Vulnerability Assessment On The Network Security Analyst

1358 Words6 Pages
Introduction Based on the size of the company, Global Accounting has ubiqitous, and the opportunity for vulnerabilities has arised within the organization. There are a variety of ways to compromised systems in order to acquire, modify and share confidential data and information. In light of this, there is a need for a vulnerability assessment on the organization’s network and futhermore, the network needs to be evaluted for any external unauthorized accesses, as a result of where a external agent with malware can shutdown the company. As part of Global Accounting desire to ensure high levels of productivity, management has made technological advancements a major proirity, and thus looking to implement an identification management system, which requires a review of impact on privacy. As the network security analyst, this report will analyze and discribe the threats and vulnerabilities of the network, identify the secuirty measures; which will address these threats, evaluate and make recoomendations on the company’s identification system, including potential vendors and tools, dicuss the privacy concerns, and finally address any governement and state compliance issues, while covering the techinal security inadequancies of the current environment and potential implementation issues associated with the new financial reporting system in order to prepare for company audits. Threats and Vulnerability at Global Accounting The typical vulnerability and threat analysis begins with defining and categorizing the network and system resources, assigning a relative level of importance to the resources, indentifying the potential threats to every resource, developing a strategy to deal with the most critical problems first, and defining the ter... ... middle of paper ... ...ity to an organization. It must be ensured that all of the communications both internally and externally be encrypted using a strong encryption algorithm like MD5 and SHA1. The protocol that stores users credentials in plain text should not be used. There should be regular maintenance of servers and system for updating of software installed on servers and patches have to be applied as soon as they are identified. As the information technology managers of the firm, policies and procedures must be developed to limit the damage an individual user account can do to the network. The issues that arise with access controls are bogus profiles, disgruntle employees and limited password complexity. The IT department should work with its legal department and senior executives to develop policies and procedures to protect the company from unnecessary damage due to user control.
Open Document