APPLICATION OF RISK MANAGMENGT TECHNIQUES Essay

In my vox populi Windows Vista is a one or the more or less lack OS when comp argond to Windows 7. e genuinely desktops connect to an industry type belabor via an Ethernet cable. While this thunder mug be a risk of infection, it is not a major risk. The dickens large fruit facilities are connected to the headquarters via an external ISP. Even with the firew entirelys in place, thither is no account expertness if the fellowship they contract is in procedure by anyone else. I would advise contacting the ISP and verifying if the lodge is shared with other users and take gain action depending on their answer. The gross revenue military unit connect via VPN software, but use their singular internet connection, usually out of their post office. This goat be very on the hook(predicate) as they do not glow under the blanket of protection offered by the bigger offices and their remnants are at great risk to be infected by a bitchy user. The core head of preventing ri sk is to safeguard the selective information stored on the database server.The motioners and customers of the familiarity concur cloak-and-dagger information stored there and the loss or leakage of the data could be disaster to the association. I suggest the changes to be made to mitigate the risk of any unwanted military group to gaining gate to the network. There is not a lot of information given most the entirety of the network, so much of this whitethorn not be necessary or already in place. I leave use the mitigation risk proficiency for the Desktops/local LAN. Since the network is maintained via active voice Directory, the go with should implement workgroups/user groups and check into what workers look at access to if a program, record, or other application is not post of a workers job, they have no tenableness to be able to access that file/application/etc. At the a equivalent time the workers should go through yearbook (if not bi-annual) information secu rity system training that understands how to protect their workstations, understand security policies and why they are in place.The alliance should likewise get word that their switches, routers, and firewalls are always up to date on the latestpatches. other risk that the company has is the External ISP Line, since the company is relying on an away source to tender network connection between the production facilities and their headquarters the best way to attack this risk is withal with the mitigation proficiency. I understand the company is small and if they cant front the cost of their avow flexure, they should be absolutely genuine that no other users are gaining access to the line that is being provided for them. On top of that they should interchange the technical environment by adding impingement detection systems and ensuring all security features are always up to date. If possible I would suggest investing into a private line that they control to command secu rity between the three sites, however outside of the initial investment there would also need to be maintenance costs. As long as the company can ensure the line theyre presently using is secure, Id propose continue use as it is the slight cost intensive. Another risk to play at is the Remote Users / Home Offices. This risk is critical as they are the most likely to be targeted for an attack. Just like the previous two risks, Id recommend a mitigation technique to lower this risk.The remote users only use software to connect to the companys VPN, on their own ISP connection, in their pedestal office. To start I would recommend a two-factor authentication to successfully log on to the VPN so even if the computer is stolen or infected, its still relatively safe. At the same time since these are gross sales assorts, I would recommend using a hard drive lock near like the previous reason, if the computer is stolen, the ability to glean information would be hampered. If the compan y can handle the expense they should get wind into purchasing a secure VPN from individually sales associates ISP, this would help ensure that there wouldnt be any outside eyes gleaning information from the sales associate connecting to the company. Using Active Directory, the sales associates terminal should be scanned to make sure all security implements are current and if not, they should be updated before being allowed to connect to the company network. This can help prevent malicious code being introduced to the company network. bingle thing that caught my attention is that there are three servers at Headquarters with very few uses. One thing that worries me is the initiative of no redundancy. If the Active Directory Server went down, no one would be able to access the network.Each server role should have redundancy to fill in if the primary server is to fail, this will helpensure the company is running efficiently, even during a server problem. This should be kept in mind as the company has sales representatives in all fifty states spell the headquarters are in Indiana. So even in a standard eight hour day (9AM 5PM), there is still three hours of work to plurality on the west coast. If the servers were to go down, those sales reps would not be able to work effectively. On top of redundancy the company should look into some sort of backup. They have a lot of information and date its important to protect it, its also important to make sure its not lost. For a backup, Id recommend a expatriation technique. There are many backups operate available at an affordable price. To go with the backup I would recommend saddle horse up the information at least once a week to ensure if work is lost, the company does not blood too far behind.