Professional Documents
Culture Documents
(Aircraft Solutions)
Introduction
well respected equipment and component fabrication company, providing full spectrum
aerospace, commercial, and defense sectors. Aircraft Solutions employs a range of highly
qualified professionals and houses an immense production plant, with an overall goal of
resulting from the unfolding of potential threats will be given due attention.
Assessment
Of the three given areas of potential investigation pertaining to AS, i.e. hardware,
software, and policy, careful consideration has narrowed my focus down to the areas of
hardware and policy. More specifically, in the area of hardware, I find it very curious that
there is no firewall implemented between the commercial division and the Internet. The
second weakness I have pinpointed is the security policy stating router and firewall rule-
sets should be evaluated every two years. Such a time span between rule-set evaluations
is also a substantial liability to the continued and unimpeded success of the organization.
The issue pertaining to Aircraft Solution’s hardware weakness is that of the lack
of adequate protection implemented between its Commercial Division and the rest of the
world, connected to the Internet. In one view of AS’s network infrastructure, it even
appears as though the CD must transmit through the Internet in order to connect to
Headquarters. The fact remains in either case that there is a significant increase of this
division of AS operations to outside threat. The threat here is characterized by the
inability of the CD to filter web traffic, which is effectively equivalent to inviting the
world in to see everything there is to see. (Northrop, T. 2010) In this case, this might
include AS’s commercial client’s confidential information, classified divisional statistics
pertaining to budgets, deadlines, or contracts, confidential employee information, etc.
malicious parties could result in not only devastating company-wide data leak but also
the potential of client data exploitation, modification, or even blackmail, the potential
consequences would be marked ‘Extreme’. Because the likelihood is not only possible,
but quite feasible between likely and certain (optimistically), this brings the level of risk
to a near state of emergency, being characterized in the chart either by orange or red.
company’s data were hi-jacked, the severity of the event would be factored by all of the
client’s data being exposed, which could lead to the possible tampering with of client
orders, which would then naturally lead to devastation for the clients as well. The
information could be sold to a rival organization, which could then effectively be used to
gain considerable competitive advantage over AS, which would likely be cause for
continue suffering, until such a time as either a tremendous loss of monetary assets and
reputation were lost, or worse yet, the data could be exploited in such a way as to be
Policy Vulnerability
The vulnerability in company policy exists in its security directive stating rule-
sets for routers and firewalls be evaluated at intervals of two years. Obviously, a lot can
happen in two years to warrant a much more frequent evaluation timeline. There are
many vendors who specialize in constant rule-set monitoring, like RedSeal.net, which
http://technet.microsoft.com/enus/library/cc700820.aspx#XSLTsection12312112020
The Scottish Government: Model for Organizational Risk Management. Risk Matrix.
http://www.bing.com/images/search?
q=risk+assessment+matrix&FORM=IGRE&qpvt=risk+assessment+matrix#focal=5d
e8da492dccb1ee1ee75004bd8e9c0f&furl=http%3A%2F%2Fwww.scotland.gov.uk
%2FResource%2FImg%2F247049%2F0072144.gif
From,
http://www.redseal.net/solutions/