Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Security Assessment and Recommendations
My Name
My Teacher
SE571 Principles of Information Security and Privacy
TOC o "1-3" h z u
AS Company Overview
Two Security Vulnerabilities
Software Vulnerability
Recommended Solutions
Telecommunications Closet Security Recommendation
Impact on Business Processes
Budget
Aircraft Solutions (AS) is a globally recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Their manufacturing plants are located in San Diego, California and a second, in Santa Ana, California. At present these plants' manufacturing systems are linked entirely over the public Internet, with firewalls protecting the headquarters systems in San Diego that have IT, Finance and Sales & marketing. Production in Chula Vista, California and Santa Ana, California are located behind the same firewall that protects headquarters. This configuration presents a myriad of security challenges for the company, with the most significant being exposure of their manufacturing planning data in their manufacturing resource planning (MRP) and enterprise resource planning (ERP) systems. SA has a second weakness of having no proxy server protection from incoming data across the public Internet. If a competitor or even a foreign nation was able to gain access to just one server, they could feasibly hack into the core MRP and ERP systems, penetrating both the AS Company Overview
The software and hardware aspects of the company's security strategies are highly ineffective today for protecting the assets critical for running a project-based business in the industries they compete in. All A&D manufacturers who compete in project-based manufacturing programs as does have MRP and ERP systems that seek to optimize materials, production instructions and costs. Today these systems are vulnerable to outside hacks and intrusion over the public Internet (just a firewall separates the core information AS is running their business on from the outside world). In addition, there is no fail-over firewall strategy in place at the hardware level, with...
Aircraft Solutions primarily relies on project-based manufacturing, with the DCNC (Direct Computer Numerical Control) machine data essential for completing individual projects. Without this data, the company will not be able to finish projects on time and get customers to pay them. The DCNC and project-based manufacturing data in their MRP and ERP systems are the life blood of their business. The vulnerability is having projects completely stop if the data is corrupted, the threat is that of competitors stealing the data and undercutting them to their own customers, and the risk and consequences are a potential rapid drop in revenue and eventually the company going out of business. The assets involved in this DCNC (Direct Computer Numerical Control) data and machines, BPM system and as it can be clearly seen in the case, their MRP and ERP systems as well.
The second vulnerability are the lack of proxy servers and sufficient fail-over firewall protection. Today anyone skilled enough to quickly break through the single firewall with have access to all data in headquarters, and throughout the DD and CD divisions. Further, their network infrastructure is protected initially by just a router. This is incredibly insufficient for the confidentiality of the data the company is dealing with on a daily basis. If Department of Defense (DoD) customers knew this was the configuration of their network infrastructure, they would be shut down and have a security audit performed. The threat of not having proxy servers and protecting their network with just a router include having their ability to produce and fulfill orders immediately disrupted. The vulnerability is their most critical enterprise-level information could be quickly compromised and used by competitors or even foreign governments to understand which DoD-related projects they are working on. The consequences would be immediate fines from their government-based contractors…
References
Brehm, N., & Jorge, M.G. (2005). Secure web service-based resource sharing in ERP networks. Journal of Information Privacy & Security, 1(2), 29-48.
Leong, K.K., Yu, K.M., & Lee, W.B. (2003). A security model for distributed product data management system. Computers in Industry, 50(2), 179-193.
Marnewick, C., & Labuschagne, L. (2005). A conceptual model for enterprise resource planning (ERP). Information Management & Computer Security, 13(2), 144-155.
Soja, P. (2006). Success factors in ERP systems implementations: Lessons from practice. Journal of Enterprise Information Management, 19(6), 646-661.
Computer Security In the past few years, viruses like "I Love You" and "SoBig" have generated much publicity and apprehension and highlighted problems of computer security. In the last month alone, experts estimate that 52 new viruses have spread through computer networks. In addition, the growing incidence of identity theft also illustrates the growing sophistication of hackers and their tools. This paper examines the main problems related to keeping the information on
Computer Security: Corporate Security Documentation Suitable for a Large Corporation Item (I) in-Depth Defense Measures (II) Firewall Design (III) Intrusion Detection System (IV) Operating System Security (V) Database Security (VI) Corporate Contingency of Operation (VII) Corporate Disaster Recovery Plan (VIII) Team Members and Roles of Each (IX) Timeline with Goal Description (X) Data Schema (XI) Graphical Interface Design (XII) Testing Plan (XIII) Support Plan (XIV) Schematics Computer Security: Corporate Security Documentation Suitable for a Large Corporation (I) In-Depth Defense Measures Information Technology (IT) Acceptable Use Policy The intentions of
Computer Vulnerabilities Computer Security Vulnerabilities The extent of the problem This is not a small issue. The book "Analyzing Computer Security" lays out the following scenario: "First, 20 million U.S. smart phones stop working. Next follow outages in wireline telephone service, problems with air traffic control, disruptions to the New York Stock Exchange, and eventually severe loss of power on America's East Coast" (Pfleeger & Pfleeger, 2011, 3). The authors are talking about
The public-key cryptography approach also creates a more efficient means of cryptographic security by ensuring RSA-compliant encryption and decryption throughout the secured network (Sarkar, Maitra, 2010). As a result the use of public-key cryptography hardens and makes more secure each connection and node on a network (Chevalier, Rusinowitch, 2010). C3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it
who have access to the network do not maintain proper security procedures and remain well-informed regarding potential risks and updated procedures and policies (Cobb, 2011; Whitman & Mattord, 2011; ICR, 2008). Any security policy must, after being properly designed and established, be communicated clearly and comprehensively to all relevant personnel, which in today's organizations typically means anyone with access to a company computer and/or the company network, or who
Computer Security Information In the 21st century, information is the key to almost every organization's success. Data is the lifeblood of business -- the information one uses to be competitive and the information that spells success or failure in the marketplace. Data is so important that an entirely new security focus has arisen -- Computer Information Security. In an era in which we must choose which issues for focus, the issue