Information Security: CME Hosting Company - Case Study Example

?INFORMATION SECURITY: CME HOSTING COMPANY Information Security: CME Hosting Company Affiliation Table of Contents Threat Assessment 4 Vulnerability Assessment due to Security Threats 5 Part III 7 Risk Assessment 7 Risk Posed: High 7 Ethical Issues 7 Loss of privacy 7 Denial of Service (DoS) Attacks 8 Viruses and Malicious Code 8 Risk Posed: Medium 8 Errors 8 Unauthorized Access 9 Risk Posed: Low 9 Financial Risks 9 Part IV 9 Main Threat and Mitigation 9 References 10 Introduction Information security is a broad term which covers various processes which are adopted for saving and protecting data and information. It ensures data accessibility, privacy and reliability. At the present, the trend of storing data and information in databases has become very common. In addition, at the present almost all the businesses store their corporate data and information on computer (using databases). Additionally, the data and information stored in databases is extremely confidential and should not be offered for public view. On the other hand, a lot of businesses are completely dependent upon information stored in computers systems. For instance, they use databases to store staff details, personal data, salaries, clients’ information, marketing, sales information, bank account details and so on. Moreover, in absence of such database system, it would be very hard for a company to work properly. Thus, there is a dire need for implementing an effective information security procedure to secure this data and information (Crystal, 2012; Nash, 2000). Furthermore, effective data and information security systems integrate a variety of strategies for better security products, skills and events. In addition, software applications such as firewalls and virus scanners are not sufficient on their own to secure this precious data and information. In this scenario, a group of applications and procedures and systems should be implemented to successfully discourage access to this data and information (Crystal, 2012; Nash, 2000). This report presents a detailed analysis of some of the important aspects of information security for ACME Co. regarding provision of new web services for Citizens Wellness (CW) application by large health care company named Well-Health Inc. This report is aimed at analyzing present status of information security at the corporate. This report will offer an insight into the security arrangements presently available at ACME Co. as well as some new technologies needed to be deployed for the effective management of information security at in different corporate areas. Part I Threat Assessment In this section I will conduct a detailed analysis of some of the important threats at ACME Co. regarding provision of new web services for Citizens Wellness (CW) application by large health care company named Well-Health Inc. The basic aim of this analysis is to discover those major threats which currently exist in web services of ACME Co. as well as how these threats can damage or create issues for the information and data privacy for Citizens Wellness (CW) application. In this scenario, one of the primary risks is regarding staff related security risk. For instance, any bad staff person can hack or damage the business database or systems working. In addition, there is no proper way for staff recruitment. As well, there is no process for assessing background of staff members. The next main issue that I have assessed is regarding dissimilarity of operating systems’ versions and patches. In case of such misbalance among these versions and patches, there is no single and identical way to deal with security management of the business. Moreover, one of the biggest threats that can create an alarming situation for the business is the absence of anti-virus software on ACME servers. I have assessed that work stations of organization’s employees/contractors still do not have any protection procedure against malwares. There is another issue regarding network services of ACME which is the absence of internal firewalls that can create any time issues for the business. It can lead to problems regarding business security and management. Another important issue at ACME Co. is less effective configuration of active directory application. In addition, user’s account is not suitably managed to offer a great deal of account safety and privacy. There is also manual process of managing and handling the user account procedures. Part II Vulnerability Assessment due to Security Threats There are several issues and threats those are presently making organizational activities difficult to perform. In case of ACME Co, one of the initial risks that I have outlined above is security threat from less effectively recruited staff /personnel. In case of such situation any staff member with some illegal aims and objectives can add a virus in database or hack the overall corporate information. There are also a number of issues which can be created by such type of vulnerabilities. It can involve deletion of overall data or making some security information leak regarding personal information of people at Well-Health Inc. Dissimilarity of operating systems versions and patches can also create critical problems and issues as a result they can make defense and protection of business information difficult. Thus, in absence of an effective protection strategy the overall information and data can be hacked or deleted. In worst case the business information can be delivered to corporate competitor. There is no single network or system management arrangement that can manage such dissimilarity of information systems. There can be issues about denial of central firewall for the overall security management of business data. In addition, in absence of anti-virus software on ACME servers can also cause serious problems for information security. In such situation any virus can easily attack and destroy or stop the business operation. In view of the fact that there are number of viruses on the web, so we are for all time under the attack of viruses from outside world. On the other hand, in absence of some enhanced security management methodology or virus updates the overall system working can be affected or stopped. Moreover, one of the critical issues is regarding absence of internal firewalls. In case of such problem user of systems and web services are open to virus attacks, malware, or Trojan attacks. In such situation overall network can be hacked by any hacker. In addition, they can hack all the important data and information of the users. Furthermore, less effective configuration of active directory and its deferred application can also present the hacker an open opportunity to hack the user account and make changes according to their own desire. In this scenario the security management can be unsuccessful. Part III Risk Assessment In this section I will present a number of aspects those are outlined above and their possible influence on corporate working and performance. Here I will outline a number of issues and risks which have different severity levels and can possibly affect ACME Co. regarding application of Citizens Wellness (CW) system by large health care company named Well-Health Inc.: Risk Posed: High This category will cover those risks which can have effect on overall corporate arrangement and working. Ethical Issues Ethcial issues can be the basis of many problems in a business corporation. In addition, ethical issues can happen due to less effective staff recruitment (Laudon & Laudon, 1999). Loss of privacy Loss of privacy can happen due to virus or hacking attacks. In the same way, these attacks happen due to absence of suitable antivirus or network firewalls (World YOUTH, 2003). Denial of Service (DoS) Attacks Denial of service (DoS) based security attacks are techniques which are used to break the suitable working of any business that is connected with any website or network. This can happen due to less effective network and system security and absence of improved security and privacy standards (World YOUTH, 2003; Laudon & Laudon, 1999). Viruses and Malicious Code A number of virus and malicious attacks can happen due to open system. In absence of effective security mechanism such attacks can stop the overall corporate working and operations (World YOUTH, 2003; Laudon & Laudon, 1999). Risk Posed: Medium Errors In case of less effective version control and operating systems’ version management the business can be at the continuous risk of ineffective corporate and operational management. Here we can have a number of system and network errors those can be due to virus and other DOS based attacks (World YOUTH, 2003; Laudon & Laudon, 1999). Unauthorized Access In case of unauthorized access to network and system resources the whole network can be at the risk of useless management of business operations. This can lead to a number of issues such as data and information theft (World YOUTH, 2003; Laudon & Laudon, 1999). Risk Posed: Low Financial Risks ACME Co., can also face some other risks such as financial risks. In this scenario, business can lose the overall credibility which can affect business reputation. Part IV Main Threat and Mitigation This section discusses about the threat that is identified along with possible management strategy that can be used to deal with such kind of issues. In this scenario, the major issue that can be a nightmare for ACME Corporation is the un-availability of antivirus and network firewall systems. In absence of such systems the entire corporation is open for attacks. Here we need to install excellent antivirus software and update it with recent updates. Then we also need to install a very effective network firewall that can catch and manage all the possible issues and could manage such issues (World YOUTH, 2003; Laudon & Laudon, 1999). References Crystal, G. (2012). What is Information Security? Retrieved January 25, 2012, from WiseGeek.com: http://www.wisegeek.com/what-is-information-security.htm Laudon, K. C., & Laudon, J. P. (1999). Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . Nash, J. (2000). Networking Essentials, MCSE Study Guide. California: IDG Books Worldwide, Inc. World YOUTH. (2003). Youth and Information and Communication Technologies (ICT). Retrieved January 23, 2012, from http://www.un.org/esa/socdev/unyin/documents/ch12.pdf Read More