Thursday, November 21, 2019

The Risks And Ramifications Of An Information Security Case Study

The Risks And Ramifications Of An Information Security - Case Study Example Communication between the company’s headquarters, offices and retail shops could be compromised from any angle given the size of the network infrastructure present in the organization. With such critical information as financial records and details entrusted to the organization, high-level information security is therefore imperative and mandatory. Constant network penetration tests will ensure improved security by identifying possible vulnerabilities that exist within the network system and recommending ways in which they can be mitigated before they are exploited by malicious hackers. The value of the information within the organization’s database is high thus the organization’s network infrastructure and security system are always at constant attack attempts. Alongside, risk assessment, a penetration test is valuable in validating the controls are in place and acting as required to protect the organization’s valuable assets (Conway & Cordingley, 2010). There are a number of guidelines in place to be used in developing an effective and beneficial network penetration test; the assets that are mostly targeted should be identified, the potential intruders and hackers, the likely routes used by the intruders to the organization and how exposed the assets are. The organization's core services such as firewall systems, password syntax, mail DNS, file transfer protocol systems (FTP), database servers, routers and web servers should be tested during a penetration test.... 2.0 Overview There are a number of guidelines in place to be used in developing an effective and beneficial network penetration test; the assets that are mostly targeted should be identified, the potential intruders and hackers, the likely routes used by the intruders into the organization and how exposed the assets are. 2.1 Scope of the test The penetration test is to be done within a time frame of one week, with the permission and knowledge of the organization’s Chief Information Officer. The organization's core services such as firewall systems, password syntax, mail DNS, file transfer protocol systems (FTP), database servers, routers and web servers should be tested during a penetration test. Wireless systems including other potential methods of accessing the network resources and obtaining information should also be included in the penetration test plan. The results of the penetration test will then be presented to the Chief Information Officer with recommendations that c ould help mitigate the risks and eliminate the vulnerabilities detected within the network infrastructure and security system. 2.2 Reconnaissance Reconnaissance involves gathering information about the system which will be used to gain access to the target systems. Passive steps such as social engineering can be used to achieve an effective and successful reconnaissance. The attacker utilizes social skills of interaction with the organization’s personnel in order to gain confidential information such as passwords. Such sensitive information as password, unlisted phone numbers and sensitive network information are always divulged by unsuspecting managers and employees. Through social

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.