InSycure Computer System

InSycure Computer System

Risk Analysis Report

Natural Threats:

Fire/Smoke, Acts of Nature, Water Damage:

Due to the immense size of the pharmaceutical company and the current unprecedented growth of the company, the company is now at a much higher risk to natural threats such as fire, smoke, acts of nature and water damage. The system facilities and equipment are now prone to damage from accidental or intentional fires or water from internal and external sources.

Human Threats:

Espionage:

Since the mainframe is accessed by a variety of staff at the company headquarters and in each of the regional offices, the company information is prone to the intentional access to confidential information by unauthorized personnel.

Sabotage:

The sensitive data contained in the mainframe is prone to premeditated or malicious modification of data for personal reasons. This could also be because of unhealthy competition in the market where competitors are willing to hire insiders to sabotage the company’s projects.

Vandalism/ theft:

The company has installed computer equipment in almost every office space within the company. This leaves the equipment prone to vandalism by decadent employees for selfish gains. Decadent employees are bound to steal computer equipment or media when granted physical access to the property.

Hacking/Social Engineering:

The company’s software is prone to intentional modification by unscrupulous employees for a couple of reasons. This could be executed for the unauthorized bypassing of security controls, for the manipulation of data or cause denial of permissions to otherwise authorized access. Social engineering would occur where potential hackers unlawfully obtains information and data for the manipulation or modification of the system.

Eavesdropping/interception:

The installation of a network connection next to a parking lot renders the company meetings and information prone to intentional unauthorized access by unauthorized personnel or the public using technical means.

 

InSycure Computer System

Security Plan

Action to be taken:

  1. There will be an installation of a new and updated hardware firewall system. This is to be provided by the technology consultant or the ISP provider.
  2. The windows XP firewall is to be enabled on the server and on all the computers having access to the mainframe.
  3. The antivirus software is to be installed on all computers within the company and an automatic update enabled on the virus definitions.
  4. The current service set identifier (SSID) broadcasting on the wireless network is to be disabled. The technology consultant is to research and install a much more sensible SSID. The WPA encryption is to be enabled together with the MAC filtering. The access point is to be reconfigured in such a way as to allow traffic from the computers and laptops registered by the company.
  5.  Locks are to be bought to lock all computer appliances and equipment within the computer.
  6. A stock take is to be conducted on all company equipment and all the identified equipment registered and given barcodes.
  7. All machines are to be reviewed, updated and an automatic update installed on them.
  8. All the company backup and restore procedures are to be reviewed and restored. All the relevant user data is to be on the server or transferred regularly prior to backups. Daily back ups are to be ensured. A full back up is to onsite on a weekly basis. The back up is to be password protected and encrypted.
  9. New printers are to be purchased for the accounts and human resource departments to ensure separate printing of private documents.
  10. The inexpensive wireless point in the conference room next to a parking lot is to disabled. Current and efficient network connections are to be installed in this room and all other relevant rooms and offices within the premises.

Project Time Line and Responsibilities:

The top most priorities include the setting and updating the firewall, virus protection, and strengthening the wireless network. These are to be accorded the utmost attention by the security team.

The top three priorities are to be fully implemented and completed within the first week of implementation. The remaining job details are to take the next thirty days. The security consultant will be responsible in researching the most appropriate and efficient software and contractors. All the policy and training requirements are to be taken care by the human resource team. The chief of information technology security will oversee the entire project and take responsibility for the entire procurement procedures and other tasks that may arise.

Response planning:

In case of a breach of the security detail, the chief of information security is to be contacted. The team is to have a one-hour response policy during the office working hours. During other times, the team is to have a four-hour response time. This is especially to deal with serious incidents that include hacking, sabotage, espionage, theft or pilferage and virus infections.

Maintenance and Compliance:

The chief of information technology security will be in charge of the maintenance and compliance of the entire system on a daily basis. The company staff is to take regular educational sessions on the issue. The company is to subscribe for monthly security bulletins from Microsoft and circulated throughout the entire company. The security team is to ensure that the software updates are running on a daily basis.

 

InSycure Computer System

Disaster Recovery Plan

Organization of Disaster Response and Recovery:

The organizational structure of the systems security is the InSycure information security management team. In the event of a disaster resulting in the interruption of the InSycure computer system or its recourses, the information security management team will respond as detailed in this report, execute the relevant actions for recovery, and ensure the resumption of the normal system with optimal efficiency and minimal time. The entire team is called under the authority of the chief of information technology security who has the responsibility of approving the relevant actions to be taken.

Duties and Responsibilities:

The InSycure information security management team is made up of upper-level managers in InSycure administration. The chief of information technology security will act as the coordinator of the InSycure information security management team. He is to provide liaison between the organization’s operational and management teams in the affected areas. He is also responsible of overseeing the execution, maintenance, training and testing of the security plan. He is also responsible for the bringing together of the campus support teams under the assistance of the information security management team.

The director of operations and security is responsible for the coordination of data processing resources at the main data centre and the relevant recovery posts. The director of telecommunication systems is responsible for the provision of alternative median and communication avenues in the event that the current ones breakdown due to a disaster. He or she is to evaluate the damage and come up with the appropriate means of backing up the InSycure media and telecommunication network.

The chief campus police are responsible for the provision of physical safety and secure emergency support to the affected areas. In case of theft, pilferage, or any other malpractice by the employees, the chief is to initiate relevant investigative procedures and execute prosecution processes in the event of the apprehension of the culprits.

Disaster Response procedures:

  1. Detect and determine a disaster condition:

The detection of an event that has the potential of leading to a disaster is the responsibility of every company. This also involves the reception of any information regarding an emergency developing in any of the major information processing systems, in the company communication lines or the company’s buildings.

  1. Notify persons responsible for recovery:

This is to be reported to the campus police and then to the chief of information technology security who is to analyze the entire situation and deliberate on whether it is a disaster or a minor glitch. This is inclusive of the assembly of the entire response team.

  1. Initiate the InSycure Computer System Security Plan.

The initiation and execution of the security plan is the responsibility of the chief of information technology security in conjunction of the entire InSycure information security management team.

  1. Activate the designated hot site:

The response team is to declare the affected areas as hot sites and the relevant safety and recovery procedures initiated.

  1. Disseminate Public Information

The media and communication department is to make all the relevant information regarding the disaster to the staff and the public. The public media is to be addressed by solely this department.

  1. Provide support services to aid recovery

 

 

 

 

Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.

[order_calculator]