Jacket-X Corporation Case Study
Jacket-X Corporation is a large manufacturing company based in a large city. The corporation manufactures jacket, industrial-grade gloves used in waste disposals, and other safety applications. Moreover, Jacket-X owns a research laboratory next to the university, as well as numerous factories and warehouses within the country. The company faces various issues raised by the human resources. It was reported that last year there were financial issues with payrolls. Other concerns include vulnerabilities concerning the external network that could give hackers easy access to the company’s information and data. There is an internal IT security concern as a result of an employee infecting the network of the company with malevolent programs from an issued laptop. The occurrence of this incident forced the company to install a New Identity Management that uses Single Sign On (SSO) features. This decision has not been welcome by everyone in the company because of data access and privacy concerns. The paper analyzes the corporation’s possible threats and vulnerabilities. Additionally, it will provide countermeasures to address the situation at Jacket-X Corporation.
Threat and Vulnerability Analysis
Computer systems at Jacket-X Corporation face numerous threats. Often, the company will face generic threat actors in its information systems (UMUC, 2010). Threat actors can be categorized into three groups. To begin with, there are hackers who hack for monetary value. The second group includes those who hack non-public information and, lastly, there is a group that hacks for personal interests. Having the knowledge of how hackers operate helps one understand overall risks and potential attacks. Every organization uses a unique defensive mechanism to address such concerns. This is because different types of threat actors pose concerns to different companies in different ways. Scholars refer to these concerns as threats. According to Teller (2012), there are different types of threats. They include Botnets, Internal Threats, and Advanced Persistent Threat to mention a few. These threats are a concern to almost all companies and the current case is not immune to the problem. For a threat to successfully attack an organization, it needs to capitalize on the flaw in the company’s control system. This exposure is known as vulnerability (Whitman & Mattord, 2009). It is important to note that control means not only a computer system, but it also could be a process within the organization. Evidently, vulnerabilities at Jacket-X Corporation are not only computer-related (UMUC, 2010).
A vulnerability and threat assessment starts with classifying and defining system resources and the network. Most vulnerabilities comprise the internal weaknesses of a business. The first internal vulnerability at Jacket-X is addressing issues with payrolls (UMUC, 2010). A review of the payroll process indicates that six vulnerabilities need immediate attention. The corporation’s employee entry timecards can easily be edited, allowing for formation of fabricated timecards. It is important for future edits to be addressed using a novel validation system at a selected level. Overlooking sovereign contractor payroll entries allows editing of all payment entries. Besides, generation of payment checks requires a comprehensive payment record that is not dependent on mail records. The company should ensure that management reports are safe and encrypted every time they are exported. A system merge is necessary for paycheck generation and direct deposit to stop errors of paying employees twice. All the above-mentioned vulnerabilities have resulted in payroll irregularities at Jacket-X. In order to address these vulnerabilities, the company’s IT department needs to establish an internal control model.
Another vulnerability discovered at Jacket-X is the policy vulnerability. This presupposes laptops that are susceptible to external sources. After getting back from overseas, a senior leader used his computer to pay bills online. Later, he allowed unauthorized access to his company computer that was infected with malware. Within no time, a malicious worm attacked the company’s server. Though the worm was detected and neutralized in time, there was a need for sanitization to ensure operation time was not lost. To address this vulnerability, the company policy should be adjusted to include a compulsory verification of all returned computers before they are re-introduced back to the network. Moreover, employees should be cautioned and constantly reminded of the importance of adhering to the security procedures. The company’s vulnerability can be resolved through employees’ security training and company reminders. A policy should be developed to guide employees on how company devices and appliances should be used (Baldwin, Mont, Beres, & Shiu, 2010). The Vice-President was negligent in using his laptop in an unsecure cyber café. For instance, if the laptop had contracted the current Crypto Locker Virus, the company’s network system would have experienced severe damages. Besides, the company would have lost all its data if the virus had invaded the hard drives of servers. Lastly, Jacket-X should establish a tertiary network to screen its laptops and computer systems for malware.
Client says about us
I was really stressed out with my course and I knew I could not write this paper on my own. You really helped me much and I got a high grade on my final assignment. Thank you!
All I can say is that I am very impressed. My writer completed an order on time and followed every single instruction I gave! You have done a great job guys, many thanks!
I needed help with a Psychology essay, this was just what I needed. Definitely worth the money.
One of the best writing services. All papers were delivered on time and were flawless.
I guess you know that your writers are experts in Economics. They prepared a few great academic papers for me, despite the deadline was strict and the topics were really complicated. Thank you, 123helpme.org!
Besides, there are audit vulnerabilities. Jacket-X has been preparing for a major external audit since it entered the New York Stock Exchange. Generally, the company is doing well. However, there are some concerns it needs to address prior the external audit. The company’s network security does not match current bursts of activity due to its limited network logging activity. This presents a vulnerability since the company should ascertain there are adequate network activity logs. With regards to services and protocols, Jacket-X needs to resolve network configuration security because open firewall ports within the system are unsecure (UMUC, 2010).
The forth type includes vulnerabilities as a result of user account control. The company’s managers need to create procedures and policies that restrict damage to below the levels employees can damage (UMUC, 2010). This is because there are a number of concerns that can arise with access controls of a company such as distraught employees, inadequate password requirements, and fabricated profiles. Therefore, the IT manager together with the legal team should develop policies that secure the company in case of damage resulting from user control. It is recommended that the company develops a privilege management program that allows employees to access only information they need. The access controls should be terminated upon termination of an employee. Moreover, the user privileges must be frequently audited. Work of systems administrators must also be audited.
The center of a company’s network security is the physical network security. Though the network system can be damaged from a remote terminal, damage could be fatal if unauthorized persons accessed the physical address. The corporation should place its network systems in a secure zone where only right people can access them. This means that visitors and employees with a hidden agenda cannot access the Ethernet ports.
Using network devices, curious employees and hackers can harm the network of a company. Passwords of routers and other network devices can easily be changed from a physical terminal, thus opening the entire network to cyber-attack. Jacket-X Corporation ought to protect the network devices the same way it protects important manufacturing equipment (Singer & Friedman, 2014).
Currently, there is an increase of off-the-shelf mobile devices (UMUC, 2010). Therefore, Jacket-X Corporation needs to have a mobile device policy to ensure that external users do not harm the network. There is a parallel increase of telecommuting and its uses, meaning the company must invest in a cloud computing solution. The company has a safe RSA VPN encryption; it needs to consider adopting a two-factor authentication system to secure its VPN system. The company should develop policies to determine what smartphones can access the network. The company’s employees should access the network with devices that can be wiped from the office of the CIO in case they quit or lose the device. The CIO should also ensure that the devices are locked using a software to prevent malicious employees from sharing company’s information with unwanted persons.
Countermeasures Addressing Threats and Vulnerabilities at Jacket-X
Besides the countermeasures discussed against the above identified vulnerabilities, Jacket-X will introduce a new cyber-security awareness training program that will run for six months. The training program is meant to educate employees on the new policy, primary security principles, as well as increasing employees’ commitment to change. As the new CIO, I will ensure that the IT department is certified to train new employees on the company’s cyber security practices. Employees will be educated on primary principles of CIA Triad. A security plus instructor has stated that confidentiality is important as it ensures that only authorized personnel access a company’s data. Integrity verifies that data are not altered. In turn, availability guarantees operation of the systems and solves any issues with the systems (Gibson, 2011). Next, employees will be taught about the new AUP and allowed to ask questions. Later, managers will take an advanced training on leadership principles and awareness of cyber security. The IT department will have the mandate to establish a strategic prevention system.
The next security measure I will ensure that Jacket-X Corporation adopts as the new CIO will be to implement a mitigation plan by the IT department focused on strategic vulnerability assessments. The plan will ensure that software patches of the computer systems are up to speed. According to Goodrich and Tamassia (2011), un-patched concerns present intrusion scenarios that can be prevented using a viable program that responds to security issues. There are many tools at the disposal of the corporation that could help update patches in the system. Securing the network is important as it will ensure firewalls and routers are safe. Recent studies report that a secure network can be attained by training the personnel and ensuring constant monitoring of the system for possible issues. The CIO will introduce the Intrusion Detection and Prevention Systems (IDPS) as the basis for defending the company’s network. The network will then be strengthened by a Demilitarized Zone Network (DMZ) (Vacca, 2009). With this, external attackers will not have access to the company’s internal network. Jacket-X’s future vulnerability assessments will include introducing novel systems to monitor the systems for possible concerns. Lastly, password securities will be addressed twice a month with new passwords being developed to ensure the company faces no security concerns.
You can ask us “write my case study” on this or any other topic at 123HelpMe.org. Don’t waste your time, order now!
Evidently, Jacket-X Corporation is being faced by numerous threats and vulnerabilities. They range from issues concerning payroll, network security, data storage security, protocols, and services to password security and shelf mobile devices. Failure to address these vulnerabilities could harm the company’s network system, resulting in reduced productivity. It is recommended that Jacket-X Corporation invests a substantial amount of time in heightening security of its remote devices and network systems. To begin with, the company should focus on limiting threats caused by employees. This threat can be completely alleviated by developing stringent internal policies. Additionally, enforcement of strict physical security in the most important network systems such as switches, routers, servers, and wireless access points will protect the network system from damages that visitors or employees can do to the physical network. Besides, it is noted that the corporation should invest in long-term solutions to ensure mobile devices used to access the network do not damage the system. All security measures discussed above can be implemented at a low cost because they only require development of simple policies. Jacket-X Corporation will ensure a secure network regardless of employees’ negligence and termination if it enforces the said policies.