Risk assessment
With the continued attacks and potential damage that can be found on the internet, there is a need to have risk assessment for ABC. This will help the company to be aware and put measures for the risks that the computer network might undergo. Risk assessment is establishing two capacities of the risk, the magnitude of the potential loss and the probability that the loss will happen. Risk assessment is a pace in the risk management process. A business has to have policies in position to classify and handle risks. At ABC, Inc., the design of the system network will affect security, auditing and disaster recovery. For this reason, therefore, a comprehensive analysis of the network design, security and disaster recovery will go a long way to militate against possible risks.
Assets
Before identifying the risks that are faced by the company, it is important to identify the assets that the company owns. ABC Company has many assets that need to be secured. Identification of the assets owned by the company is important in understanding the risks that such assets might face. ABC Company has both human and non-human assets. In the case of human resource, the company has employed more than 3,200 employees distributed all over the different countries that the company has operations. The company has also been experiencing consistent growth in the number of employees due to the fact that for the last six years there has been an increase in the market base as well as increasing need for efficient offering of services to clients. The various staff and human resource personnel working at ABC Company form the top notch of the management and, therefore, are some of the most important assets in terms of human resource.
Apart from human resource assets, physical and electronic assets are considered. These assets are also at risk in any organization. The same applies to ABC Company. Identification of the same is therefore very important. Computers form the bulk of the physical and electronic assets that the company has. In every task done in the organization computers are mostly used in the same. Therefore, the importance of the same cannot be overlooked. Since the company has different branches located in different locations, there is need for a network. ABC Company, therefore, has an established network with different network resources. Some of these resources include switches, mainframes, routers, servers and data centers. These are majorly ICT electronic assets owned by the company. ICT assets are at a greater risk in the organization.
Having identified the physical electronic assets owned by the company, the big question that comes is identification of the assets that these physical assets store. The data store forms one of the most important locations that should be secured. The data store mostly store important data that are confidential in nature. The aim of having a data store, therefore, is to ensure that data confidentiality, availability and integrity are maintained at all times. Data is an important asset for ABC Company. Some of the data assets in consideration include the human resource data assets, financial data assets, budgetary and planning data assets, clients and customers data assets
Threats
Threats are found to exist within the organization. It is important to understand how to handle the threats in ABC Company. The threats that are found in the company include:
- Technology itself
There is a risk that the technology implemented in an organization might not meet the required operational and functional needs of ABC, Inc. Technology threats can be looked in terms of both the hardware and software components. Example of a case whereby such a scenario might occur is in cases where a new implemented network or a database or even a finance management system might not meet the organizational requirements. On the other hand, hardware devices might proof unreliable or slower than expected. These are some of the threats associated with technology itself that need to be considered when a threat mitigation plan is developed.
- Asset security threats
Reference to asset security may mean both physical equipment security as well as data security. Some of the threats which in relation to asset security at ABC, Inc. include:
Loss or damage of assets; this is a threat associated with system failing to do its functions such as network going down or loss of data such as financial or budgetary information. ABC, Inc. has numerous employees depending on the network to carry out their respective functions in different branches as well as in within the specified branches, failure of the network to support such services will result in a setback in meeting organizational targets as well as satisfying customer and shareholders. Damage of assets can be as a result of fires, floods or even viruses. Viruses can damage data assets by either corrupting them rendering the integrity of the same questionable, or by deleting all the data thus leading to denial of service.
Theft and robbery; this is another threat associated with organizational assets. Assets that are prone to the threat of theft include computer equipment and data and informational resources. Since the company enjoys a vast numbers of clients as well as employs many employees, it is with no doubt that there is a threat of any of the aforementioned people stealing any of the assets in the company.
Solutions and countermeasures
Mitigating information systems risk
These are bugs that are found in computer information systems because of neglecting holes that intruders can use. Errors in computer information systems can be avoided by having proper software designs and implementations that meets all the principles of software design. Software applications should be designed based on modularity to ensure that interdependency is minimized. This ensures that corruption on one module cannot expressively affect another module; on the other hand, open-close principle should be applied. Software entities such as classes and modules should be designed and implemented in a way that ensures that they should be open for extension but limited/closed for modification (Russell & Gangemi, 1991).
In the design process, there should have been need by the developers to develop proper assessment methods to evaluate the security level of the system before deployment. Application design assessment evaluates the security of an application or a module in an application putting into consideration the modularity and cohesion aspect of modules. As the code is developed, review has to be done to identify, prioritize and remedy security issues related to it. Penetration test is also done to establish the extent of cross-referencing in the code (Russell & Gangemi, 1991).
Finally, there should be an ongoing process of software life cycle review. In this process there should be an establishment of the baseline for software security within the organization and identify key security goals and objectives. Errors or vulnerabilities found in the system should be fixed well the instant it is discovered (Russell & Gangemi, 1991).
System monitoring strategy
There is a need for the company to implement a monitoring strategy that will ensure that the network and the information are safe. One of the strategies that can be implemented by the company is to install network system software that will be used to monitor the network. I would recommend Naggios Network monitoring system. The IT staff can search on other systems that can be installed in the network.
Another strategy would be to have the network administrator continuously monitor the network. The company should have staff that continuously monitors network access points as well as traffic behavior, without such monitoring, the effect could be devastating especially if realization of the same is too late.
Intrusion Detection System
Intrusion Detection is a new mechanism of instilling security in organizations’ networks. Application of this technique assists IT security manager to gather and utilize information resulting from recognized attacks and check if someone is attempting to break into your network or specific work station. For a case whereby you want to detect external intrusion with single router at hand, you may consider placing the IDS inside the router to the internet or a firewall. For multiple outlets to internet, you may consider placing the IDS ate every point of entry. However, for detecting internal intrusion, the IDS may be placed at every segment of the network. For ABC Company, the IDS system will be placed in every entry point. This will monitor incoming and outgoing traffic.
Monitoring systems
Network monitoring systems are internal systems that are used to monitor computer networks for problems. It optimizes performance. There are different methodologies that are available to monitor a system. One of the methodologies is vulnerability assessment. This is where the various vulnerabilities are checked and monitored for intrusion. Another category is packet sniffing. Packet sniffing is the process of inspecting every packet that passes through the network. This can be used to check any unauthorized network monitoring tool that has been installed. Another methodology is firewall monitoring. This is the process of scanning incoming and outgoing traffic in a network (Stallings, 2007).
System audit strategy
The system audit that I recommend would be one that targets the performance of information technology in relation to alignment with the business strategy. The audit strategy should also be in tandem with the organization structure of ABC, the IT infrastructure and the security of the IT in the company. There will then be recommendations for improvements for the mentioned areas.
Logging technique recommendation
When investigating a network, there are elements that are usually sought so that it helps in the process of security analysis and investigation. Logging will give some details that can be useful in the investigation process. Logging will give detailed information about the access or attempts to access any network resources. The changes which have been made to the different network resources will be checked and realized in network logging. The logging and monitoring can give evidence regarding any illegal attempt to gain access to a network.
One recommendation for logging in ABC Company would be the use of honeypots and sandboxing. Honeypots and sandboxing are crucial techniques in undertaking gathering of important security information. In production, honeypots are use to detect, prevent and respond to attacks.
Information assurance
Information assurance is the process where information systems that are used in a given organization are protected. The information systems are protected so that they maintain integrity, availability, nonrepudiation, authentication, and confidentiality. Information assurance is essentially protecting information through the five fields that have been mentioned. Availability is a feature where information should be available for use when needed by the users. Integrity is a feature where information should remain the way they were and should not be scathed. Authentication is the process of ensuring that users remain who they really are. Confidentiality is the process where the authorized users of information are only authorized to access. Nonrepudiation is the process of ensuring that those who completed an action will be responsible for that action. They will not deny having done something (Schneier, 2000).
Symmetric and asymmetric keys
Symmetric keys are Asymmetric encryption is an encryption that uses a pair of the key to encrypt and decrypt a text to ensure security. Symmetric key makes use of two keys, one private and another public while asymmetric key uses only one public key both for encryption and decryption.
Public Key Infrastructure
PKI is the system through which the digital signatures are allocated to individuals, to enhance secure communication over a network prone to the public. This is in a bid to ensure confidentiality and security of the data and information shared across this network. PKI does not only create and distribute the digital signatures; it also stores them as entities for use when required. This is to ensure accountability of the owners of the digital signatures, just like the handwritten signatures.
There are a number of components that together make up a public key infrastructure. There is the certificate authority responsible for issuance and verification of the certificates, the registration authority for authentication of the CA users, a central storage for the entities, a management system that keeps track of the certificates and also a set of policies and standards that govern the use of the entire public key cryptography system.
Hashing
Hashing is a technique for securing information from unauthorized access. This is different from encryption. Hashing involves summarizing text into some of fingerprint and it cannot be decrypted. With this technology, it is difficult to know which text was summarized. Facebook is one organization that makes use of this technology. It summarizes the emails and other contact information that users have given.
Encryption algorithms
There are different types of encryption algorithms. One of the algorithms is RSA. This algorithm ensures that there is confidentiality of data transmitted in the internet through the implementation of SSL. Since this algorithm is very slow it is not used to encrypt the entire message but to establish a secure connection with the server. RSA is an algorithm that encrypts data which travels across different medium. The text or other form of data encrypted may be travelling client to server or person to person. There are several parts in the algorithm where each part has a distinct function within the algorithm (Russell, & Gangemi, 1991).
RSA algorithm uses the prime number concept to encrypt. This algorithm is very simple and many think it is easy to break the public key and the public exponent easily. The first component of the RSA is the prime computation where P and Q are used in the computation. This is where the public key is generated. The second component is the RSA problem which is concerned with encryption of the message. RSA uses Me mod N= C formula to encrypt text where M is plaintext, E is the public exponent, N is the public key and C is the cipher text. RSA encryption is implemented on the internet especially in the e-commerce which requires secure communication. Banks, military and government sites uses SSL/TLS(secure Sockets Layer/Transport Layer Security) which the certificates. The certificates are generated using RSA libraries on the web server (White, 2003).
Another algorithm is Advanced Encyrption Standard (AES) algorithm. AES algorithm has the capabilities of using cryptographic key of 128, 193, 256 bit to encrypt and decrypt data blocks of 128 bits. The data feed into the system for encryption is sometimes referred to as blocks. The Rijndael algorithm is normally referred to as AES algorithm. The operations are performed by two –dimensional array of bytes called State (Williams, 2007).
Blowfish algorithm
This is an algorithm which was designed for the encryption of data with 32-bits on the microprocessor.
Comparison
There are differences that are found between the algorithms. One significant difference is that AES has variable length of block and variable key length. Whereas Blowfish uses 32-bits to undertake encryption, AES and RSA use 128-256 lengths of encryption. Blowfish algorithm is also fast (Bartol, & Givans, 2001).
Tunneling
This is a technology where one network is allowed to send its data using another network connection. Tunneling is used to reduce costs of setting up a network. Another advantage of using tunneling is that the security of the bigger network will be utilized in the transmission process.
Data redundancy strategy
The redundancy strategy that I would recommend for ABC Company would be to use 4-Drive NAS. There would be a need to set up two units that would be used for storing the redundant data. One of the NAS units would be used to store primary system. There will then be the setting up of the primary system to backup the data over the other unit after some time.
Data recovery plan
There is a need to have a data recovery plan. This will aid in getting data when there is a disaster. One of the strategies that can be used in this process would be to use an off-site data center. The data will be stored in eth remote locations. The significance of backup and restoration are vital; there will be located off-site plus on-site. The branch offices must back up their data to corporate headquarters after performing a local backup, the corporate office information will be backed up at other branch offices.
The data in the off-site locations will be accessed by setting up a continuity system where data in the offsite location will be accessed when there is damage of the primary data. The data in the remote locations will be updated periodically.
References
Reference
Bartol, N., & Givans, N. (2001). Measuring the goodnessof security. 2nd International Syatems Security Engineering Association (ISSEA), (pp. 118-127).
Russell, D., & Gangemi, G. T. (1991). Computer Security Basics. Sebastopol CA: O'Reilly.
Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. New York NY: : John Wiley and Sons. Inc.
Stallings, W. (2007). Data and computer communications. . New York NY: Prentice hall.
White, G. (2003). Security + in information systems. Emeryville, CA: McGraw-Hill/Osborne .
Williams, G. (2007). Online business security systems. . London: university of East London.