COURSE PROJECT- PRINCIPLES OF INFORMATION SEC AND PRIVACY
Aircraft Solutions (AS), whose headquarters is in San Diego, California deals with the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Since the company’s strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses, most of the equipment is automated to increase production while reducing cost. The mission of Aircraft Solutions Company is to provide customer success through machined ...view middle of the document...
Among other policies for Aircraft Solutions, the policy for its security directive stating rule that-sets for routers and firewalls be evaluated at intervals of two years is one of the areas that is prone to some vulnerabilities. Two years is a somewhat a long period of time for company to conduct such kind of evaluation, it’s enough time for a lot of changes to happen given that the Company deals with different vendors and customers. In this era of technology where everything changes constantly; it needs a much more frequent evaluation timeline than two years. There are many vendors who specialize in constant rule-set monitoring, like RedSeal.net, which prevent the exploitation of vulnerabilities caused by outdated security configurations. The existence of such out-dated policies; could give a room to the rise of threats that will come along with the consequences that would affect the company’s operations and alter its security system. The consequences of these potential vulnerabilities being exploited could be numerous and severe, or they could amount to a disgruntled ex-employee causing harm through un-expired access rights. In the worst case scenario, an intelligent IT employee alerts a group of malicious persons of the weakness, and then the opportune time is waited for, when the most damage to the company, and/or benefit to the hacker might be caused. This could amount to forced resignations, lost contracts, lawsuits, lost monetary assets, public image, and a shrunken client base, in short, disaster.