APPLICATION OF RISK MANAGMENGT TECHNIQUES Essay

In my opinion Windows Vista is a one or the most lack OS when comp atomic number 18d to Windows 7. All desktops splice to an industry commonplace switch via an Ethernet c adapted. While this locoweed be a bump, it is not a major risk. The two large production facilities are interrelateed to the central office via an external ISP. Even with the firew onlys in place, there is no accountability if the continuative they contract is in use by eachone else. I would advise contacting the ISP and corroborative if the connection is shared with other users and take further action depending on their answer. The gross sales personnel connect via VPN software, but use their individual net connection, usually out of their home office. This can be very dodgy as they do not snuff it under the blanket of apology offered by the bigger offices and their terminals are at greater risk to be infected by a malicious user. The core idea of preventing risk is to safeguard the training stored on the database server.The workers and customers of the smart set shake up private information stored there and the loss or leak of the data could be hap to the gild. I suggest the changes to be made to mitigate the risk of any unwanted personnel to gaining rag to the network. There is not a weed of information given about the entirety of the network, so much of this whitethorn not be necessary or already in place. I will use the extenuation risk technique for the Desktops/local LAN. Since the network is maintained via Active Directory, the company should implement workgroups/user groups and control what workers have access to if a program, file, or other application is not dispel of a workers job, they have no reason to be able to access that file/application/etc. At the same time the workers should go through annual (if not bi-annual) information security training that understands how to harbor their workstations, understand security policies and why they are in place.Th e company should besides ensure that their switches, routers, and firewalls are always up to date on the a la mode(p) patches. another(prenominal) risk that the company has is the External ISP Line, since the company is relying on an immaterial source to provide network connection between the production facilities and their central office the best way to approach this risk is likewise with the mitigation technique. I understand the company is small and if they cant front the follow of their own line, they should be absolutely sure that no other users are gaining access to the line that is being provided for them. On top of that they should alter the adept environment by adding intrusion detection systems and ensuring all security features are always up to date. If possible I would suggest investing into a private line that they control to ensure security between the iii sites, however outside of the initial investment there would also accept to be maintenance costs. As long as the company can ensure the line theyre currently using is make, Id exhort continue use as it is the less cost intensive. Another risk to look at is the Remote Users / Home Offices. This risk is decisive as they are the most resemblingly to be targeted for an attack. Just manage the previous two risks, Id recommend a mitigation technique to lower this risk.The remote users only use software to connect to the companys VPN, on their own ISP connection, in their home office. To activate I would recommend a two-factor authentication to successfully log on to the VPN so even if the computer is stolen or infected, its withal relatively safe. At the same time since these are sales associates, I would recommend using a hard drive lock just like the previous reason, if the computer is stolen, the ability to glean information would be hampered. If the company can handle the expense they should look into purchasing a secure VPN from each sales associates ISP, this would help ensu re that there wouldnt be any outside eyes gleaning information from the sales associate connecting to the company. victimisation Active Directory, the sales associates terminal should be scanned to make sure all security implements are current and if not, they should be updated before being allowed to connect to the company network. This can help prevent malicious code being introduced to the company network. One thing that caught my attention is that there are terzetto servers at Headquarters with very few uses. One thing that worries me is the first step of no prolixity. If the Active Directory Server went down, no one would be able to access the network.Each server role should have redundancy to lease in if the primary server is to fail, this will help ensure the company is running efficiently, even during a server problem. This should be kept in mind as the company has sales representatives in all cardinal states while the headquarters are in Indiana. So even in a stan dard eight hour day (9AM 5PM), there is still three hours of work to people on the west coast. If the servers were to go down, those sales reps would not be able to work effectively. On top of redundancy the company should look into some sort of backup. They have a pack of information and while its important to protect it, its also important to make sure its not lost. For a backup, Id recommend a transfer technique. There are umteen backups services available at an affordable price. To go with the backup I would recommend backing up the information at least erstwhile a week to ensure if work is lost, the company does not fall too far behind.