Herriard Information Technology System, Security, and Sustainability - Assignment Example

ASSESSMENT ONE Name Course Tutor University City and state Date Task A1 Herriard IT System requires that every employee has a userID and password to authenticate their access into the information system. The users are required to change their credentials every 60 days for maximum protection. Every user has their defined permissions according to their job ranking which determines their level of access. Confidential information is only authorized for access by the top management officials. The company has skilled expertise namely IT manager and the IT Security Manager whose main work is to ensure that the information system is secure and is operating efficiently. Furthermore, before any recommendations, implementation or maintenance of the system is done by the IT manager, the IT Security Manager and the CEO have to review and approve it. Regarding the sharing of information, information is only divulged to other departments in a need to know basis. Even then, the manager of the department that owns the information has to sign off on the diversion. If multiple departments are involved, then all the concerned managers have to approve the information exchange. Non-disclosure agreements are signed before the actual exchange can begin. Herriard has a security policy that every employee is required to familiarize themselves with and later sign as a pledge to adhere to the policies outlined in it. Task A2 The company lacks some security components that expose their information system to threats. Chief among them is backup data storage. The company stores all its information on a central storage system that is placed within the building. Resultantly, the firm’s data is not secure from the events of data loss or data corruption. Moreover, the fact that the data storage is in-house means that in case of a tragedy, such as fire on the building, all the data stored will be destroyed. Off-site backup storage is ideal for the company. Task A3 Personal information is sensitive in nature and it should be handled in a manner that protects its privacy. Therefore, an organization that uses this information ought to have comprehensive privacy legislation in place. The legislation should maintain integrity by ensuring that the information is presented and modified by the owners. The legislation should explain how the information is used by the organization. In conjuction with this, the legislation should have the provision of the customer to opt their information out of any kind of usage that he or she may be uncomfortable with. Some information disclosure scenarios are beyond the company’s control. These scenarios should be explicitly explained to the customer in the privacy policy. Despite these few scenarios, the legislation should explain how the company will protect the user information from unauthorized access. In the event that the information is subject to exchange with third party partners, the legislation should outline this aspect and give a clear reason why it is the case. Task A4 Herriard is an Australian company hence its information system uses the ISO/IEC 17799 Information Security Standard. This standard is used globally. Task B1 Manmade threats include theft, arson and breakage of equipment. Natural threats include flooding due to heavy rains. Technological threats include electrical surge, disk corruption, unauthorized system access and modification and viral attack. Physical threats include the wear and tear of the physical components. Task B2 Security measures that can minimize the risk to the information system include the use of biometric doors. These doors should be placed in sensitive places such as the server room or the main IT control center. Only people with authorized biometric credentials should gain entry. This move will effectively minimize theft of high value information system equipment. A backup and recovery center should be put in-place offsite to minimize the impact the natural threats such as flooding or technological threats such as disk corruption would have on the company’s normal operation. There should be data access authorization levels that should restrict the access to data. Moreover, a two stage authentication process should be applied to ensure that unauthorized personnel cannot access sensitive information. Additionally, a user should be required to confirm every modification with a higher ranking officials credentials as a means of approving the changes being made, this will minimize risk of unwarranted modification and data access. Finally, the information system should always have an updated antivirus scanning for malicious software and activity. Task B3 1. McAfee Enterprise Storage Antivirus costs $4,995 (shopmcafee.com) 2. Microsoft Azure Cloud backup $500 baseline and $10 per protected instance and storage consumed. (azure.microsoft.com) 3. Tripp Lite Industrial Surge protector $45 each (amazon.com) 4. Adel Keyless Biometric door lock $132 each (amaozon.com) Task C1 To avoid the formatting of a wrong disk by an administrator, the system should be customized to ask for a confirmation of each disk formatting. The confirmation can be in form of an approval by an IT specialist within the organization and or a senior company official. This process would ensure that 2 or 3 parties have double-checked that the disk being formatted is the correct one. The threat of unauthorized people formatting the wrong disk can be controlled by the use of access level permissions. A user should only have access to the data that is relevant to their job ranking. Also, a two-step authentication process would minimize the risk of unauthorized users getting access to the system using stolen login credentials. Task C2 Elements that should be added to Herriard Pty LTD include 1. Information security incident management 2. Mobile computing and information access 3. Security of physical components Task C3 Herriard ensures confidentiality of staff’s files by giving each and every Herriard member a unique password and userID to access their files. Moreover, these two login credentials are changed every 60 days for maximized protection. Also, the company enforces further confidentiality by restricting the sharing of files outside each staff members department. In cases where sharing is needed, it is under the approval of the manager and only in a need to know basis of the recipients. Interaction with external networks is restricted to make sure that information is not leaked outside the office network as well as minimizing threats of remote hacks. In the event that the external exchange is unavoidable, the company uses a secure line that can only be used after approval is granted. Files are marked with their levels of accessibility. Confidential files are only accessible to a handful of people in top ranks and cannot be copied or disclosed. Restricted files also follow the same guidelines of accessibility but are available to more people than the confidential files. Finally, every staff member has a personal storage area, also called home directory, that is different from the shared departmental storage and cooperate storage in order to safe guard their files’ confidentiality. Task D Task E no yes Task F Makes order Confirms quote price Schedules order Enter sales Order from suppliers Completes order Receives completed order from external suppliers Ship product Issue invoice Task G The system would require the tests which include functionality testing to verify that the functions of the individual modules of the system work as expected and at efficient performance. Integration testing would confirm whether all the modules would work together perfectly when combined. Similarly incremental testing would be handy in verifying that in the event of other modules being added to the system, the addition would work flawlessly. The recommended initial test criteria would start with testing if the source code complies properly without returning unintended error messages. After which, installation would follow. The installation should be done on the local machines to see if they can handle the system at their present configurations which include operating systems and hardware specifications. Once the installation passes the test, the next step would be to ensure that text inputs are validated before being processed such that the system only accepts the input types that are valid and those that won’t return error messages. Also, text handling features such as copying, pasting and normal editing should also be tested. These features are paramount to achieve an efficient system interaction and leaving them unchecked would hinder productivity. Consequently, after input validation is successful, the next step should be testing if all the core functionalities of the system work. Each module comes with its own set of functionalities; all these features should not only work but do so in acceptable response times. Every well programmed system should have shortcuts to access the most used features. This sales processing system should be tested for these features too. Most shortcuts are made of key combinations. These combinations should not only work but they should also utilize reasonable keys that are easy for the user to remember. Finally, a good system should afford the user a bit of personal customization. These preferences are found in settings. The system settings should be tested to ensure that they affect the overall system in the expected manner. References Amazon.com, Adele Keyless Biometric Fingerprint Door Lock. Available from: < https://www.amazon.com/Adel-Biometric-Fingerprint-Trinity-788/dp/B00270UU4C >. [16th August 2016]. Amazon.com, Tripp Lite 8 Outlet Industrial Safety Surge Protector. Available from: < https://www.amazon.com/ >. [16th August 2016]. Azure.microsoft.com, Pricing - Cloud Backup | Microsoft Azure. Available from: < https://azure.microsoft.com/en-us/pricing/details/backup/>. [16th August 2016]. Shop.macafee.com, Business Security Software | McAfee SMB Store. . Available from: < http://www.shopmcafee.com/store/mfesmb/en_US/list/ThemeID.37653000/categoryID.66300400>. [16th August 2016]. Read More