Emerging GROUP & sELF REFLECTION
RESIDENCY CASE STUDY
GROUP#10 Addanki Venkata Rama Raja Ravi Tej Dantala Priyanka Kalunmula Rakesh Mummaneni Babji Podishetty Sownith
INTRODUCTION
Solomon Enterprises runs online.
Has revenues of $200 million. The company employs more than 500.
This presents a both internal and external risks.
As such, this paper analyzes the security posture of the company and It analyzes the administrative, technical and physical security controls for information systems.
In addition, the security policies of are also evaluated, as are security standards that have been adopted in the company.
Lastly, the network security in the company is also examined.
2
ADMINISTRATIVE CONTROLS
They have control the human factor of information systems’ security.
It covers such practices as bring your own device (BYOD) policies.
It also employee security awareness and training.
Personnel management, incident response, passwords and authentication as well as the least privilege policy.
The use of the administrative controls are inadequate.
There lacks of a security awareness and training program.
3
ADMINISTRATIVE CONTROLS-Continued
First, there is need for a clean desk policy that needs to be adopted and carried out by the company.
A BYOD policy is critical in ensuring that employees’ use of their own mobile devices or PCs does not increase the risk of security threats
Lack of a social media policy is another risk factor for the company.
Due to increased use of social media, especially in marketing efforts, the risks of phishing and social engineering are rife.
Employees need to know how to identify a potential malware attack and also know how to react to such attacks.
4
PHYSICAL CONTROLS
Physical security controls are concerned with the physical security of the information systems infrastructure.
There is need for a strong and secure perimeter security securing all the office buildings, server rooms and data center belonging to Solomon Enterprises.
Use of CCTVs and Secure Server Room’s is another physical control that would alert the company’s security teams.
Door locks should also be used to ensure that cybercriminals who manage to get as far as towards the server.
Locks are critical in providing physical securities and also keeping a record of the key infrastructure at the company is important.
5
TECHNICAL CONTROLS
Technical controls leverage technology in order to reduce cybersecurity vulnerabilities.
There exists several technical controls that need to be leveraged at Solomon Enterprises:
Encryption.
Antivirus Software.
Intrusion detection systems (IDS).
Firewalls are network security devices that are used restrict the network moving in or out of a network system.
User identification is another technical control that must be used to ensure that all people who access the systems are identified.
6
SECURITY POLICIES
Security policies are at the core every company’s cybersecurity strategy.
They include Acceptable Use Policy (UAP).
Access Control Policy (ACP).
Change Management Policy.
Information Security Policy.
Incident Response Policy.
7
SECURITY POLICIES UPDATED
Other security policies include:
Remote Access Policy.
Electronic Communication Policy (Email Policy).
Disaster Recovery Policy.
Business Continuity Plan (BCP).
8
LEGISLATION/ REGULATION OR INDUSTRY STANDARDS
There are laws and regulations as well as industry standards that the company must abide by as legal requirements which include:
Gramm-Leach-Bliley-Act (GLBA).
Sarbanes-Oxley Act (SOX).
National Institute of Standards and Technology (NIST) Cybersecurity Framework.
9
NETWORK SECURITY TOOLS
Network security tools protect a company’s network as well as network infrastructure from malicious attacks from criminals which include:
Intrusion Detection Systems (IDS).
Sandboxes.
Network Traffic Analytics (NTA).
10
CONCLUSION
Solomon Enterprises is faced with the threat of cyberattacks.
Customer and business information is alluring to cybercriminals.
The company has made efforts in ramping up security by having firewalls and VPNS.
Much is left to be done in terms of improving technical, administrative and physical controls.
In addition, the company needs to abide by such laws as the SOX and GLBA and use network security tools to buffer security of its networks.
11
REFERENCES
B Romney, M. (2018). Accounting information systems. Pearson Education Limited. Retrieved from http://ndl.ethernet.edu.et/handle/123456789/17752
Daya, B. (2013). Network security: History, importance, and future. University of Florida Department of Electrical and Computer Engineering, 4. Retrieved http://www.alphawireless.co.za/wp-content/uploads/2013/01/Network-Security-article.pdf
Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes, and practices. Routledge. Retrieved https://www.taylorfrancis.com/books/9781315288697
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, 52-80. Retrieved from https://www.sciencedirect.com/science/article/pii/S1874548215000207
Lu, Z., Qu, G., & Liu, Z. (2018). A survey on recent advances in vehicular network security, trust, and privacy. IEEE Transactions on Intelligent Transportation Systems, 20(2), 760-776. Retrieved https://ieeexplore.ieee.org/abstract/document/8345196/
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82. Retrieved https://www.sciencedirect.com/science/article/pii/S0167404815001583
12
THANK YOU