SE571 Course Project_PhaseII_R

Security Assessment and Recommendations

(Phase II)

Ravindra Patel

Submitted to: Professor John Michalek

SE571 Principles of Information Security and Privacy

Keller Graduate School of Management

Submitted: February 21, 2014

Table of Contents

·         Executive Summary…………………………………………………………..

3

·         Company Overview…………………………………………………………...

3

·         Two Security Vulnerabilities…………………………………………………

4

o   Hardware Vulnerability..........................................................................

4

o   Policy Weakness……………………………………………………..…

5

·         Recommended Solutions………………………………………………..…….

6

o   Hardware Solution…………………………………………………..…

6

o   Policy Solution........................................................................................

8

o   Impact on Business Processes……………………………………….....

8

·         Budget……………………………………………………………………..…...

9

·         Summary………………………………………………………………………

9

·         References……………………………………………………………………..

10

Executive Summary

This report identifies the potential security weaknesses of the chosen company and explains potential solutions of the security weaknesses. According to the information provided, there are potential vulnerabilities in hardware and policy of the company. According to the network infrastructure of the company, there is no firewall has been setup between the Internet and the commercial division of the company. The solution to this hardware weakness would be to buy and install a firewall where needed. Also the security policy requires that all firewalls and router rule sets are evaluated every two years. The solution to this policy weakness would be to update the new rule sets and evaluate them semi-annually. In this report these weaknesses and their solutions will be explained in detail.