Need Help on Assignments.
RUNNING HEAD: SECURITY ARCHITECTURE & DESIGN 1
SECURITY ARCHITECTURE & DESIGN 3
According to a study, a system architect helps to design an organization's technical infrastructure (Kairab, 2004). The infrastructure is usually made up of hardware such as computers and software. It should also have internet, firewalls server, and web portals. Since Vestige, Inc is an online software company, and it has been protected to prevent cyber-attacks. Kairab (2004) states that a company has to be secure to perform its tasks well. In most cases, security assessment is important because it allows a company to identify risk and avoid future attacks. Organizations are advised not to rely only on installing antivirus and not checking on them. If antivirus is not updated, the company is vulnerable to an attack, and customers will be at risk for identity theft. It has been noted that most organizations don't conduct a security assessment mainly because they believe it is costly. But small businesses can conduct security assessments internally using in-house resources. A security review and security assessment need to be conducted to ensure a system is secure. According to a study, a security review is a collaborative process that entails identifying security issues and their level of risk as well as coming up with a plan to mitigate the risk. On the other hand, security testing is the process of finding vulnerabilities in software applications and processes.
There are several ways to perform internal and external security assessment. So below are the steps that I will follow to ensure the company's system is secure. To conduct a security review of a system, the first step is to create a core assessment team that includes professionals within an organization (Kirschen & Jayaweera, 2007). People such as the IT managers and head of different teams will lead the assessment, suggest recommendations, and prepare the report. Secondly, it is important to review the existing security policy. This will allow the company to make changes. If any or create a new security policy, it does not exists. A security policy has to cover the security strategies, data backup plans, and password management policies that will ensure customers' data are secure. Also, a security policy has to be relevant to the market changes. Another step is to create a database of IT assets. This is done by preparing a comprehensive list of all software and hardware assets that the company owns, and it includes the servers, desktops, laptops, networks, and POS devices (Kirschen & Jayaweera, 2007). Also, employees' personal devices to check emails and external drivers are important to secure to ensure they are not at risk of an attack. As a system architecture, it is important to understand a company's threats and vulnerabilities. This can be done by preparing a list of all potential threats that a business could face based on past experiences and from a news report. It is important to identify gaps in the system that threats could possibly exploit. one can use IT security software that offers features such as vulnerability scanning and alerts to identify weak points in your application's network
The next step is to estimate the impact either in monetary terms or loss of client, credibility, or brand value. A company should estimate the impact of a cyber-attack either as high, medium, or low based on the severity and estimated cost (Rid & Buchanan, 2015). Next is to determine the likelihood of whether the potential risk would be high, low, or medium. In most cases, the level increases if the likelihood is high. Lastly, it is important to plan the controls. This can be done by listing the existing control system in place and outline further action that can help mitigate the identified risk (Rid & Buchanan, 2015). Such controls can include training content and configuration and implementation of new applications or hardware. When all the process is followed, then the Vestige system will be verified as secure.
Kairab, S. (2004). A practical guide to security assessments. CRC Press.
Kirschen, D. S., & Jayaweera, D. (2007). Comparison of risk-based and deterministic security assessments. IET Generation, Transmission & Distribution, 1(4), 527-533.
Rid, T., & Buchanan, B. (2015). Attributing cyber-attacks. Journal of Strategic Studies, 38(1-2), 4-37.