Security Assessment for Aircraft Solutions
Daniel A. Spencer
Submitted to: Professor John Michalek
SE571 Principles of Information Security and Privacy
Keller Graduate School of Management
Submitted: August 26, 2012
Table of Contents
Executive Summary 3
Company Overview 3
Security Vulnerabilities 4
Hardware Vulnerability – Absence of a Firewall 4
Policy Vulnerability – Lack of Timely Updates 5
Recommended Solutions 6 A Hardware Solution 6
Impact on Business Processes 9
A Policy Solution 9
Impact on Business Processes 10
This ...view middle of the document...
They provide a wide-range of products, services and solutions to different industries including electronics, commercial, defense, and aerospace companies. Based out of Southern California, Aircraft Solutions uses a large facility with extensive equipment to employ individuals who are trained to provide solutions to meet customer demands.
Aircraft Solutions uses Business Process Management (BPM) to connect customers, vendors, and suppliers to share information; in addition the BPM system aligns internal business operations with information technology (IT) support to maintain production.
The goal of this paper will be to identify and evaluate vulnerabilities that exist within the operations of Aircraft Solutions. As these weaknesses are identified, understanding possible threats, the likelihood of a threat occurring will be examined. In addition to this, the paper will look at consequences to the mission business processes should a threat occur and how the organization’s competitive edge would be affected.
Hardware Vulnerability – Absence of a Firewall
One area of potential security weakness for Aircraft Solutions relates to the hardware used and a lack thereof. When viewing the current IT architecture and present network infrastructure of Aircraft Solutions, the assessment here shows the lack of firewalls between the Defense Division (DD), Commercial Division (CD), and Aircraft Solutions Headquarters in San Diego. There is also no firewall between the Commercial Division and the Internet. A firewall is defined as “a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks.” (Rouse, 2012) This is a dangerous scenario in that with the DD and AS Headquarters not having any firewalls between them, it leaves each entity susceptible and open to the threat of a virus or any malicious activity being transmitted not just to the CD from the Internet, but also the CD to the AS Headquarters and DD entities. The vulnerability here is very clear and that is the absence of a firewall. Aircraft Solutions has confidential and private information stored in its database and the threat of having no firewall is that the exposure of this information including company statistics, designs, and other vital data is very real. The potential for exposure is very high since the absence of a firewall between the CD and Internet leaves the company with no filter device in place to block or keep attacks from entering in through the company’s systems. The consequences could be disastrous and leave the company liable if any customer confidential information, statistics, data, and etc. is leaked out or stolen. Aircraft Solutions data would be exposed not only company-wide but exposed to possible competitors. The company could not afford such an event to occur in that now whatever competitive edge it held, would now be exposed and potential to lose...