Computer Security

Michael Anderson

Principles of Info Security

Professor Corey Jackson

Risk management is a necessary component in the system that keeps data safe. The information that must be protected from unauthorized individuals consists of everything from personal data to classified government secrets. Most companies do employ some sort of security measure but as we all well know, nothing is completely safe unless it is protected completely. It is the job of the Security Engineer to safeguard the company’s data from prying eyes; whether they are internal or external. The ABC National company recently experienced a security breach that was a combination of wireless protocol vulnerability and an individual with criminal intentions for stolen personal data. In order to thwart these type of attacks in the future; there must be a risk-management polity developed and enacted.

Some may ask what a risk-management policy entails. In simple terms; risk-management is the foreseeing and prevention of harmful threats that can tarnish a company’s reputation or cripple its ability to operate effectively. In this situation we determine risk-management as what the company is vulnerable to and what steps need to be taken in order to eliminate them. Some of the factors that determine what steps will be taken include but are not limited to cost, future proofing and current impact (Camp 2012). The security breaches mentioned above have prompted an investigation into the strength of the security of ABC Nationals network.

* Breach 1 – Vulnerable wireless Connection

A vulnerable wireless connection was compromised and allowed client credit card information to be stolen. The intruder most likely used an open port to gain access to the system and find their way to the sensitive data. A countermeasure to this would be to close unused ports, known ports of attack, and run a sweeper to find any vulnerabilities.

* Breach 2 – Access-Control Policies

An employee of the company was able to...