Analysis of Some of Main Aspects of the TRANSCORP Business - Case Study Example

Network Security Analysis for TRANSCORP Business Name Date Table of Connects Overview 5 Risk Analysis 5 Activity 2a, 2b Internal Threats 5 3b what needs to be protected? 5 3c the project organizations security environment 6 3d Barriers to security 6 4a Attack tree methodology 6 4b Existing vulnerabilities 9 4c Existing Threats to the project organization. 9 4d Risks Relevant to the project organization 9 4e Identify Risk Management solution 9 6a Number of cost effective measures to prevent threats 10 6c Disaster Recovery Plan 10 Baseline Project Plan 10 7a Relevance of the management continuum 11 7b Security Resource Management Issues 11 7c Security Education and Training Requirements 11 7d relevant security partners 11 8a Relevance of planning theory to security planning 12 8b Develop a Security Standards checklist 12 9a Needs analysis for a new security regime 13 9b Relevant Statutory Requirements 13 9c Baseline Project Plan 14 Security Strategy 14 9d Internal Stakeholders requirements for the security regime 14 9e External Stakeholders requirements for security regime 15 11a Industry standards 15 11b Security Products and Vendors 15 12a Operational security requirements 16 13a Inputs into the security strategy 16 14b Security Strategy 16 Application Requirements for IT Security 17 14d User and Data Security Hierarchies 17 14e Security Data Views and Access Paths 18 Identify and Implement Control Mechanisms 19 16b Control mechanisms 19 17b New Procedures for Controlling Security Provisions 19 17c Existing Monitoring Processes 19 18b Identify and document the implementation strategy 20 Design Audit Mechanisms 20 19a Audit Principles and the relevance to security planning 20 19c Response principles 20 Identify Technology Fixes 21 19d Response mechanisms 21 21a Establish technology needs. 21 22a, 23a, 23b Protection, Detection and Reaction Technologies for Security Strategy 21 24b Technology Fixes 21 Technology Implementation and Conclusion 21 29b Present the outcomes 22 29c Summary 22 Bibliography 22 Overview TRANSCORP desires to upgrade its technology network and wants to implement a new upgraded network system that can effectively facilitate and support the business. In this scenario this research report is going to present a deep and detailed analysis of some of main aspects of the new technology platform establishment at the business. This research work is a risk analysis report for the investigation and analysis of some of main aspects of the TRANSCORP business. Risk Analysis Activity 2a, 2b Internal Threats In case of new technology platform implementation we are having biggest and threat regarding the internal business areas. In this scenario the less secure business system access can lead to high damage to overall corporate operations and process. If the technology based network system is having any security hole then the overall business network can face high business danger for the business data theft and identity attacks. 3b what needs to be protected? In case of TRANSCORP business the main business resources we need to protect is about the business HR and business customer data. In case of any possible security breach to business network arrangement the whole business can face extensive business operational and working damage. Here we also have potential dangers from the business outsider attacks that target the business transactions data. 3c the project organizations security environment For TRANSCORP business we need to protect the business for the sake of organizational business support. In this scenario we need to protect the business physical security, personal security and technical security. 3d Barriers to security In case of protecting the TRANSCORP business operational and communication business network we are having some of barriers to the security of business. In this scenario the one of main barrier in case of any security management aspect is the cost and time and based aspects. In case of lower project risk management cost business can lead to higher danger to network and operational security arrangement. 4a Attack tree methodology Here below I have outlined some of main attack trees for the demonstration of possible network security attacks. Attack Tree 1 Network Access Attack Tree 2 Client Access Attack Tree 3 Virus Attack Attack Tree 4 Illegal Access to Business Database 4b Existing vulnerabilities As outline in the case the business of TRANSCORP is having lot of security considerations and vulnerabilities. In this scenario the main problems is about the business password protection that is not updated in pervious few years. The password security is still out of data and requires enhanced improvement. The network virus definitions are also out of date and requiring new updates in the overall improvement for the business security. 4c Existing Threats to the project organization. Here in case of TRANSCORP Business the main and fundamental security threat to project organization is about the business HR data security. In case of availability of less effective security procedures the overall network security is offering a lot of security holes those can lead to extensive business and corporate operational damage. 4d Risks Relevant to the project organization Main project organization risks are about the possible network virus and security attacks. In this scenario business network can face some outsider security attacks those can lead to higher damage to business transactions and customer data. In case of customer data hacking the business can face huge business problems regarding customer loyalty. 4e Identify Risk Management solution For the better protection and security of the business network we need to implement a better network and system security mechanism. In this scenario the main network security procedure we can implement in about the potential protection of business information and data resources. Here major security procedure we can establish can be network security firewall or security antivirus systems. These systems will protect the business operational data and offer enhanced support in case of business data safety. 6a Number of cost effective measures to prevent threats For the TRANSCORP Business in case of enhanced business and corporate security management we need to take some of enhanced security measures. In this scenario one of fundamental measure is to establish an effective business security management policy. In case of enhanced implementation of business security policy we need to take care of all business operational areas those need to offer better business security management. Here we need to educate the business staff and working personals to keep track and care for the business security aspects. 6c Disaster Recovery Plan For effective management of the business security for the business TRANSCORP we require to set up an appropriate structure intended for the management and organizing of the company system security plus privacy. Here we require instituting a good system that takes periodic backups intended for the business data. In this situation we capable to on time management of the some problem that occurs to business as well as to its data. Baseline Project Plan 7a Relevance of the management continuum For the new technology platform establishment at the business of TRANSCORP Company we require to offer the enhanced business security advantages to all areas of the business. In this regard we need to conform that business management is offering enhanced support for the business security implementation. This will happen when we offer the business management on time and with in resource security mechanism establishment. 7b Security Resource Management Issues For the management of the security resource needs to effectively plan the business research so that while at the time of establishment of the security policy and initiatives we have a more enhanced business security management. Here we need to document each and every activity of the business security management areas. For this reason we need to conform that business is having enough management support and cooperation for enhanced management of business security policy and aspects. 7c Security Education and Training Requirements For TRANSCORP business education and training for managing business security we need to make sure that business is having enough resources and facilities for the enhanced handling and controlling of business security areas. Here we need to conform that business staff is having proper education and training to conform and establish effective security handling and management framework. 7d relevant security partners In case of security aspects analysis for the security partners we need to take care of business customer and associated business partners security aspects. In this regard we need to take care of some of main security aspects those lead to management of enhanced security areas. Here we require conforming that all business associates are having proper and efficient security facilities and conformations. 8a Relevance of planning theory to security planning Security planning is a sub part of business security theory. In this scenario business staff need to take care of all major areas of the business while business planning. In this regard the business of TRANSCORP business is as well requiring to direct the latest technology project is a great deal improved way. Its improved institution as well as working will present business a huge deal of support as well as performance intended for the system. 8b Develop a Security Standards checklist For TRANSCORP business there will be a proper security standard whose guidelines will offer us a guideline for better security management. IN this scenario I have assessed that ISO 17799 standard’s checklist and guidelines will be really effective for the business and for its overall management operations. In this scenario we will conform some of main bellow given guidelines for the TRANSCORP business1. Wireless Networking Security Administration Passwords Protection Physical Access Management Acceptable Use of business resource and areas Network Access Management Access Control Management Security Software installation 9a Needs analysis for a new security regime For the TRANSCORP business new LAN technology platform establishment we will have: Better business network management facility that will offer better support for the business. We will also have more effective business system Login Protection Then we will also incorporate the most efficient and effective business online operational security management platform We will also confirm that business operational security standards and efficiently managed 9b Relevant Statutory Requirements In case most efficient business security and piracy management for TRANSCORP business we will have some of the main Statutory Requirements in that scenario we will incorporate the business Information has to be managed in accordance by external statutory as well as regulatory needs. Then we will also protect the Information that has to be stored in such means as to permit a appropriate response to sovereignty of information as well as local requests, in addition to legally-mandated controlled innovation. There will also a proper information management needs to be fulfill the appropriate standards of the Human Ethics requirements. 9c Baseline Project Plan In case enhanced business improvement plan establishment and new enhanced business platform support will use incorporate the TRANSCORP business new LAN network security project plan that will initially involve the business Requirements Analysis in which we will assess and analyze the business basic needs for the new LAN and security based systems. Then we will Design new system framework on that further development will be performed. Then we will establish a more enhanced development that will include the establishment of the new technology based system. Then later stages will involve the business functionality and performance assessments. Security Strategy 9d Internal Stakeholders requirements for the security regime In case of new LAN network technology platform establishment at the business of the TRANSCORP we will have the following main stockholders requirements for the business: Initially the business stakeholders are requiring New better Online support, then they are expecting Effective information management and Fast delivery of information. The business staff is also requiring more improved and effective business online handling and better security for the business data. Then they also necessitate quick response to business demands plus enhanced handling as well as management of the customer needs and requirements. 9e External Stakeholders requirements for security regime In case of external stockholder requirement for the TRANSCORP business they are requiring more effective support for the business areas as well as aspects. They can be external business suppliers and associates. In this regard they are requiring better information handling, online platform availability, fast and on time delivery of business support, fast response to main demands, personal information safety and quick handling of business areas. 11a Industry standards For the better network security and enhanced technology based platform application at the business of TRANSCORP we will establish the IEEE supported Local Area Networks (LAN) based security and performance standards. Here these standards are known as the IEEE 802 standards. These standards are offering the grantee for the better support and enhanced performance of business operations and working quality2. 11b Security Products and Vendors In case of better business security management of the business system and network security and privacy we will establish and apply the more enhanced working and operational security parameters. In this scenario I have found Avira AntiVir system that is most popular and well known security management solution. This system is available through this link: http://www.avira.com/en/avira-free-antivirus. 12a Operational security requirements In case of new security setup establishment we will have a lot of operational security requirements those can be about the protection of user accounts, no virus and data corruption, user protection of accounts, safety of business data, less breaches for of data hacking and smooth business working. 13a Inputs into the security strategy In case of new security strategy for the TRANSCORP business we will take a lot of inputs regarding the security policy management policy development. In this scenario we will ensure that business management and staff is offering enhanced participation in the specification of the business policy and operational strategy for the better business working and operational support. 14b Security Strategy Here for the TRANSCORP business new LAN technology security management we will establish a better and enhanced security management strategy that will be based on more concrete handling and management of business operational areas. In this scenario the new security strategy will incorporate the main below given aspects of the business new technology based framework protection and safety management. Here we ensure the security of the business staff security, then we will make sure and implement the security procedures for the business user security, then we will ensure the security for the business operational management areas. Here we will also ensure and conform the business physical security management. Application Requirements for IT Security 14d User and Data Security Hierarchies In case of TRANSCORP business we will have new business system and new security management framework that is offering enhanced support and operational facilities for the business in this regard the business is having main below given hierarchy of user and data: Business Decision reports Financial data Business data Management reports Periodic reports Staff statements Corporate working data Staff Business transactions Credit card data Personal Details Financial Details Working details Customer Financial data Operational reports Personal information Orders Management Business decision reports Strategies Contracts and policies records Working order Policies Business facts 14e Security Data Views and Access Paths For the TRANSCORP business we will have lot of business data and access path view. In this scenario the main data manipulation and interpretation rights will be available to business management. Then the business staff will be able to access and analyze the business working and customer data. And at the end the business customer will be able to access his personal and order based details. Identify and Implement Control Mechanisms 16b Control mechanisms For the new technology based system application and new security framework deployment at the business of TRANSCORP we will establish a more enhanced business security management and control mechanism. In this scenario we will implement a better and enhanced security assessment reviews in that we will document each aspect and scenario of the business quality and operational support. 17b New Procedures for Controlling Security Provisions In this scenario we will establish network and system firewall, then we will establish new and improved security software, then we will apply the security mechanism through new network firewall and also deploy a better password based access control system for conforming business security. 17c Existing Monitoring Processes Presently business is not having any monitoring system for the business handling and management. 18b Identify and document the implementation strategy In this scenario we will use the situational business technology based implementation strategy that will control the overall operations of the business through the enhanced business working arrangement without disturbing usual working. Design Audit Mechanisms 19a Audit Principles and the relevance to security planning TRANSCORP business audit principles are a part of business security policy because the establishment of staff and customer audit system will also lead toward enhanced conformation of business security and privacy. 19c Response principles In case of any security problem we will also establish a proper security management and report framework that will involve the on time alerts for the security conformation and handling of business. Identify Technology Fixes 19d Response mechanisms We will use the electronic and documentation based response mechanism. 21a Establish technology needs. In this scenario we require a wireless communication arrangement that can effectively communicate and handle the business data and operational aspects. 22a, 23a, 23b Protection, Detection and Reaction Technologies for Security Strategy This will performed through development of the network security active directory. 24b Technology Fixes We will use the vendor support technology contracts for the conformation and fixes of the business network technology aspects. Technology Implementation and Conclusion 29b Present the outcomes For the new technology at the business of TRANSCORP we will have effective management of the operational data, enhanced handling of data, business enhancement, better security, better communication, HR data protection, business evolution and network sharing of files and data. 29c Summary This report was about the analysis and investigation of the TRANSCORP business. In this scenario I have tried to present a more enhanced analysis of some of main aspects and areas of the security and privacy management for the business and network. I hope that this report will offer a deep and detailed insight into the business network technology handling and management. Bibliography Curphey, M. & Araujo, R., 2006. Web Application Security Assessment Tools. IEEE Security and Privacy 4(4), pp.32-41. Dhillon, G. & Backhose, J., 2001. Current directions in IS security research: towards socio-organizational perspectives. Information Systems Journal, 11(2), pp.127-53. Ghosh, A.K. & Swaminatha, T.M., 2001. Software Security and Privacy Risks in Mobile e-commerce. Communications of the ACM, 44(2), pp.51-57. Grimaila, M.R., 2004. Maximizing Business Information Security's Educational Value. IEEE Security and Privacy, 2(1), pp.56-60. Hagn, C. & Markwitz, W.H., 2000. Mobile teleworking some solutions and information security aspects. In EUROCOMM 2000. Information Systems for Enhanced Public Safety and Security. Munich, Germany, 2000. Siemens AG. Smith, S.W. & Spafford, E.H., 2004. Grand Challenges in Information Security: Process and Output. IEEE Security and Privacy, 2(1), pp.69-71. Sudin, S., Tretiakov, A., Ali, R.H.R.M. & Rusli, M.E., 2008. Attacks on mobile networks: An overview of new security challenge. In Electronic Design, 2008. ICED 2008. International Conference. Penang, 2008. IEEE. Read More