Emerging GROUP & sELF REFLECTION
Cyber-Security at Solomon Enterprise
Group 1
Manikanta Maram
Alok Reddy Mogulla
Nikhil Ravindra Pathak
Kartheek Reddy Ravula
Krishna Chaitanya Sanagavarapu
Dinesh Kumar Reddy Thirumalareddy
Department of IT,
University of the Cumberlands
ITS 834: Emerging Threats & Countermeasures
Dr. Derek Holbert
June 7th, 2020
Cyber-security at Solomon Enterprise
Background
Solomon enterprise is one of the firms that have ventured into the online retail stores in the United States, and users all over the world can access their cite. The organization employs more than 500 people across the domestic US. Their products are purchased through online stores generating an annual revenue of about $200 million, making it a likely target for hackers and cybercriminals
Business Model
Solomon Enterprise has a website through which its customers purchase their products and then they are delivered to them physically. Their business model is business to consumer (B2C) (Joyce & Paquin, 2016).
Security Posture
Solomon Enterprises, the software and the hardware are managed through policies. The enterprise uses VPN connections to ensure that their connection is encrypted (Joyce & Paquin, 2016).
Administrative control
Backgrounding employees
Solomon Enterprise conducts a background check of its employees before it hires them into the company.
Employees Training
Solomon Enterprise conducts different types of training to engage its employees. This training aim is to orient the employees on how the enterprise operates.
Employer-Employee Agreement
Agreement between Solomon Enterprise and its employees is essential, especially when it comes to the enterprise's security. The first item that should be emphasized on the contract is the confidentiality agreement.
Physical control
Perimeter Security
Since Solomon Enterprise operates mostly on the internet, it must be housing important infrastructure that holds sensitive information. For this to be possible, the organization should harden its physical perimeter, thus restricting unauthorized entry.
Closed Circuit Television
In improving security, video surveillance is a good "next step." Sometimes the threat to the company is not outside but inside the facility. In most cases, the key card and the guards cannot detect this.
A Secure Server Room
Solomon Enterprise should not only control entry into the premises. There should also be tight security on the room where the servers and the backups are stored.
Physical control cont.,
Device Management
Numerous organizations have endured information break or hole since they had no chance to get of cleaning a lost or a taken gadget that belongs to the organization.
Air-Gapped Wi-Fi Network
There have been known ways through which hackers breach the company's network through the use of the network (Farraj, Hammund & Kundur, 2016).
Technical Control
Encryption
Encryption refers to a way that a message can be encoded so that a certain group of people can only access it. Solomon Enterprise should use this method because it can be used across a variety of devices. It means that all the devices that are utilized in the Solomon Enterprise facilities are protected from any form of a security breach.
Firewall
A firewall is the best prevention for unauthorized access to the Solomon Enterprise network. Firewall monitors and control network drift between the internet and the private network, and it works on user-defined rules.
Technical control cont.,
Passwords
Hackers use different ways to try and get access to the network of an organization. For Solomon Enterprise to safeguard their data, they should have a strong password.
IDP
IDPs (Intrusion Detection and Prevention System), also known as IPS, is a network security application that screens network and system happenings and detects a possible intrusion.
Security Policy
Apart from the existing security program, Solomon Enterprise needs to establish a security policy. Examples of these policies that need to be established include:
Acceptable Use Policy (AUP)
This policy specifies and doings that an employee using an enterprise IT assets ought to approve to access the organizational network.
Access Control Policy (ACP)
This policy states and shows the employees that are allowed to access the company network.
Information security policy
This policy often provides the employees with the guideline of how they are going to use the network and also provide rules and regulations.
Legislation/Regulation
The government provides legislation that is supposed to govern the enterprise.
The Gramm Leach Bliley Act is mandatory for every business. The Act states that every organization should protect any information concerning the business that will lead to a security breach of the organization.
One regulation that the US congress had proposed on cybersecurity is the Consumer Data Security and Act Notification. This Act requires organizations to disclose any security breaches (Marota & Madnick, 2020).
Another regulation formed in the United States is the Cybersecurity National Security Action Plan (CNAP) in 2016, which governs all institutions in the private sector to share information about cyberattacks with the government.
Network security tools
Security network tools are essential in an organization or a business (Vyshnavi, Sree & Jayapandian, 2019)
They help in monitoring, detecting any breaching attempt on the organizations’ network.
For Solomon enterprises to ensure that their data is protected against hacking, they can use software such as wire shark, Metasploit, and Nessus, leading in the market (Vyshnavi, Sree & Jayapandian, 2019).
Conclusion
Cybersecurity is vital for any business enterprise, especially those that have sold the products virtually.
Technology is rapidly growing, and along with it, cyberattacks are increasingly becoming more common
Cyber-attacks have led many companies to undergo incomprehensible losses.
For Solomon Enterprise to avoider the occurrence of such incidents, they should ensure they use the top-notch security for their network.
References
Alexander, A., Graham, P., Jackson, E., Johnson, B., Williams, T., & Park, J. (2019, June). An Analysis of Cybersecurity Legislation and Policy Creation on the State Level. In National Cyber Summit (pp. 30-43). Springer, Cham.
Azeez, N. A., Bada, T. M., Misra, S., Adewumi, A., Van der Vyver, C., & Ahuja, R. (2020). Intrusion Detection and Prevention Systems: An Updated Review. In Data Management, Analytics and Innovation (pp. 685-696). Springer, Singapore.
Farraj, A., Hammad, E., & Kundur, D. (2016). A cyber-physical control framework for transient stability in smart grids. IEEE Transactions on Smart Grid, 9(2), 1205-1215.
Joyce, A., & Paquin, R. L. (2016). The triple layered business model canvas: A tool to design more sustainable business models. Journal of cleaner production, 135, 1474-1486.
Leszczyna, R. (2019). Cybersecurity Controls. In Cybersecurity in the Electricity Sector (pp. 181-209). Springer, Cham.
References
Marotta, A., & Madnick, S. (2020). Analyzing the Interplay Between Regulatory Compliance and Cybersecurity. Available at SSRN 3542563.
Naik, N., & Jenkins, P. (2016, August). Enhancing windows firewall security using fuzzy reasoning. In 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech) (pp. 263-269). IEEE.
Pattinson, M., Butavicius, M., Ciccarello, B., Lillie, M., Parsons, K., Calic, D., & McCormac, A. (2018, September). Adapting cyber-security training to your employees. In Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (pp. 67-79).
Sommestad, T., Karlzén, H., & Hallberg, J. (2019). The theory of planned behavior and information security policy compliance. Journal of Computer Information Systems, 59(4), 344-353.
Vyshnavi, S. B., Sree, S. R., & Jayapandian, N. (2019, December). Network Security Tools and Applications in Research Perspective. In 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC) (pp. 655-659). I.
Thank you
.MsftOfcThm_Accent1_Fill { fill:#83992A; } .MsftOfcThm_Accent1_Stroke { stroke:#83992A; }
.MsftOfcThm_Accent1_Fill { fill:#B71E42; } .MsftOfcThm_Accent1_Stroke { stroke:#B71E42; }
.MsftOfcThm_Accent1_Fill { fill:#B71E42; } .MsftOfcThm_Accent1_Stroke { stroke:#B71E42; }
.MsftOfcThm_Accent1_Fill { fill:#83992A; } .MsftOfcThm_Accent1_Stroke { stroke:#83992A; }