The Integrated Distributors Incorporated is a publically traded company that is facing many challenges. The company’s Information technology infrastructure has been ignored and many of its operating locations are running outdated hardware and software, which greatly increases the risk to the network in relations to confidentiality, integrity, and availability. Because of the outdated hardware and software, the company suffered some network compromises through their JV internet site and it led to disclosures of sensitive and strategic information.
In order to reduce the risks and vulnerabilities of each location, we must implement access control to ensure confidentiality, integrity, and availability. For the Billing, Montana location we have to consolidate 14 Hewlett Packard Unix servers to 1 UNIX server. Upgrade 75 Microsoft Windows servers to Windows server 2008 R2. Upgrade MS exchange e-mail to latest version. We must find another software vendor to replace Oracle financials for accounting and financial systems, Logisuite 4. 2. 2, and RouteSim.
We have to hire developers to standardize the office automation hardware and software. Convert telecommunications system to a VOIP system. Design and implement a new Acceptable Use Policy (AUP) and upgrade WAN to a T1 MPLS to increase bandwidth. The Warsaw, Poland location, we must Find a new proxy server to replace the IBM Infinity hardened served, hire a new in-house application developer. Must convert the Siemens Saturn series PBX telecommunications system with desktop phones to a VOIP system and enforce the current Acceptable Use Policy.
To assess risks and vulnerabilities with the operating IT facilities we must create a mitigation plan. The mitigation plan will ensure what actions or steps to take when a risk were to occur. If the company were to experience risk such as fire, users outages, remote access, opening unknown e-mail attachment or have equipment failure, the mitigation plan will let you know what assets of the company will be affected and how valuable it is to the company and also how to mitigate the risk.
The mitigation plan will include a cost benefit analysis to evaluate the cost of a risk towards the company, whether to eliminate the risk or ignore it; this will ensure the organization of eliminating the risk and or accepting the risk to be cost effective. The risks will be categorized into three levels; High, Medium, and Low. High category Risks that are placed in this category are highly affective and it is capable of damaging the infrastructure and shutting down the network. They are treated as a major priority. Also the assets are highly valuable. Medium category
Risks that are placed in this category undergo deep intense brainstorming and research because if they are not treated as a priority, it has the ability to become highly affective. With these risk, the company with evaluate it using all measure to secure data, files, backups, and personal information. The assets are valuable and can affect the company. Low category Risks that are placed in this category are treated lightly because they cause damage but not enough to shut down network operations. The appropriate measures will be taken to improve services and eliminate the risk without a great financial loss to the company.
The assets categorized as low will not affect the company financially. In order for the company to have a secure remote and web site access, users must provide identification and for organization to ensure users are authenticated and authorized to perform actions. For identification we need users to identify themselves with an ID number and name. After identifying themselves, the user must verify themselves with a 10 alphanumerical password with special characters in order to verify the user is who they say they are. Once the verification is complete, authorization can occur.