Essay about Security Domain and Strategies

1156 Words Apr 6th, 2012 5 Pages
Security Domain and Strategies

The Richman Company is a successful and prosperous firm with branches in eight locations throughout the country and Canada. To support its growth, the company uses both an intranet and an extranet network. These networks are essential to the successful operation of the company because they provide the means of communicating with all employees, who use the intranet to enroll in company benefit programs. These networks also allow all of the company’s business partners, vendors and privileged customers to gain information about the company. In recent years, the company has been expanding rapidly. As one of the company’s interns, I have been asked to analyze the company’s vulnerabilities and make a plan
…show more content…
Another area of vulnerability is in Richman’s hosting of the extranet. The extranet is used by its business partners. In order to allow extranet servers access to its internal database, the company has to make openings in its firewall. As stated by Karen A. Korow Diks, in “Security Considerations for Extranets,” the more openings in the firewall, the greater the possibility for unauthorized people to get in and do damage. Since an extranet increases the number of network connections, it increases the risk of network penetration. Once a network is compromised, this provides an entry point for compromise of systems and data that exist for all other networks connected to it.
In order to protect Richman and eliminate these glaring vulnerabilities and to strengthen its security policies, I have two recommendations: the formulation of a detailed security policy and the acquisition of the Cisco system ASA 5580 Series Adaptive Security Platform. First, I would recommend that Richman take steps to make certain that all employees are knowledgeable of and in compliance with the Richman company security policy. According to David Kim and Michael G. Solomon, authors of the course textbook, the company policy statement should include the following:
• an explanation of how the company’s security will comply with laws, regulations and standards of due care and due diligence.
• detailed examples of the company’s direction for security in such areas as

Related Documents