Se571 Course Project Phase I

Diana Perez

SE571 Course Project Phase I

Professor Wagner

November 13, 2011

Security Assessment: Course Project Phase I

Introduction

This report focuses on a security assessment of Aircraft Solutions (AS), which is a well-known leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Headquartered in Southern California, AS depends heavily on its highly trained workforce, with a large skill base, that is beneficial for the company’s production. The goal of this report is to identify potential vulnerabilities or threats within the operations at AS while identifying their risks and consequences to the firm.

Security Weaknesses

Given the three areas if investigation for potential weaknesses to the security of AS, hardware, software and policy, In terms of AS assets and how they will be affected if a security threat is placed, I have concluded that one of its major assets is its Business Process Management Hardware (BPM), which handles end-to-end processes that deal with multiple systems and organizations. AS’s operations rely on this system to connect customers, vendors, and suppliers. If affected by a security threat, AS would not be able to function as usual and information could be potentially harmed. Therefore, I have decided to focus this assessment on the areas of hardware and policy. For instance, in the area of hardware it is noticeable in the network infrastructure that there is no firewall implemented between the commercial division and the internet. It appears to be connected directly to the internet, as compared to the Defense Department, who is routed through the Headquarters, which can be considered a vulnerability to the security of AS. The second area that may be affected would be in the security policy. The security policy states that that all firewalls and router rule-sets are evaluated every two years. This particular time span between...