IT 335 Milestone 6.docx IT 335: Wilburs Widgets Security Policy Gap Analysis Southern

IT 335 Milestone 6.docx  IT 335:   Wilbur™s Widgets Security Policy Gap Analysis  Southern New Hampshire University  Seven Domains of IT Infrastructure  User Domain  œThe weakest link in any security plan or implementation is a human. The weak links include everyone from the hourly paid end user to the owner of the company.  (Thomason,  2013). At Wilbur™s Widgets, there is no formal security training provided to users. This makes the users an even bigger risk to the security of the company™s information. Well trained users, while still a weak point, can spot anomalies and possibly prevent malicious attacks. At Wilbur™s Widgets, the change needs to start at the top with the CEO and Board of Directors. Without their buy-in, no security policies will lessen the threat posed by untrained users.  The insider threat is also a huge risk to modern companies.  Employees already have access to the company™s information, so there is the possibility that they can obtain and sell that information. To combat this, Role Based Access Controls should be implemented.  Roles should be built granting only the access the resources needed to accomplish a specific job.  For example, employees in Human Resources should not be able to access Sales information. The more nuanced the roles that are created, the more protected the information will be.  Workstation Domain  The workstations at Wilbur™s Widgets present a huge concern. They are running an operating system that is currently end of life, and there is no patch manageme