This project is compulsory to all students. The students must choose any organization or company
security policy for the company.
Analyze risks for this company by defining the Assets, Threats and
determine the consequence of each threa
To successfully complete the project, the following deliverables need to be provided:
Proposal This document must contain the following information:
verview of the subject and technologies you are planningto present.
You must introduce your project in the classroom, and have a maximum of 15 minutes for presentation
Internet Security is an integral aspect in protecting the data or in formation shared across the internet in any organization. In any organization or business operation where transactions are carried out, internet security is given a top priority as any activity that might threaten the security of sharing information via the network might collapse the business. Internet security entails data protection, data application protection and hardware protection. Generally, the security is largely concerned with the entire organizational network system that serves as a backbone to most of the organizational business operations.
To understand more on the internet security, this report provide a security risk assessment analysis of one of the creditor’s right law firm called Weintein, Weinberg and Reins (WWR) Company. This company provide services to financial institutions by collecting and storing their customer’s information that is used mostly in legal processes. A further details on some of the security threats and vulnerabilities and their consequences associated with this company are given and finally ways in which these security issues could be avoided.
Weintein, Weinberg and Reins Company
This is a kind of organization that deals in providing collection of services and legal representations to most of its clients who are creditors. These creditors include banks, real estates, credit unions and any other financial institutions that offer credits to customers. The company therefore, is entitled in protecting sensitive and most confidential client’s information that is non-public and ought not to be disclosed to any unauthorized person. This company, largely relies on internet or computer network to provide their services. This therefore, comes with a great responsibility of ensuring that the information residing on their network is well secured and free from corruption of any sought as most of its client’s information is used mostly in legal proceedings.
For any organization, security risk assessment is one of the most important aspect of its security policies. Security risks assessment helps the company to understand various risks that it is exposed to with the fact that it is connected to the internet. A thorough security risks assessment identifies some of the threats the company is likely to face and this helps the organization in a formulating a proper security measures to protect its resources. Considering that most of the organizational important asset is data or the information it possess, most of the security threats are likely to be targeted on the company’s data resource. Therefore, it is the duty of the company to ensure that the data integrity is upheld and that the data is protected from any form of interference that could affect the integrity of their information.
Weintein, Weinberg and Reins Company handles a very delicate information for their clients. This exposes such companies to major threats from the client’s customers. Some of the threats associated with such companies include; data loss, unauthorized access, malicious or virus attacks and hacking. All these threats are targeted to the data resource managed by the organization and in the case where the attackers find any vulnerable point to the organization network system, the likelihood of such activities to occur is high.
Unauthorized Access to the data applications
Creditor’s right law firms relies mostly on data applications for processing of their services. Most of these applications are password protected and some do not have a proper access rights control mechanisms in place. In most of these organizations, the mode of access control in place is the use of typed usernames and passwords which is not such a strong access control technology. Some of the users of these applications have weak passwords and others do type their password anyhow in the presence of other persons or users. Considering, that this company deals with very sensitive information, this security access control technology can easily be manipulated by attackers to gain access to the data applications and modify or corrupt the integrity of the company’s client information. The passwords can be easily hacked using methods such as brute force or anyone can look at the user while typing the password and record it.
Also, considering that this is not an IT company, the access rights are not well structure and sometimes a user can be able to view the information he/she is not entitled to. This can lead to users knowingly or unknowingly corrupting the company’s information thus leading to interference of data integrity and finally loses to the company. With this in mind, the company should adapt proper access authentication mechanism that seals off the existing vulnerabilities of password hacking that could lead to security breach which could compromise the company’s trust on handling its client’s confidential details.
Data loss can occur as a result of various events in an organization. It can be as a result of file corruption, deletion or organizational system failure. In case of any failure the organization operations might collapse as a result of data loss if there is no proper backup and recovery mechanism in place. In most of the Creditor’s rights law firms, backups are done after a long period of time or they are not done at all. These exposes these companies to risks of losing very important information as a result of failure or an attack. Considering that most of the data handled by creditor’s right firms are financial details and have a legal implications on most of their client’s customers, the worst that the attackers would wish for is to get rid of their information from the company’s system. Therefore, without proper backup procedures and mechanism, the company risk of experiencing data loss at any single time during processing and transmission over the network.
Malicious code or Virus Attack
Most of the creditor’s right firms are not aware of the viruses that could be used to corrupt their information. They run they network and data systems without having any anti-virus software in place. Lack of anti-virus programs makes the company’s systems vulnerable to virus attacks that are extreme and could lead to loss of data or interference of the whole operation of the company. This in turn would lead to interference of the client’s data integrity leading to severe loses to the company? Most of the virus attacks are carried out via the company’s network, that is, if the attacker gains access to the company’s network, he/she is likely to introduce a malicious code or program into the company’s system and these could really causes a lot of damages in terms of data corruption to the company’s operations. Use of anti-virus programs will ensure that the company’s network system is safe and free from any malicious attack thus safeguarding the integrity of its client’s information and preventing the company from collapsing due to loses.
Internet provides an avenue for the hackers to penetrate into the systems that are not properly safeguarded. Mostly if a company’s network is not well segmented, it exposes it to failure in case hacking takes place. A security analysis on creditor’s right law firms shows that most of these organizations operates on a flat network topology whereby in case on part of the network is affected then the whole system collapses. Also, the organizations do not implement security measures such as firewalls to prevent unauthorized persons from gaining access to the company’s network. This provide a weak point into the organization network that could be exploited by hackers to gain access to the company’s network and interfere with the company’s business operations. Creditor’s right law firms are mostly prone to hackers who are paid to either delete a certain information or delete it. Therefore, a proper security measures should be put into place to ensure that hackers are not able to gain access to the WWR Company so as not to interfere with the main asset of these organizations which is data integrity and confidentiality.
There are a number of consequences that WWR could face as a result of poor internet security. These consequences could negatively impact the business operations of such organization in a very extreme levels if the threats are not properly managed.
To understand more on the consequences of the already discussed threats, the threats are analyzed based on the following categories.
The occurrence likelihood is the degree in which the named threat is likely to affect the creditor’s right law firm operations. That is, how often it can occur. The occurrence likelihood is given in a range of 1 to 3. Where the values represent the following:
- 1 – not likely to occur
- 2 – Slightly certain
- 3 – Almost certain
This is the amount of impact the threat is likely to cause to the organization business operations. The consequences is categorized into either major or minor consequences.
Under this category the threat is analyzed in terms of the level of risks that the threat exposes the company to. The risks are grouped into minimal, moderate or extreme levels depending on the impact they can cause to creditor’s rights law firms business operations.
The table below shows the ratings analysis of the impacts of the main threats associated with creditor’s rights law firms.
|Threat||Occurrence Likelihood||Consequences||Risks Level|
|Unauthorized Access||3 – Almost Certain||Major||Extreme|
|Data Loss||3 – Almost Certain||Major||Extreme|
|Virus Attack||3 – Almost Certain||Major||Extreme|
|Hacking||3 – Almost Certain||Major||Extreme|
From the table above it can be seen that the threats poses a great security concern to the company. This is because the occurrence likelihood, consequences ratings and level of risks for all the four security threats are high. This shows that the company’s internet system security framework is highly vulnerable and this could cost the company In case any of these vulnerability points are exploited by the attackers.
Considering the nature of operations carried out by creditor’s right law firms, an updated and proper security technologies must be put into place in order to ensure that the companies retain their clients and still remain in market. There are a number of network technologies WWR organization should consider to adapt to in order to increases their security in preserving data integrity for their clients by protecting their information against threats such as the ones discussed above. Some of these technologies include:
Considering the sensitivity and nature of the information handled by this company, a quality and more secure authentication technology should be put into place for access control. This will help to prevent any intruder from gaining access and corrupting the cases files information as this would really get the company into losses. Therefore, this proposal recommends the use of a biometric authentication technology, as this will make it easy for the large number of employees associated with the company to identify themselves more effectively than the use of passwords which are more prone to hacking. Biometric authentication is the most preferred security method as it is hard to falsify another person’s details, since each employees biometric patterns are unique. With this technology, it will be easy to control access of users into the system and thus preventing unauthorized access due to use of weak passwords that could lead to data interference.
Use of Network Firewalls
Firewall are the most important part of internet security. This technology will prevent attacker from gaining access to the organization’s network. This technology controls what data packets are allowed into and out of the company’s network. Firewalls filters all the network traffic and this prevent any malicious information from being introduce into the organization network. Therefore, the WWR should incorporate firewalls into their network to discourage hackers or malicious codes or viruses from interfering with their business operations.
Use of Updated Antivirus Programs
Antivirus programs help the organization to stay safe from malicious code attack. The company should use best antivirus programs considering that their data is so sensitive and if not well protected an intruder may modify it by introducing malicious code into their system.
This is another internet security mechanism that ensures that the network is well structured in a manner that a failure on one part does not affect the entire operation of the organization. Network segmentation ensures that different users are grouped into different networks based on the rights each users are given. This will minimize the chances of data loss as well as prevent unauthorized persons from gaining access into organizational data which they are no supposed to see. Also with network segmentation, it becomes easier to monitor the network operations and detect and prevent any malicious activities from causing harm into the company’s system.
Implementation of Backup and Recovery Mechanisms
The company should implement a day to day backup procedure of their information. This will help the company recover in case of any system failure or corruption from the attackers. Backups plays a vital role in enhancing the security of a network system and having in mind the complexity and integrity of the information that creditor’s law firms deals with, a proper backup and recovery mechanism will serve them best.
In conclusion, it is therefore important for Weintein, Weinberg and Reins Company to ensure that their systems are well secured throughout their operations. This is because the nature of the work and resources are so much exposed to threats from outsiders as their client’s customer’s record could have a legal implications to some individuals out there. Therefore, the company should ensure that they apply updated security measures such as biometric authentication technologies, use of firewalls, backup plans and recovery procedures as well as network segmentation. These measures will ensure that the organization processes it operations smoothly without fearing the risks of hacking, data loss, unauthorized access or malicious attack.
in media-library-data, , 2013, <https://www.fema.gov/media-library-data/20130726-1455-20490-5292/fema426ch1.pdf> [accessed 26 March 2018].
in “Network Security: Common Threats, Vulnerabilities, And Mitigation Techniques”, , 2018, <https://www.examcollection.com/certification-training/network-plus-network-security-common-threats-vulnerabilities-mitigation-techniques.html> [accessed 27 March 2018].
in User Authentication Technologies, , 2018, <https://www.gartner.com/it-glossary/user-authentication-technologies> [accessed 27 March 2018].
in Omnisecu, , 2018, <http://www.omnisecu.com/security/internet-information-services-iis-7-security/why-web-server-security-is-important.php> [accessed 27 March 2018].
in Hq.nasa.gov, , 2018, <https://www.hq.nasa.gov/security/it_threats_vulnerabilities.htm> [accessed 27 March 2018].
BEAVER, K. in “Top Five Network Vulnerabilities”, , 2018, <https://www.acunetix.com/blog/articles/the-top-5-network-security-vulnerabilities/> [accessed 27 March 2018].
“ccna-study-guide”. in , , 2018, <https://www.computernetworkingnotes.com/ccna-study-guide/network-security-threat-and-solutions.html> [accessed 26 March 2018].
“Firewalls”. in , , 2018, <https://technet.microsoft.com/en-us/library/cc700820.aspx> [accessed 27 March 2018].
Garden, H, C Security, & C Security, “How Firewalls Work.”. in HowStuffWorks, , 2018, <https://computer.howstuffworks.com/firewall.htm> [accessed 27 March 2018].
Horowitz, M, “How useful is antivirus software?.”. in Computerworld, , 2018, <https://www.computerworld.com/article/2472120/security0/how-useful-is-antivirus-software-.html> [accessed 27 March 2018].
“IT”. in , , 2012, 1-10, <https://txwes.edu/media/twu/content-assets/documents/it/Network-Protection-and-Info-Security-Policy.pdf> [accessed 26 March 2018].
Manky, D. in “Top 10 Vulnerabilities Inside The Network”, , 2018, 1-10.
Rampat, A. in “Vulnerabilities In Network Systems”, , 2015.
“VLAN Network Segmentation and Security- Chapter 5”. in , , 2018, <http://resources.infosecinstitute.com/vlan-network-chapter-5/> [accessed 27 March 2018].
“why-secureworks?”. in , , 2017, <http://go.secureworks.com/why-secureworks?CO=SE-CO-2.1.41N&LS=PPC&LSP=NALE&LSC=SE-CO-2.1.41N&LSF=SE-E-CO&PS=Bing&PPCK=+network%20+security%20+solutions&PPCKMT=bb&utm_source=bing&utm_medium=cpc&utm_campaign=SEM|SWRX|NB|US|All|General|Modbroad|Bing&utm_term=+network%20+security%20+solutions> [accessed 26 March 2018].
Young, G. in Best Practices in Network Segmentation for Security, , 2018, 1-6, <https://www.gartner.com/doc/3393518/best-practices-network-segmentation-security> [accessed 27 March 2018].
 in media-library-data, , 2013, <https://www.fema.gov/media-library-data/20130726-1455-20490-5292/fema426ch1.pdf> [accessed 26 March 2018].
 “ccna-study-guide”, in Computer Networking Notes, , 2018, <https://www.computernetworkingnotes.com/ccna-study-guide/network-security-threat-and-solutions.html> [accessed 26 March 2018].
 “why-secureworks?”, in SecureWorks, , 2017, <http://go.secureworks.com/why-secureworks?CO=SE-CO-2.1.41N&LS=PPC&LSP=NALE&LSC=SE-CO-2.1.41N&LSF=SE-E-CO&PS=Bing&PPCK=+network%20+security%20+solutions&PPCKMT=bb&utm_source=bing&utm_medium=cpc&utm_campaign=SEM|SWRX|NB|US|All|General|Modbroad|Bing&utm_term=+network%20+security%20+solutions> [accessed 26 March 2018].
 “IT”, in Network Protection and Information Security Policy, , 2012, 1-10, <https://txwes.edu/media/twu/content-assets/documents/it/Network-Protection-and-Info-Security-Policy.pdf> [accessed 26 March 2018].
 D Manky, in “Top 10 Vulnerabilities Inside The Network”, , 2018, 1-10.
 A Rampat, in “Vulnerabilities In Network Systems”, , 2015.
 in Hq.nasa.gov, , 2018, <https://www.hq.nasa.gov/security/it_threats_vulnerabilities.htm> [accessed 27 March 2018].
 in Omnisecu, , 2018, <http://www.omnisecu.com/security/internet-information-services-iis-7-security/why-web-server-security-is-important.php> [accessed 27 March 2018].
 K BEAVER, in “Top Five Network Vulnerabilities”, , 2018, <https://www.acunetix.com/blog/articles/the-top-5-network-security-vulnerabilities/> [accessed 27 March 2018].
 in User Authentication Technologies, , 2018, <https://www.gartner.com/it-glossary/user-authentication-technologies> [accessed 27 March 2018].
 H Garden, C Security & C Security, “How Firewalls Work”, in HowStuffWorks, , 2018, <https://computer.howstuffworks.com/firewall.htm> [accessed 27 March 2018].
 “Firewalls”, in Technet.microsoft.com, , 2018, <https://technet.microsoft.com/en-us/library/cc700820.aspx> [accessed 27 March 2018].
 M Horowitz, “How useful is antivirus software?”, in Computerworld, , 2018, <https://www.computerworld.com/article/2472120/security0/how-useful-is-antivirus-software-.html> [accessed 27 March 2018].
 G Young, in Best Practices in Network Segmentation for Security, , 2018, 1-6, <https://www.gartner.com/doc/3393518/best-practices-network-segmentation-security> [accessed 27 March 2018].
 “VLAN Network Segmentation and Security- Chapter 5”, in InfoSec Resources, , 2018, <http://resources.infosecinstitute.com/vlan-network-chapter-5/> [accessed 27 March 2018].