The Risks And Ramifications Of An Information Security Case Study

The Risks And Ramifications Of An Information Security - Case Study ExampleCommunication between the companys headquarters, offices and retail shops could be compromised from any angle given the size of the meshing infrastructure present in the scheme. With such critical information as financial records and details entrusted to the brass section, upper-level information security is therefore imperative and mandatory. Constant network brainwave tests will ensure improved security by identifying possible vulnerabilities that exist at heart the network system and recommending ways in which they can be mitigated before they are exploited by malicious hackers. The value of the information in spite of appearance the organizations database is high thus the organizations network infrastructure and security system are always at constant feeler attempts. Alongside, risk assessment, a penetration test is valuable in validating the controls are in place and acting as required to protect the organizations valuable assets (Conway & Cordingley, 2010). There are a number of guidelines in place to be used in developing an effective and beneficial network penetration test the assets that are mostly targeted should be identified, the potential intruders and hackers, the in all probability routes used by the intruders to the organization and how exposed the assets are. The organizations core services such as firewall systems, password syntax, mail DNS, file transfer communications protocol systems (FTP), database servers, routers and web servers should be tested during a penetration test.... 2.0 Overview There are a number of guidelines in place to be used in developing an effective and beneficial network penetration test the assets that are mostly targeted should be identified, the potential intruders and hackers, the likely routes used by the intruders into the organization and how exposed the assets are. 2.1 Scope of the test The penetration test is to be d cardinal w ithin a time frame of one week, with the permission and knowledge of the organizations Chief Information Officer. The organizations core services such as firewall systems, password syntax, mail DNS, file transfer protocol systems (FTP), database servers, routers and web servers should be tested during a penetration test. Wireless systems including other potential methods of accessing the network resources and obtaining information should also be included in the penetration test plan. The results of the penetration test will then be presented to the Chief Information Officer with recommendations that could help mitigate the risks and eliminate the vulnerabilities detected within the network infrastructure and security system. 2.2 Reconnaissance Reconnaissance involves gathering information about the system which will be used to gain access to the target systems. unresisting steps such as social engineering can be used to achieve an effective and successful reconnaissance. The attack er utilizes social skills of interaction with the organizations personnel in order to gain confidential information such as passwords. Such sensitive information as password, unlisted audio numbers and sensitive network information are always divulged by unsuspecting managers and employees. Through social