Running head: AIRCRAFT SOLUTIONS
Keller Graduate School of Management
SEC 571 Principles of Information Security and Privacy
An assessment of Aircraft Solutions (AS) as to what Security Vulnerabilities that might be found, two areas discussed are Hardware & Policy weakness and impact.
Table of Contents
Executive Summary 1
Company Overview 1
Security Vulnerabilities 2
Hardware Vulnerability …………………………………………………..…….....2
Recommended Solutions 5
Hardware Vulnerability 5
Policy Vulnerability 8
Impact on Business Processes 9
The ...view middle of the document...
The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. The company’s strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. The following report is a security assessment on Aircraft Solutions and the primary objective in this assessment is to identify the existence of vulnerabilities present within the global context of Aircraft Solutions’ operations. An evaluation of the associated threats will be deduced, accompanied by the exposed weaknesses. This will be followed by an analysis of the degree of risk present. Finally, there will be a focus on the consideration of the consequences resulting from revealing of potential threats.
Vulnerability is a weakness in a system that can be exploited by a threat. Reducing the vulnerable aspects of a system can reduce the risk and impact of threats on the system.
The issue pertaining to Aircraft Solution’s hardware weakness is that of the lack of adequate protection implemented between its Commercial Division (CD) located in Chula Vista, CA and the rest of the world, connected to the Internet. In one view of AS’s network infrastructure, it even appears as though the CD must transmit through the Internet in order to connect to AS Headquarters located in San Diego, CA.
One of the elements used to ensure integrity is a Firewall. The lack of a firewall in this case is leaving the client’s confidential information, statistics, budgets, deadlines, contracts, employee information, strategies, deals open and exposed. This is an open exposure due to the uncertainties of the internet. Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity, and availability. Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Any automated attacks or personal attack or attack to exploit the company secrets/statistics/data is the biggest threat to that may occur without the firewall.
According to the survey, "Perceptions about Network Security," 90 percent of the 583 companies polled said they've suffered a network security breach at the hands of hackers at least once in the past year.
Those don't include website hacks, which are annoying but often not serious, or denial-of-service attacks, which are more like roadblocks than actual hacks.
A company's website is its public face; its internal networks are its concealed valuables. If hacking a website is akin to throwing toilet paper onto a company's front lawn, then hacking into its internal networks is like breaking into its house and stealing its jewelry.
Below is AS current Architecture:
A possible worst-case scenario might involve company data which could be lost or hijacked or tampered...