Computer Systems Security - Security Weaknesses

...

- Associated Risk

As mentioned before, when the headquarter servers are attacked, their secured data would be accessed and lost without much effort. Outside entities can steal the AS's client information and sell them to competitor companies

- Consequences On The Company

Consequences on the company might affect company's data such as IT and finance data as it could be lost or stolen by hackers, if it have been stolen by hackers it could be sold to competing companies so they can have an advantage over AS which may cause the company to lose its customers and its income.

-

Policy Weakness

As mentioned in Aircraft Solutions’ scenario, the company’s security policy requires that all firewalls and router rule sets are evaluated every two years and that all local servers are backed up to network attached storage devices maintained at the server location. This policy is considered as a vulnerability as it has been wrongly stated and became a security weakness rather than a strength. All firewalls and router rule sets must be reviewed and evaluated at most every six months. The evaluation every two years is considered as a very long period to pass without reviewing and evaluating rules and policies due to the fast rate of Technology changes and the continually changes of assets of the AS company’s infrastructure.

- Associated Threat

The threat for this policy weakness is that it would be easy for attackers and hackers to hack the AS system and get access to the company's secured data. This is because two years period is a long time and its lack of a firewall gives the hackers the chance of hacking the system and running through its firewalls.

- Associated Risk

In general, this weakness could cause the AS system to get damaged as this wrong policy of leaving the firewalls and security system without review or update for two years, and this puts the system at risks for attacks and lose its important secured data which may affect the whole business.

- Consequences On The Company

When the system being hacked, the hackers could gain access to the company's important data such as client and employee records, financial and product information. The hacker could cause the company to lose its data and put it out of business. Another consequence might be exposing company's important data for its competitors which may cause the company to lose its customers and its income.

---------------------------------------------------------------

SECTION 3. Recommendations

-

solution of Hardware Weakness

- Solution

- Justification

3.1.3 Impact on Business Processes

-

solution of Policy Weakness

3.2.1 Solution

- Justification

- Impact on Business Processes

---------------------------------------------------------------

SECTION 4. reference list

Decker, F. Demand Media. The Importance of a Firewall. Retrieved from http://smallbusiness.chron.com/importance-firewall-62499.html

Denyer, C. Review of Firewall and Router Rule Sets | PCI DSS Requirement 1.1.6 Retrieved from http://www.pciassessment.org/review-of-firewall-and-router-rule-sets-pci-dss-requirement-1-1-6