Nowadays, IT is an integral part of any company or government agency. In this regard, the problem of data security has become particularly acute. The reasons for the vulnerability of information in the corporate network are quite different, ranging from the significant volumes of data to multipoint and the anonymous access to it, which contributes to the relevance of the problem. In turn, certain sectors of activity (public administration, banks, information networks, etc.) require special measures to protect the private and sensitive data, especially in the case of reallocation or expansion of the entity. The following research focuses on the development of security measures for a healthcare research firm that has experienced significant changes in its internal and external environment.
In the case of the healthcare research firm, the most considerable threats to its information security can be divided into two groups. The first of them includes the external factors that may affect the corporate network and computing environment, namely the theft of the equipment and the interception of data transmitted through the communication channel. There is also a possibility of the violation of accessibility or loss of the information due to the natural, technological, and anthropogenic factors (disasters, power outages, terrorist attacks, etc.). As for the internal threats, they are related to the database operations of the company and include the intentional data theft and the accidental leak of the sensitive information of the clients or another company (Kizza, 2015).
The theft of equipment is quite possible due to the reallocation of the firm, as well as its expansion, meaning that the possibility that the offenders will use the chaos that is common for such events to gain access to the proprietary information is quite high. In this case, the associated risks are related to the damage caused by the disclosure of personal data of the employees. In turn, it is important to use encryption, which makes the data stored on the stolen devices unusable for the thieves. The interception of data can take place during the utilization of wireless connections, with the attacker gaining access to the corporate WLAN. Again, the risks involve moral, physical or material damage associated with the disclosure of confidential information. To mitigate these risks, it is necessary to isolate the corporate network from the wireless network that provides the connection to the Internet securing the latter (Schoenfield, 2015). Finally, the natural, technological, and anthropogenic events may occur spontaneously and may be difficult to predict, but still they must be taken to account as the catalysts of other mentioned threats. The associated risks are related to the moral and material damage caused by the disorganization of the company (Schoenfield, 2015). In turn, the countermeasures include focusing on the physical protection of the server room.
The threat of intentional data theft and accidental leak of the sensitive information are primarily facilitated by the expansion of the firm, which involves the recruitment of 300 additional specialists. The newcomer’s lack of knowledge of the corporate network may result in mistakes, leading to the loss of private data. At the same time, one cannot exclude the possibility of the insider attack, with some of the new workers being recruited by competitors or act on their own accord. The risks associated with these threats are related to the damage of the image of the company and potential lawsuits on behalf of the clients and stakeholders (Schoenfield, 2015). To mitigate them, it is imperative to establish control over the activity of the employees in the workplace, namely through the implementation of a surveillance system, as well as the encryption of the data that circulates within the external network of the organization.
Invite your friends and get bonus from each order they
Security Defense Mechanisms
New building of the company consists of only four floors, which makes the presence of several data servers unfeasible. In turn, this fact provides an opportunity for the use of a star-type topology, which is known for its high level of stability as failure of one of the nodes does not affect the functionality of the others. It is also easy to make changes in the network, which makes it more flexible. Finally, a single point of concentration allows monitoring the status of all connections, simplifying the process of management and administration, which is crucial in case of an incident.
The data server must be located on the ground floor of the building, in a separate room equipped with the additional power supply, having the floor that is at least 10 cm higher than in the neighboring areas. It is also necessary to use the independent IP monitoring systems, including the temperature and humidity sensors, water leak sensors, electric power meters, etc. The server is to be connected to the switch that separates it from the workstations. Both connections (server-switch and switch-floors) must be protected by a firewall operating on the application level, which would perform filtering based on the analysis of data transmitted within the package (Ghaznavi-Zadeh, 2015). The workstations on every floor of the building should be connected to the server, as well as the other floors, through switches. These need to have port-security on all access ports, as well as the limit on the maximum number of MAC-addresses (see fig. 1).
Additionally, the network should be equipped with the client software – the first component of the security architecture of the enterprise that responds to internal and external attacks. In particular, the Anti-X solution will guarantee protection against the unknown threats while Cisco Security Agent will ensure safety and stability of the network as a whole. This software is to be the primary mechanism for instantaneous response to the attack. In addition, it will record the information about the endpoint state, including the version of the operating system and antivirus software, data files, memory usage, running programs, information on reading and writing files, space, dynamic memory allocation, etc. (Jackson, 2010).
The switches and firewall of the system will also be complemented by the built-in mechanism of access control and network security that will deter threats that managed to penetrate through the first line of network defense. Prior to the arbitrary end node accessing the IT resources of the firm, the software will carry out the analysis of its status. In case of inconsistencies in the security policies established by the IT department of the organization, the workstation will be put in the quarantine virtual network. The use of such system will allow quick response to the attacks, making it possible to disconnect a particular workstation or even the entire floor from the corporate network to isolate and eliminate the threat before any damage is done to the central data storage.
Wireless Network Security
As it was mentioned before, the wireless network that is connected to the Internet is to be isolated from the corporate one to reduce the possibility of the external attack. However, despite such isolation, there is still a need to implement the system of basic security that would use the WPA/WPA2 key. In this case, the user verification will be carried out through the use of a password or identification on both the client station and the access point. The WPA/WPA2 also provides data for the generation of an encryption key that is used by TKIP or AES algorithms for each packet of data transmitted. Being more secure than static WEP-key, the shared one is somewhat similar to it, being stored on the client station. As a result, it can be compromised in case the client station is lost or stolen (Chen, Ji, & Zhang, 2013). However, considering the isolated nature of the wireless network in the company, such situation does not present significant threats to the safety of the research-related and confidential information. Nevertheless, it is necessary to use a strong passphrase that would include a variety of letters, numbers, and non-alphanumeric characters. Additionally, there will also be a firewall between the Internet and the wireless network (see fig. 2).
The basic security for the WLAN, which is based on the use of shared WPA/WPA2 keys, is sufficient for the organizations that do not entrust important data to wireless networks. In turn, there is no need to invest in robust WLAN security solutions (Chen et al., 2013). Instead, the unallocated funds can be used for the continuous improvement of the core security system of the enterprise.
As mentioned before, data encryption is an important element of information security, which ensures reliable preservation of confidential information. It allows minimizing the threat of loss of confidential information by the third parties, even if they have access to the encrypted files. Despite the fact that the encryption may slow down the work of the system, especially in case there are switches in it, its use can be justified by the following reasons. First of all, an attacker that has stolen the equipment with unencrypted data can quickly take hold of it and use the information for personal purposes (Kahate, 2013). For example, the offender will be able to sell it to the interested parties, including the competitors. Besides, in case of unplanned inspections by state agencies or a sudden seizure of devices, the unauthorized people can gain access to the proprietary information. Finally, without the encryption, the enterprise will become more vulnerable to the consequences of the employee’s negligence, which is a factor to be considered due to the company’s expansion.
The use of the cloud services for the storage of sensitive data in the healthcare firm, as well as the information related to its research activity is unfeasible. The primary reason for this is the problem of security, particularly in regard to sensitive and private information. For example, the provider has the ability to view customer’s files (in case they are not protected by the password), meaning they can also fall victim of hackers that will be able to crack its security system. Moreover, the reliability and timeliness of access to data in the cloud are highly dependent on many intermediate factors, such as the channels on the way from the client to the cloud, the quality of the network connection, and the availability of the storage at a given time. Finally, the overall performance when working with data in the cloud storage may be lower than in the case of working with local copies (Wheeler & Winburn, 2015). At the same time, cloud-based solutions can be used for the mitigation of the internal risks described above. As mentioned before, the measures to prevent the insider attacks include the constant monitoring of the employees’ activity. The surveillance will ensure monitoring of all floors in the building. The recorded videos are to be stored in the cloud, which will reduce the possibility of them being accessed by the offenders, as well as mitigate the risk of an insider attack.
Top Writer Your order will be assigned to the most experienced writer in the relevant discipline. The highly demanded expert, one of our top 10 writers with the highest rate among the customers.Hire a top writer for $10.95
The security system of the enterprise is to be checked on a regular basis to identify the vulnerabilities and shortcomings and eliminate them. To reach this goal, it is possible to utilize the following tools:
· eEye Digital Security’s Retina is the AI-based tool that emulates methods used by hackers (Moeller, 2010). It can be used to search for the weak points in the corporate network, which may be exploited during the external attacks;
· CORE Security Technology’s Auditing Tools Suite focuses on the centralization of processes related to the creation of logs and reports. The obtained data is presented in the graphical format, making it easier to identify suspicious activity within the network (Moeller, 2010). Therefore, it can be used to determine its vulnerability to the insider attacks, which are likely to occur due to the expansion of the company;
· Nmap is a port scanner that is capable of detecting any changes in the corporate network, including the ones caused by an unauthorized access (Moeller, 2010). Given a significant amount of switches in the system’s architecture, as well as the significant increase in workforce, the utilization of this tool on a regular basis is a necessity;
· Nessus is a comprehensive vulnerability scanner that utilizes cloud solutions (Moeller, 2010). Due to its uniform nature, it can be used for the complete scanning of the entire network;
· Tripwire is a file integrity checker. It can be used to monitor any altered files in the network (Moeller, 2010), including those affected by the internal and external attacks.
Recovery and Continuity Plans
In case of either internal or external attack on the corporate network, it is imperative to restore its functionality as soon as possible. Thus, there is a need for a recovery and continuity plan. First of all, the plan should include the measures related to the data backup carried out on a regular basis, preferably through the use of the remote storage. Additionally, it is necessary to develop the response program in accordance with the policies and procedures for information security, which should be available both in the electronic version and hard copy. Any significant corrections must be made simultaneously for both versions (Schoenfield, 2015). To facilitate this process, it makes sense to create a distribution list in the corporate e-mail to send the updates to all members of the group that must be aware of any changes or adjustments.
Finally, it is possible to utilize software solutions for the automation of business continuity planning and management processes through the use of the universal database architecture. In turn, such approach will allow simplifying the procedures of risk analysis and the development of recovery plans and business continuity. In addition, it will synchronize and keep relevant information by means of using other application interfaces and taking into account business continuity plans. However, the software is to meet several requirements. It must have a flexible and configurable hierarchical structure, as well as the ability to maintain and expand the input of business continuity plans for a great number of business units and departments. It must also provide an opportunity to integrate the plans with other applications for the management of projects and resources. Finally, it must have a developed system of electronic prompts and assistance, as well as the support of modern Intranet technologies (Schoenfield, 2015).
The security of a corporate network is one of the primary issues to be addressed by the management of the company, especially when it deals with the sensitive data and trade secrets. At the same time, there is no uniform approach to the solution of this problem because the potential threats and risks differ depending on the strategic goals of the organization, the changes in the structure of the personnel, and even the building it occupies. Therefore, the use of the technologies and tools that will guarantee mitigation of the particular negative effects is the best course of action. Moreover, even the unfeasible solutions may perform a protective function (e.g. cloud storages used for storing the surveillance data). Such multifaceted approach would ensure a high level of network security, significantly lowering the likelihood of various incidents.