The Risks And Ramifications Of An Information Security Case Study

The Risks And Ramifications Of An Information Security - fiber Study ExampleCommunication between the companys headquarters, offices and retail shops could be compromised from any be given given the size of the internet infrastructure present in the organization. With such(prenominal) critical entropy as financial records and details entrusted to the organization, high-level information security is therefore imperative and mandatory. Constant network perceptiveness discharges will ensure improved security by identifying possible vulnerabilities that exist within the network scheme and recommending ways in which they can be mitigated before they are exploited by spiteful hackers. The value of the information within the organizations database is high thus the organizations network infrastructure and security system are always at constant attack attempts. Alongside, risk assessment, a sagacity test is valuable in validating the controls are in place and acting as required to pr otect the organizations valuable assets (Conway & Cordingley, 2010). There are a number of guidelines in place to be used in developing an effective and beneficial network sagacity test the assets that are in the main targeted should be identified, the potential intruders and hackers, the likely routes used by the intruders to the organization and how exposed the assets are. The organizations tenderness services such as firewall systems, password syntax, ring armour DNS, file transfer protocol systems (FTP), database servers, routers and web servers should be tested during a penetration test.... 2.0 Overview There are a number of guidelines in place to be used in developing an effective and beneficial network penetration test the assets that are mostly targeted should be identified, the potential intruders and hackers, the likely routes used by the intruders into the organization and how exposed the assets are. 2.1 Scope of the test The penetration test is to be done within a ti me frame of one week, with the permission and noesis of the organizations Chief Information Officer. The organizations core services such as firewall systems, password syntax, mail DNS, file transfer protocol systems (FTP), database servers, routers and web servers should be tested during a penetration test. Wireless systems including some other potential methods of accessing the network resources and obtaining information should also be included in the penetration test plan. The results of the penetration test will then be presented to the Chief Information Officer with recommendations that could help mitigate the risks and stave off the vulnerabilities detected within the network infrastructure and security system. 2.2 Reconnaissance Reconnaissance involves gathering information somewhat the system which will be used to gain access to the target systems. Passive steps such as social engineering can be used to achieve an effective and successful reconnaissance. The assaulter u tilizes social skills of interaction with the organizations personnel in order to gain confidential information such as passwords. Such tender information as password, unlisted phone numbers and sensitive network information are always divulged by unsuspecting managers and employees. Through social