Principles of Information Security and Privacy

Aircraft Solutions Security Vulnerabilities

Submitted to: Professor XXXX

SE571 Principles of Information Security and Privacy

Keller Graduate School of Management

August 16, 2010

Table of Contents

Executive Summary 1

Company Overview 1

Security Vulnerabilities 2

Software – No Instrusion Detection System 2

Policy – No audits & Need-to-know-controls 2

Recommended Solutions 3

Solution for Software Weakness 3

Solution for Policy Weaknesses 4-6

Impact on Business Processes 6

Summary 7

References 8

Executive Summary

The purpose of this report is to identify possible security vulnerabilities of Aircraft

Solutions. Aircraft Solutions provides low-cost design and computer-aided modeling packages to customers to reduce their development expenses. A software vulnerability that was identified is the lack of an intrusion detection system (IDS). An IDS would alert the systems administrators to possible perpetrators attempting to access the network.

There were two vulnerabilities identified that relate to the security policy. The first is the need for an IT Audit policy. The second vulnerability is the use of a need-to-know network access policy.

Company Overview

Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace. Located in Southern California, their mission is to provide customer success through machined products and related services and to meet cost, quality, and schedule requirements. AS offers low-cost design and computer-aided modeling packages to customers to reduce their development expenses.

Security Vulnerabilities

Software Vulnerability

Aircraft Solutions remains vulnerable because it does not employ an Intrusion Detection System (IDS) to protect their network. An IDS is kind of like a burglar alarm for computers, they sound alarms when an intruder or abuser is detected. An...