:
- Implementation of a biometric system that will control access and departure of employees from the Hakes building.
- Backup and recovery strategies that will ensure there is back up of data on the servers and ensure availability of data and continuity of services in case of any interruption.
The company faces a number security threats to its resources, information and data. Some of the potential threats include:
The company uses emails as a primary mode of communication and for processing of client orders. This poses a major threat to confidentiality and information security should there be a compromise.
There is a poor backup and recovery strategy that could result in great damage should there is any eventuality. Additionally, users in the workstations are not sufficiently protected against hacking and virus attacks that could result to loss of data and information.
The database and servers are directly connected and can result in substantial damage if they are compromised. The WAN links are also unreliable hence compromising remote access, communication and transaction via the internet.
Security Governance
Although we will talk about security governance in our project, there are many organizations that do not understand all the things that are involved with both security and governance and also they are not aware of the relationship between these two concepts which means that for Hake Company it is not enough to just implement some security policies or concentrate on securing their network only. The right way to do this is for the Hake Company to integrate security within business processes; this can be done by having a strong security program which can help the company to map all its business functions with their policies or legal requirements and then establish a threat assessment according to them. The following points provide an approach in which a governance process can be prepared within Hake Company. So when talking about security governance in general what we mean by that is when a company takes plan of actions to reduce risk of their information being leaked or accessed by unauthorized people as well as the development of their policies so they can prevent this. The enterprise security governance is used to determine how different stakeholders within an organization should cooperate within an organization. This development will be used build an assurance of digital security protection. This process will ensure that there is minimal data loss and ensure that the integrity of the data is achieved.
The purpose of security governance is to mitigate risk by managing IT security of the company as well as supporting its goals and objectives. This means that the activities regarding security governance conducted in the company will be consistent with its rules and policies.
As we mentioned above, security governance helps establish a threat assessment which in turn helps in the development of the security governance as an on-going process that includes:-
- Risk analysis
- Threat analysis
- Vulnerability tests
Because Hake Company does not have enough employees that are skilled in security they are taking different routes of actions in securing their systems. Seeing that the most of Hake’s Company assets are its data which lies in the data center services because it contains valuable information about their customers and the company itself which means that it is highly important to secure these assets. For this reason, the company has allocated 3 million DHS to upgrade all IT facilities including software, hardware, network facilities, workstations, data center, IPS, backup systems, servers, wireless networking, and physical and logical security. In addition to these upgrades, the Company has also allocated 2 million DHS budget for the hiring of new staff members that are specialized and have skills in administration and IT services.
Governance Process Overview
Everything starts and ends with a process this also includes Security Governance. As mentioned above security governance starts with implementing policies and ends with reducing risk of damage to the company’s data and valuable assets. In other words a process is the activities (steps) that happen between this starting and ending points.
These activities include for example:-
- Creating physical barriers.
- Implementing intrusion detection systems.
In our case, Hake Company installed licensed products and applications of Microsoft:-
- Print servers
- Exchange servers
In addition to these products the company also wants to upgrade and implement the following for the purpose of eliminating vulnerabilities:-
- Replace Windows Domain Controllers by Windows Server 2012. (vulnerability issue)
- Upgrade workstations to Windows 8 Professional (to implement group policy)
- Setup secure VPN for remote servers (prevent unauthorized access)
Furthermore as we already mentioned, because governance is considered an important part of Enterprise Security Architecture it is crucial for Hake Company to make sure that everybody in the company knows their responsibility and what they need to do and also which resources are available for them to use and which are not. For Hake Company to do this they should create a policy framework which will link their governance with their security technology architecture as well as the company’s security operations which should also include their own set of policies.
Governance Process Roles
Some of the people in the company may have shared roles between technology architecture, operations, and governance; for this reason it is important for the management of Hake Company to not focus on governance and profit only, instead their roles should be understanding that information security is critical to the company and demand to be updated regularly on security performance and breaches in the company as well as classifying the company’s data and they also have a responsibility for managing the risks. Thus it is important for the CIO to establish a risk assessment committee and assign them the role of conducting regular reviews of the enterprise information security and mitigating Hake Company’s risks. Likewise the CIO should also establish an audit committee with the purpose of confirming that internal and external audits of the security program are conducted and reported annually. The role of the data security officer is to protect the Hake Company’s data by following the company’s established regulations and rules. On the other hand the role of the technical architects is to develop enterprise architecture for Hake Company and then implement it. On top of this the role of the technicians is to apply the standards and procedures to each operational area in the Hake Company. Finally every employee is held accountable for complying with security policies and procedures. This includes reporting any malicious security breaches, intentional compromises, or suspected internal violations of policies and procedures.
Governance Model Policy Framework
As we discussed in the above sections, the main goal of security governance is developing dynamic and strong security governance processes which can be implemented on the whole company. So the question now is how to develop proper security governance for the organization. The best way to do this is to relay on guidelines that are established by CERT. The one drawback of these guidelines is that they are sometimes unclear in some points so most of the companies will not know where to start. So for this reason it is important for Hake Company to follow these steps:-
Identifying basic assumptions, technical principles and principle templates:
In this step if Hake Company does not have a clear outline of their goals regarding security they should establish these goals as fast as possible because this will help them identify and understand the needs of establishing a security governance framework and whether or not they should implement it within the whole organization. Hake Company should expect full cooperation from all its employees as well as it is expected from Hake Company to ensure this cooperation and monitor the process. The most important thing the organization should focus on for the success of their security governance is to motivate and make sure that employees who are responsible for different aspects of information are held accountable for them by adjusting their job description, training them and involve them in objectives as well as strategy development, etc.
There are generally two areas that a company looks at for implementing a framework; the first one is technical computer security. The second area is that of the non-technical security management. There are different areas that the security tenets are known to focus. The cyber attacks and threats fall under the technical area. Non-technical issues include the factors like security of buildings and the physical environment or users who are not authorized.
The three main technical practices for the computer security are:-
- Strategy and Metrics
- Compliance and Policy
- Training
Other security practices mainly include non-technical practices.
Strategy and Metrics – Includes:-
- Planning
- Identifying software security goals
- Assigning roles and responsibilities
- Determine budget.
Two main goals of strategy and metrics are:-
- Transparency of Expectations
- Accountability for Results
The Hake Company should be clear about its expectations so that the employees are aware of the importance of these practices. Moreover, objectives should be set for stakeholders or a specific person by the management so they can hold them accountable in case if they meet the company’s objectives or not. Another approach for Hake Company to take is to inform all its departments to direct and record the efforts of the employees in meeting the company’s goals and objectives to determine which department has the least effort and then try and increase it accordingly.
Compliance and Policy – Includes:-
- Identifying controls and compliance systems (HIPAA and PCI DSS)
- Developing contractual controls (Service Level Agreements)
- Support the control of security risk
- Auditing against the policy
- Setting organizational policy for software security.
The two main goals of compliance and policy are:-
- Auditability
- Prescriptive guidance for all stakeholders
Training – includes:-
- Spreading awareness by conducting a training program
- Work with management to meet training needs
- Educate employees by training them in proper password usage, data backup and proper antivirus protection
Two main goals of training are:
Authorize security policy, asset control, communication management and system maintenance:
As we mentioned previously some roles in the security governance are shared or linked to technology architecture and security operations of the Hake Company; this connection is established by the Governance framework. Nowadays, any company’s success depends on the level of the security that this company is using to protect its information that is why many companies want to map their security governance, security operations and technical architecture by referring to open standards in creating an appropriate framework for the purpose of linking these three functions to their security. The result of establishing a connection between security governance, security operations and technical architecture is that the risk between them will be shared which means that the company must now deal with more vulnerability to the business’s information than before. So to protect the company from these threats and vulnerabilities Hake Company should implement several security policies as well as implement a security framework that identifies risks and provide ways to deal with so that the flow of information within and outside the company will be secure.
While it is true that Hake Company currently suffers from threats such as DDOS, Malware and Trojans because of un-trained employees in addition to the lack of resources. So to solve this, any training program conducted by the Hake Company should focus on developing the technical skills of the employees and present them with actual errors in the company so that they can monitor their progress and at the same time come up with a solution to fix these errors.
Implement user access management, user responsibilities and application access control:
In case of non-technical skills, the company should train employees on how to report any suspected incidents or violations of security policy as well as inform them on how to follow rules established to avoid social engineering attacks to the company which will at the same time secure the building from unauthorized people by training non-technical employees on how to observe the CCTV cameras; other techniques can be used to ensure the security of the building such as fingerprints and card readers as well as train employees to supervise and monitor them in case someone tries to bypass these systems.
Defense by Design:
In the Hake Company even if most of the organization is designed to stop physical intrusion there are tools that enable electronic surveillance for example: metal shielding, which can be used for stealing company’s data and eavesdropping on their meetings where confidential information may be shared. So security by design means that the company’s software and applications including electronic devices are designed from the start to handle malicious activities and minimize them to an acceptable level as soon as vulnerability is detected and exploited. The defense by design’s most important advantage is that it improves the likelihoods that any flaws within the company will be found sooner.
Risk Management:
We mentioned earlier that creating security governance will help the company to establish Risk analysis and assessment. The risk analysis and assessment are part of the company’s risk management that helps in determining the business assets that need to be protected and the related threats to those assets. The risk management of Hake Company should take into consideration which method they are going to use in building methodologies within the company and how this will help them reduce or mitigate the risk as well as the issues that they will likely face.
The first issue is that Hake Company did not implement any kind of group policy which means that it is a sure thing that they will experience or are already experiencing a number of vulnerabilities. Secondly, there is no password policy in the company which means that users might have weak and easily hack able passwords so this way it will be easier to attack the company’s data. Third, mobile users can access the company’s network remotely which is insecure because this way an unauthorized person can easily gain access to the company’s information. Aside from not having backup systems for their data Hake Company also does not have a digital security system that could monitor access-restricted areas of the organization although there are security persons present. There is a risky situation in this scenario where the building is seen to be a large and the inability of the security guards to watch over all the human resources working in the building.
There are many things that are required of organizations in order to take risks. One of the steps that are required is to put measures in place and invest in security and governance of the infrastructure. One of the steps that Hake Company would like to implement is the installation of group policies and upgrades the domain controllers to Windows Server 2012. In addition to this step, Hake intends to upgrade all operating systems of desktop computers to Windows 8 Professional Edition. The issue of unauthorized access for remote users is being handled by the setting up of secure VPN. This connection will ensure that there is authentication of all users who will want to access the corporate connection from remote locations. Another step that is worth mentioning is the fact that of installation of a Web Certificate server. The certificate server will issue web browsing certificates and desktop certificates. This is an important process that is being seen to be taking place and will ensure that there is proper stand that will ensure proper installation of security while browsing the internet. The whole building will be secured through the installation of security systems which will include biometrics system. With this installation, there will be management of time scheduling of staff members and also management of security aspects of the company.
Defense in depth, Resilience and Integrity:
Hake Company is seeking to ensure control of risks through defense in depth. This process of having in-depth strategy is to ensure that there are many layers of security that have been put in place. This strategy is being followed by organization in laying out strategies to have secure systems in place. One example is the use of Microsoft Exchange Server in the mail management within the company. There is a need to ensure that there is relay system that will be used to put in place the security of the mails exchanged in the company. What the relay system does is t check the emails that are received whether they have infections of viruses. There is also the help with the use of anti-viruses. HTTPs is also another strategy that has been put in place to ensure that there are secure emails and messages that come and go out of the organization.
Governance Principle ITEC N425
IT governance is a new phenomenon to the management and decision makers in the company. Security governance entails controls such as authority, reporting structure, oversight and the method of policy enforcement. It is essentially the mechanisms and strategies with which the top management of the organization chooses to run the information technology department and information security management. Security governance is anchored on the concept of authenticity, integrity, confidentiality, availability and non-repudiation.
Discuss Security by Design
Security by design creates a creative, holistic accountable, interdisciplinary and robust resource security. The approach is based on a seven factor principle that should be employed in developing security controls in the company. Its approaches are proactive rather than reactive and use default configurations such as need-to-know, least trust, positive sum, mandatory access controls, end-to-end security, embedded system security, transparency, positive sum and visibility.
Perform Risk Management
It is important to have proactive strategies and approaches in risk management. Proactive strategies help to mitigate the risks before they happen. This can be achieved by deploying VPN architecture for remote access, patching computer resources, upgrading work stations and servers, deploying protection programs(anti-virus, anti-malware) on time and deploying security policies in time.
Identify Risks
Hake faces logical, infrastructural and operational risks. The ISO/IEC 27002:2005 recommends that an examination of the organization structure, security policies, access control, communication and operation management, Information system acquisition, physical and environmental security and physical maintenance should be done during the security assessment.
Reduce Risk to an acceptable level
The principles guiding the process of risk reduction to acceptable levels include
What can be done to eliminate the cause of risk and;
What can be done to manage the risk in case it occurs?
Identify and prevent common errors and vulnerabilities
Common errors and vulnerabilities such as Low WAN bandwidth among others should be identified and corrected immediately.
Ensure cost effective risk management
Cost effective risk management is achieved by ensuring that risk determination and management is maintained at a reasonably low level without overcharging or undercharging.
Defense in depth
Defense in-depth means the building up, layering and overlapping of security controls including administrative controls, logical controls and physical controls. The controls are important in the protection of information from creation, processing, transfer, use and disposal.
Resilience
This is an important step that will ensure that there are secure systems and information processes within the confines of the company. The process of developing resilience systems is used to ensure that there is protection of the organization from attacks that are considered to be dedicated. Resilient systems will autocorrect themselves or will auto-transfer operations to another place of operation. This is an important development. Hake systems are considered to be lacking resilience and there is a need to ensure that there is a resilient system. This will help the company to come out from a dedicated attack in the network. There is also the lack of a backup system which will be used to backup data. This is an important development that should be integrated in the company.
Integrity
Integrity is a concept that means information accuracy and authenticity is maintained since it cannot be altered without alteration. Some of the techniques that are used to ensure integrity include web server security, use of anti-virus programs and user access controls.
Security technology architecture
Identity Management Architecture
Identity management architecture comprises a set of processes assembled to enable users to have access to an array of resources and to manage their identity and information. It seeks to formulate frameworks that are crucial for managing digital identities common to computing devices, services and applications, networks, people, services and applications.
Identity Management Logical Architecture
Logical identity management is comprised of two operation areas: provisioning and presentation. The application layer provides an interface that avails the publicly available functions.
P3P policy is used to describe the company’s web policies. Technologies that are used to keep privacy apply policy to authenticate access privileges to the systems.
Figure 2: Identity Management Logical diagram
Identity Management Security Services
They include services such as multi-factor authentication, federated services, provisioned services and directories. Services are secured through authentication controls and auditing to ascertain that all privileges are utilized as required.
Identity Management Physical Architecture
Identity physical management architecture outlines the practices used by users for privacy. There is a need to have these measures in place to ensure that there is proper gate-pass management system. Some of the steps that should be put in place by Hake Company include biometrics systems, and the use of gate-pass for users. Some special places within the company, like server room, should be secured so that only authorized personnel can access these areas. This will ensure that there is protection of areas that are likely to be attacked.
Border Protection Architecture
Border Protection Conceptual Architecture
The border protection architecture revolves around key entities such as users and information. These entities are important and critical for the organization. The architecture maps relationships between the attributes that define users and the organization. The architecture concentrates on the identity and the information that is related to the entities. The conceptual architecture protection for instance. This architecture maps a relationship between the attributes defining users and those defining the organization. The conceptual architecture concentrate on the identity and information related to the identities. The conceptual border protection, for instance, focus on security aspects such as passwords and user names and other details including Id number, station of work which greatly facilitate authentication.
Border Protection Logical Architecture
This architecture is about the logical controls involving the utilization of software to monitor and manage the access process of the computing systems and business applications within Hake Company. Some of the border protection logical architecture includes the use of access control mechanisms, access list control and methods that are considered to be logical in the process. With this measure that is put in place, there is the need to put least privilege mechanism. This is the mechanism where the privileges that will enable someone to work effectively will be put in place.
Border Protection Security Services
Border Protection Security Services is a result of all the controls that are deployed at the border points aimed at restricting unauthorized access. These include doors, physical locks, security cameras, fire suppression systems, firewalls DMZs and IDPs.
Other Security Services (ITEC N423)
Access Management
Access management involves the use of controls that are set starting from the operating system up to the application layer. A reliable and effective access management is the Microsoft group policy that is used in the system as protection tool in the form of a security policy.
Configuration Management
This is a subset of access management that involves the evaluation, coordination disapproval and approval of organization hardware, software and procedures. It also entails the implementation of the configuration changes to the hardware and software to control its operation. These configurations mostly affect the HTTP servers, web servers and database servers to determine the identity of the authorized users.
Access Control Services
It is the role of access control services to determine who gains access to particular resources. It is based on the operation levels. The application level entails the most complex security policy which determines the varied roles assigned to users. The next level builds on the middleware such as a database or transaction system, for instance, debits and credits application entries with the same figures. The third level is on middleware that uses resources that uses resources availed by the operating system. Finally, the operating system access controls rely on hardware features provided by the memory or processor and control which address is given to a certain process.
Authentication Services
These services are a combination of what is known by the user for authentication to the application layer functionalities. This is normally possible through the use of Active Directory/LDAP server and the use of basic user names and passwords.
Authorization Services
This is applicable to remote users with the intention to connect to the company resources through the VPN network. Client computers are installed with tailor made software or security policies that will provide the authorization.
Detection Services
These services are applicable to the network security. IDS, IDPS and sniper applications such as Wireshack are used.
Cryptography Services (ITECT N424)
Cryptography Algorithm Used on memory, files, folders, repositories, data streams
Cryptography is an information security technique where information is converted to an unusable form that is only usable to the recipient. This is possible with software such as PGP and GNUPG that are used to encrypt files and emails. In the wireless networks, encryption is done using WEP or WPA protocols. AES and WEP protocols are used in the wired networks.
Data hiding techniques
There is a need to ensure that there are data hiding techniques that are put in place. These techniques include digital watermarking, steganography, and hashing techniques. These are required in order to ensure that there is data hiding. One method that should be employed by Hake Company is KMS-One Way Function. This is the method where hashing keys are generated and given to the users who are allowed to access information. The use of digital watermarking will be applied in the company so that there is copyright protection. One area that this will be used is protection of trademarks and trade secrets of the company.
Web-based services protection mechanism
This aspect is where there is the planning of protection for services which are offered online. With the shift of businesses and organizations to offer businesses and services online, there is a need for Hake Company to have online processes protection. This will be offered through the use of DES encryption. This protection mechanism will be implemented through web servers, desktops and platforms that are used by software developers.
Digital Key Infrastructure and digital certificates
There is a need to have procedures and methods that will be used to provide digital keys. There are different methods that can be used in the process. One of the methods that is recommended for use is DSA. This method will be used to generate public-key signatures to organizations.
Biometrics
This is the automated process of identifying and authenticating users based on their physical behaviour and appearance. A designated characteristic or behaviour to be used by the user for verification is stored in the system this is referred to as enrolment. This could be voice or fingerprint. Verification is when the characteristic or behaviour is compared with designated template. They can fall into two categories physical and behavioural. The physical include finger prints, eye retina, and facial recognition, among others. Behavioural biometrics include signature, voice.
These biometrics verification are located at entry points to secure and unauthorised locations such as server rooms. Additionally, they are used for clocking in out of the work premises.
Security Operations
Security operations focus on the following:-
Asset Management
Asset management is an important process that needs to be taken into consideration. There are different strategies that need to be taken in place to protect the assets of Hake Company. There is a minimal measure that has been put in place to ensure that there is proper management of assets within the organization. There is a need to put measures in place to have ensured that assets of the company are protected. There are different categories of assets that can be implemented. One of the requirements that will be put in place is to ensure that the assets of an organization are known where they are place. Of great concern in asset management is the need to have information management put in place. This will ensure that there are measures that have been put in place to protect the information technology assets within the organization.
When developing an asset management strategy, important elements need to be considered. Some of the elements include inventory of the organization that is being protected. There is also the need to assess the ownership status and the value of the assets that are being protected. Another element is that there is a need to establish the rules of information and the assets that are required.
In the case of Hake Company, the departments make a record of the complete physical and informational inventory under their administration and send them to the main inventory management department. There is the assessment of the value of these inventories so that the rules are applied. After these steps have been put in place, there will be the implementation of security measures to protect these assets.
Compliance to security
There are measures that should be put in place to ensure that there us mastery for security issues and protection within an organization. There are four components that should be put in place to have these measures implemented. Some of the measures include auditing, certifications of systems, user role and involvement, and boundary defense. For Hake Company to achieve information security compliance, one of the steps that they will take is to ensure there is proper identification of the current vulnerabilities. After this identification, there is a need to have a priority list of the issues that will be taken in place to achieve security compliance. There is also a need to put in place a comprehensive security program in place. Hake Company should increase the budget for achievement of this security compliance process. Another step that will be taken by the company is to increase the workforce which will be used to achieve the process implementation of the needed security. Microsoft Programs should also be deployed so that there is better management of security compliance.
Security event management
Security event management is the collection of teams that uncover threats that are hidden in large chunk of data. This is achieved through the use of log management and assessment. The event logs are collected at various points and the analysis is done in singular locations. This makes the process of analysis simple to achieve. The points of collecting logs are located in different locations. This will enable event management systems to get information from users, servers, and systems. This is done in order to get better management of events. This is an important process that should be put in place.
Vulnerability Management
Vulnerability can be defined as the weakness of the assets and it can be used by attackers to penetrate the organization. Vulnerability management is the process in which risks and vulnerabilities in IT are evaluated. This process focuses on removing these vulnerabilities and risks or makes it as like that can be allowed to take place by the management of an organization.
Assessing and testing the architecture of corporate security infrastructure
There is a need to ensure that there is the inclusion of vulnerability testing for different cyber-attacks that are possible. There are different measures that can be put in place which include the purchasing of different security tools. Some of the tools and software include:
- Netsparker Community Edition: detect SQL injection and cross site scripting
- Brakeman: analyzes rails application code to find security issues.
- Nessus: discovering vulnerabilities in the organization.
- Flawfinder: Scan C/C++ codes to detect security flaws.
- CROSS: detect and fix critical flaws.
- Wireshark: troubleshooting and analysis.
However, employees should be trained for the software and tools that the organization is going to buy because without the proper training, those tools will be useless. In order to test security architecture of Hake Company, first there is a need of the information security team that could figure out the risks and other vulnerabilities and the organization should make up a plan to buy the right tools/software and train employees on how to use those tools.
Risk factors
There are risk factors that are associated with the security of the company There are many issues and factors that need to be integrated in the management of the enterprise architecture This is an important factor that needs to be taken in the paper One of the risk factors that need to be taken into consideration is breakdown of the network If this risk will occur it will affect the service delivery of the network and the departments which are involved This is an important development that needs to be taken into consideration Virus attacks on the computers on the network are another risk factor that will affect the operations of the network This is something
That should be taken into consideration. The computers should be prepared so that they are protected from virus attacks there is also the aspect of denial of service attack which might take place in the network this is a significant attack which will hinder the delivery of services within the network.
Recommendations
There are different strategies that should be put in place in order to ensure that there are security strategies that will help integrate the management systems and procedures. One of the recommendations for Hake Company is to have a backup server which can be used to store data for disaster recovery processes. This will enable the organization to retrieve data in case there are losses. Another strategy that should be put in place is to have management of storage devices. Staff members should not bring their own storage devices to work. This should be regulated and proper permission should be sought.