Aircraft Solutions Project Essay

Words: 2434
Pages: 10

Table of Contents

Executive Summary 3
Company Overview 3
Vulnerabilities 3
Hardware Vulnerabilities 3
Policy Vulnerabilities 6
Recommended Solution - Hardware 7
Impact on Business Processes 10
Recommended Solution – Policy 10
Impact on Business Processes 11
Budget 11
Summary 11
References 13

Executive Summary
The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their
…show more content…
A company's competitive edge is only as strong as the IT infrastructure it runs on, a single failure will result in the loss of business and potential repeat business.
Policy Vulnerabilities
Our analysis of the AS San Diego Headquarters Information System Security Policy identified a severe weakness. AS's security policy identifies that all firewalls and routers rules are evaluated every two years. Industry standard for firewall re-evaluation is on average 12 months or less depending on the state of the Firewall's. According to Microsoft "The only periodic maintenance required is the replacement of the licenses for the firewall engines on the management station every 12 months, depending on the environmental conditions within the data center" (Northrup) or as soon as a new patch is released by the software manufacturer.
Setting policy to only have the updates take place every two years can quickly outdate your system, leaving AS's system vulnerable to new threats. The threats to the Firewall are similar to what was identified in the Hardware Vulnerability Assessment in the previous section. A misconfigured/outdated Firewall poses a significant risk in that it can be easily exploited with little to no effort. New software patches allow a system update to ensure it's protected against predefined threats that have already been identified and the updates will provide the security