Project Security Plan
This plan was developed by David Hanuschak, Managing Director of On-point Technologies, in cooperation with other key members of the On-point Technologies staff.
About On-point Technologies
We are a three man great solution for your networking needs. On-point technologies are top rated with the Better Business Bureau for customer satisfaction.
This security plan is our first. We will take a broad view of the security risks facing the firm and take prompt action to reduce our exposure. Everyone remembers the virus attack we had earlier this year, and we hope to avoid another disaster like that! However, I hope that by taking a wider view, we may ...view middle of the document...
Section 2: Assessment Results
Our assessment has produced the following results.
Skills and Knowledge
Our technology consultant, Tim, is familiar with the whole situation and will be our expert guide. However, we need to internalize as much of this knowledge as possible by doing as much of the work as we can. Doing so will also help us save money. Luckily, Lovell is an amateur computer enthusiast. He has attended a security training course.
Each member of the project team has read the available security planning guides from Microsoft and the Internet Engineering Task Force (IETF) in preparation. The company as a whole is reasonably technically literate, but (with one or two exceptions) they see computers as tools to get the job done and don’t know much about how they work.
Our Network and Systems
* Desktops: Ninety-Six (32 Per Lab)
* Laptop computers: Six (one each for the directors, one for Steve, and three for the sales team)
* Printers: One (one high-end plotter and one printer-fax combo unit for general use)
* Servers: One (running Small Business Server 2008 and looking after files, the Internet connection, e-mail, and our customer database)
* Internet connection: 1.5 Mbps cable modem connection
The server and several of the computers are linked by 100 Mbps Cat5 Ethernet cables. The remainders are linked by an 802.11g wireless network with an access port. All computers run Windows 7Professional.
We compared each computer against the checklist in the Security Guide for Small Business. We also ran the MBSA. These actions produced the following results:
* Virus protection:
* Spam-filtering software: Many users have begun to complain about spam, but no protection is in place.
* Firewall: We thought the ISP’s router included a firewall, but it doesn’t; so, we don’t have one.
* Updates: All the Windows 7 Professional systems are up-to-date because they were automatically checking and downloading updates. However, several installations of Microsoft Office need updating. Passwords: A random sampling found that most people aren’t using passwords at all or had them written on Post-it notes. In particular, none of the laptop computers are password protected.
* Physical security: We had the insurance people in last year, so the window locks, doors, and alarms are pretty good. However, none of the computers has a serial number etched on its case, and we didn’t have a log of the serial numbers. We also noticed that everyone, including Tracy and the two directors, are using the same printer, which means that there is a risk of confidential documents being left there by accident.
* Laptop computers: All the laptop computers had shiny bags with big manufacturer logos. No security locks.
* Wireless networking: We’re wide open here. It turns out that we just set the thing up and it worked, so nobody touched any of the settings. The wireless network...