The agreement between Stronghold Securities and Mystery Hospice Care outlines the project's scope for calculating telecommunication upgrades, new network hardware and software upgrades, and executing security measures and programs for managers, network administrators, and security managers. To secure the integrity of the network, company interests, and peace of mind for current and future stakeholders, a security program will also be implemented. Currently, Mystery Hospice Care's network infrastructure relies on outdated technology that can easily be compromised by outside attackers or those within the organization. The security policy's components and a list of server controls will be briefly documented, along with an assessment of the client organization's operational security. The assessment has identified significant application security vulnerabilities that need addressing. There is no standard for security management.
In order to maintain consistent
...security controls throughout Mystery Hospice Care, it is recommended that existing security standards such as ISO 17799 be evaluated and modified for use within the company. Personnel should be informed and trained on the use of this standard and information systems and procedures should be audited to ensure compliance. There are several types of computer incidents which may require Incident Response Team activation, including breach of personal information, denial of service, excessive port scans, firewall breaches, and virus outbreaks. To address physical security vulnerabilities, a list has been compiled which includes vulnerabilities related to the building, security perimeter, and server rooms. The building group pertains to vulnerabilities within the office of Mystery Hospice Care. The security perimeter group includes vulnerabilities related to the exterior office windows, doors, alarm system and surrounding area. The server room group is specific to any rooms that contai
server equipment.
The building has vulnerabilities as several key doors are unlocked or can be forced open. This includes important doors within the interior office area, the utility room door with no lock, the modem pool room that is usually open and unlocked, and the system administrators office that is also usually unlocked and open. This poses a risk as valuable assets of Mystery Hospice Care can be stolen and/or destroyed with minimal effort from a determined attacker, thief, or disgruntled employee. It is recommended to replace current doors with stronger fire doors, replace existing door hardware with high security locks, and weld exterior hinge pins in place. To manage risks, a risk management plan should be periodically updated and expanded throughout the project life cycle or life of the company in order to identify and evaluate any potential risks. Stronghold Securities can assist in identifying risks and outlining mitigation actions.
The absence of an entryway access control system in a security perimeter can lead to vulnerabilities where unauthorized personnel can gain access without restriction. An effective system would require authorized personnel to enter a correct PIN number or use a unique access card to gain entry, with advanced systems providing log information. Without such a system, there are risks of unauthorized access and no records of personnel entries, making it impossible to disable access for specific individuals. To address this, available and suitable entryway access systems must be evaluated, appropriate procedures for assigning and removing access developed, and an appropriate system installed with assigned access rights. A documented Policies and Procedures for Mystery Hospice Care must also be in place, agreed upon by all
current and future employees in writing. Any policy violations will result in disciplinary actions. Current management personnel will conduct meetings to identify, analyze, plan, track, control, communicate, and address threats to the network infrastructure.The Server Controls Access Controls utilize user rights and authentications for network access. Access to Server Access is granted or concealed based on the logged-in user. Drive Encryption secures files even if drives are stolen or improperly discarded. If an intruder gains physical server access, Physical Security may be compromised, allowing machines to be removed. Anti-Virus Software with updated virus signatures prevents data corruption from new viruses. To prevent unnecessary software from existing on servers, it should only be used by company personnel for business purposes or deleted/disabled.
- Networking essays
- Telecommunication essays
- Network Topology essays
- Telecommunications essays
- Android essays
- Application Software essays
- Benchmark essays
- Computer Network essays
- Computer Programming essays
- Computer Security essays
- Computer Software essays
- Cryptography essays
- Data collection essays
- Data Mining essays
- Graphic Design essays
- Information Systems essays
- Internet essays
- Network Security essays
- Website essays
- World Wide Web essays
- Board Of Directors essays
- Brand Management essays
- Business Ethics essays
- Business Management essays
- Change Management essays
- Comparative Analysis essays
- Decision Making essays
- Dispute Resolution essays
- Knowledge Management essays
- Leadership essays
- Leadership and Management essays
- Manager essays
- Operations Management essays
- Performance Management essays
- Product Management essays
- Project Management essays
- Quality Management essays
- Risk essays
- Risk Management essays
- Scientific Management essays
- Stress Management essays
- supply chain management essays
- Time Management essays
- Total Quality Management essays
