information technology hilcorp energy organization
Words: 1823 | Published: 02.12.20 | Views: 434 | Download now
Excerpt from Exploration Proposal:
Distant access regulates.
Network protection management.
Complying with the guidelines and methods of the organization is very vital to the organization, and the policies and methods should be evidently communicated for the appropriate organization teams.
Intruder: The advised treatment intended for the assault by the external intruder just like hacker should be to ensure that most communication within the organization is usually encrypted to deter the unauthorized entry to the company info. Moreover, the organization should work with antivirus to shield the company info from the harm such as Trojan’s horse, earthworm, virus etc . Compliance to policies and procedure is very vital to make sure an company IT security.
Disgruntled Staff: Company should evaluate each personnel prior to being in order to handle hypersensitive information. There is also a need to carry out background check on each of your employee. The backdrop check may verify potential employee police arrest records, and interpersonal background. Employee should be asked to indication a secret agreement, which states the penalties for the break of contract.
Development a Risk Plan for treatment
To obtain needed return on investment (ROI), the risks have to be managed efficiently. The additional kind of risks that organization must be addressed can be as follows:
Network Security: Organization network is extremely vital for effective business communication. An unauthorized specific could intercept data sent through computer system network. Therefore, there is a need to develop suitable security plan to enhance network security. The next procedures needs to be followed to enhance network protection:
Proper documents of the design and style and rendering of the network.
Firewall configuration to deter unauthorized usage of the network.
Installation of anti-virus software on all systems and web servers.
Prevention of authorized use of the company info and network.
Always upgrade the computer virus signature.
Encryption and secure connection.
Application security and security for the operating system
Utilization of access control and authentication
Use of Invasion Detection System (IDS).
Usage of Intrusion Elimination System (IPS).
Network routing control.
Network connection control.
Password supervision such as standard change of password.
Use of authentication, automatic terminal identification
Terminal logon procedure.
Physical Security: Physical security identifies the types of procedures of acquiring the company physical assets such as building, working areas, paperwork, systems and devices. Each one of these items you need to secured effectively. Damage to some of these items could lead to damage of computer assets. The procedures to supply key secureness measures intended for company facilities are as follow:
Supply of 24-hour security together with the trained g.
Use of physical entry control such as:
– Identification components such swipe card and recognition card.
– Access authorization.
– Access restriction to be implemented on a daily basis.
– A great entry and exit tracking system.
– Restricted access to data hub and machine rooms
– Close 24-hour monitoring by a circuit tv at critical locations just like network place, and info center.
– Restricted movements of mass media such as adobe flash drives, small disks etc .
-Paper control through documentation and physical inspection by gate moves.
-Use of fireplace detector system and open fire suppression system
-Storing backup media that contain critical data at remote offline area.
Based on the identification in the risks for the IT possessions and the techniques for the treatment of these kinds of risks, the report covers whether the Hilcorp Energy Business is actually obtaining the appropriate procedures and types of procedures for treating these hazards.
Results of the Risks Research
Based on the chance assessment done on Hilcorp Energy Business, the record uses the following criteria to evaluate the organizational IT protection.
User Authentication and Gain access to Controls
User authentication is definitely the process of determining a wearer’s identity prior to being allowed to gain access to the pc system. Examination of the approach that Hilcorp Energy Organization employs intended for the authentication practice may be the use of the password-based authentication where a customer is asked to input her or his password during login to gain access to the computer network. The process is that a user comes up to enter their password everytime they want to gain access to the network system. When this process is beneficial within the organization because the method only permits the certified users to gain access to the computer network, however password-based network is usually not successful in the computer network. A classy hacker can intercept the password remotely. There are condition where online hackers uses the Trojan equine or earthworm to invade the user computer system in order to steal a user security password. In addition , security password sent over the network could be eavesdropped and become used by an eavesdropper to impersonate the user. Moreover, password-based authentication is definitely inconvenient since the users happen to be asked to their security passwords each time they want to get access.
The company gain access to control coverage is effective since it defines the operations and also the action that the legitimate end user could execute. The company uses access control system to prevent users to implement the actions that could bring about a breach of protection. The company policy and procedures on gain access to controls is that the company runs on the reference monitor to mediate user’s strive into the program. Each time a genuine user tries to gain access to the system, the reference screen consults the authorization data source to determine if the user could possibly be authorized to accomplish the operation.
PC as well as Workstation Reliability
The workstation is an “electronic processing device, including laptop, tablet PC, desktop computer, PDA, or any additional device that performs related functions, and also the electronic multimedia stored in its immediate environment such as community hard drives, CDROMs, floppy pushes, zip-drives which might be directly connected to the device”(University of California, 3 years ago P1).
Protection of the PC/workstation is very important to address the risks that may have occurred in the workstation. Risk assessment of Hilcorp Energy Company reveals that the organization employs several procedures to enhance the security of PC/workstation. The corporation allows workers to use personal computers (PC). On the site, staff could push from one location to the other, thus, the usage of PC is allowed. Commonly, the COMPUTER of each employee contains vital organizational info, and if such PC gets onto the hand associated with an authorized customer, the company information might be by risks. Hence, the company accessories some reliability measures to boost security with the PC/Workstation.
Initially, there are skilled security guards on the company location to ensure that a great unauthorized person is not allowed at the organization location. Additionally , the company uses 24-hour monitoring circuit television set to screen the activities taking place at the location.
Moreover, the corporation implement physical inspection on the gate complete. Since the users could make use of PC to work, the business employs gain access to control to manage the nature of job a user could perform while using a COMPUTER.
Moreover, the corporation implements a virus diagnosis system by using virus diagnosis software. In addition , the company shops all the backup offline at a remote position. Part of the company security insurance plan is that the organization also prohibits the unit installation or download of personal software in the business PC.
The company also set up antivirus software program on every one of the company COMPUTER. The authentication of a end user is required prior to a user is definitely allowed into the system. The company also uses encryption process to protect organization data from the authorized gain access to. While the organization employs all of these security procedures for the company PC/Workstation, you can still find some disadvantages identified with the company reliability measures.
Even though the company uses encryption to shield the company data from an official user, the organization does not apply “cryptography for PC/workstation protection. ” (Harn, Lin, Xu 1994). Even though, encryption is very effective for the safety of PC/workstation, however , encryption could only remain successful if the non-public key utilized for decryption is usually not affected. In the case of the Hilcorp Strength, many persons use the same private key for decryption. With this product, the private key could possibly be easily compromised. The use of cryptographic methods may employ to address the shortcoming identified inside the encryption technique. (SecureRF, 2010).
Network Perimeter Security
The company uses Vast Area Network (WAN) to connect the headquarter with the additional stations. Evaluation of the secureness of the network perimeter discloses that the organization implements fire wall and invasion detection system (IDS) as the security procedures for the network program. Typically, fire wall is effective since it blocks unauthorized traffic. In addition , the firewall enables the fast box inspection which is able to filter authorized traffic. The only disadvantage for using firewall while only security procedure is the fact firewall simply cannot detect substantial level-level attacks. In addition , the firewall simply cannot block the malicious targeted traffic that passes through the open ports or traffic that appears reputable. Moreover, firewall could not stop the traffic that moves through encrypted tunnel.
The business also uses the attack detection program (IDS) an additional method to boost network security. While IDS is effective to detect not authorized access to the network, nevertheless , the IDS cannot prevent the unauthorized usage of the network.
Based on the shortcoming identified on the reliability devises in the company, the report advises the powerful security procedures