Its headquarters, located in San Diego, California, as easy accessibility to various modes of transportation. Its locality creates an advantage to transportation modes either by land, sea, air or rail to anyplace on the globe. It also is homed with two (2) divisions which service either the Commercial Sector, whose locality is in San Diego County and its Defense Sector located in Santa Ana.
Aircraft Solutions has an organizational structure divided into various departments to adhere to the mission of the company, which is to provide excellent service to customers, It is dedicated to providing timely delivery, high quality, and low-cost product solutions to its customers, o as to keep long term, satisfied customers. These departments include a set of well trained staff of machinists, assembly workers, design engineers and programmers. In addition to its Well trained workforce, AS has state Of the art equipment and a plant facility to handle various sizes of order request and storage capacities to meet the needs Of the customer.
It also Offers end to end assistance through its many computer-aided modeling packages, educated workforce and automated production systems, in an effort to assist in developmental costs while still maintaining an overall profit. The Information Technology Department of AS is organized to handle all network capabilities. It works hand in hand with all users of the network. The users of the network are AS employees, customers, contractors and suppliers of the company. It also, interacts with all departments and supports all business operations.
These business operations are managed with an action plan referred to as Business Process Management. It is designed to process and monitor the workflow, through all phases and user interactions. The ultimate goal is that the workflow processes are performing efficiently and effectively. School, 2014) (Reynolds) Security Assessments In the review of Aircraft Solutions (AS) network Infrastructure and architecture, there are two areas of vulnerabilities that are of an apparent high risk to the company’s system.
The first vulnerability is the Security Policy in place. This security policy rules that updating firewalls and routers be completed on a schedule of every two (2) years. These time intervals are significantly long, especially with the products and services it provides and its customer market. The vulnerabilities associated with this policy procedure are as follows:
- Meeting compliance requirements
- Asset Protection
- Accessing entrusted sites
- unauthorized usage
- Outdated anti. Iris
- Network Configuration
- Unauthorized remote devices
- Business Objective
- Inabilities to discover any minor holes in security during time interval.
The lack of a sufficient security policy can open unwanted doors to the company’s information system. It gives a loose advantage to users, third parties, customers and administrators to possible unauthorized usage. As noted, all users have access on a need to know basis. This identifies a question as to why each of the seers needs to know all of the inform-nation. It should only be user accessible for those whose job description entails.
For instance, is there a need for a supplier or customer to know personal information of the company’s employees pay, social security numbers, addresses or even marital status? Is there a need for customers to have access to information on other customers, such as charges endured for services; what design specifications were implemented for a particular product or passwords used by One another. If there is no sufficient security policy in place or one that meets National Standards, users of the yester would have no Obligations and would access any information that they felt a need to know.
It would constitute series of possible identity theft, threats Of destruction to the company’s personnel, all users, financial losses and mass havoc to the corporation, its suppliers, contractors, customers and possibly National security. (A. Kennel’s, 2004) The Second Vulnerability involves its Hardware Security Controls The idea of having independent anti-virus software installation on all workstations and servers, however, a host based detection system on corporate office servers.
The hardware at the corporate level server lack of a firewall protection creates vulnerabilities to:
- its backup servers located at the server at the individual server
- This lack of any firewall protection adheres to system configuration
- No real protection authentication on either of routers
- Switchers may become inoperable
- Business Processes effectiveness
- Unauthorized access from outsiders, such as competitors, foreign correspondences
- Delayed or denied access of authorized users
- Internet accessibility delayed or denied
- Confidentiality exposure
- Integrity compromise
- Design, Procedures, Implementation
- Data Intrusion
- Changes in database structuring (MR.) (Nicolai, 2004)
Firewall protection is vital support to company’s system and should be implemented in the initial set-up of the organization’s network. It is very important for AS to have firewall protection on all servers, due to accessing various degrees of information from outside sources. Their business dealings are composed of data coming from many sources such as the Internet, out of country customers, suppliers and contractors. If any data is encrypted for malicious activity, it could compromise and possibly destroy all company files.