In this scenario of the becoming company, there are many assets. The hardware in place includes a Dell OptiPlex 390 computer that uses software that has Microsoft Windows 7 professional edition included with the canned software including the Microsoft Office, along with an 8×5 support and maintenance contract that allows her to upgrade her software at a reduced rate. On this computer, all business transactions and invoices are stored. She also has a Point of Sales computer from InitiaTek. The POS software runs Windows 7 in the Microsoft Virtual PC virtual machine.
The configuration of the POS system consists of self-contained cash drawer and sales register and tabulation and transaction software, written in C#. NET. This system is networked over the wireless network to the back office computer, also using WEP. The software is also able to record all transactions to the back office computer into the Microsoft Access database. In addition to that, she has a custom program for accounting. All business records and invoices are stored in Microsoft Word as documents or as text files.
Other hardware items include a fax machine and a printer.
Step 2 Assess the Vulnerability
Information on the back office computer is vulnerable for many reasons. Allowing access to the computer to all of the employees makes for all information to be accessible. She also does not back up her files in any way and does not secure her information with any encrypted files or any extra security measures. The only security measure that is in place is her Administrator password, which is extremely weak. Her staff can login using an Assistant account to do basic things but if the need to work on a project that requires more programs they would have to use the Administrator account. The Internet connection is WEP encrypted but again, has a weak password.
Step 3 Assess the Probability and Severity of Damage
After reading and analyzing this scenario, there is an extremely high probability that security in this business will be breached. First of all the use of weak passwords in both the Administrator login and the network connection will allow easy access from hackers and employees with bad intensions. Additionally the business is poorly protected because she uses the free versions of firewall and virus scanner. There is also a high probability that she can lose all of her data and her business computer to viruses and malware. Allowing employees to surf the Internet without proper security can also heighten the risk. I would rate the security risk for this company as high.
Ann Roger’s company “The Becoming Company” has a long way to go to consider itself to be safe and secure. There are many weaknesses in the security including weak passwords, protection from viruses and malware, and protecting valuable business information. If Ann does not invest on some major changes, her business may be in jeopardy. Some suggestions may include adding an additional computer for the office, one computer for her the administrator and a computer for the employees. Adding a stronger firewall. Investing on better programs from reputable companies. Creating alphanumeric passwords that change every year. Another security measure would be to block websites from the Internet. An important addition that Ann can invest in is backing up all her business information and invoices on a separate hard drive or on the Internet just in case something happens to the business computers.