Security Requirements & Possible Risks Essay Example for Free

Security Requirements Possible Risks Essay Huffman Trucking, an established trucking company since 1936, has recently requested the implementation of a new Benefits Elections System to assist management in tracking and reporting the benefits of both union and non-union employees. A database system will be utilized to store critical data such as employee information, along with the benefit package of their choosing. Storing such information requires necessary security measures to be in place to ensure the total protection of the data within. The risks associated with storing critical information must also be thoroughly addressed so Huffman Trucking can develop effective action plans to prevent potential threats from harming the organization. Regardless of the storage method when handling critical information, security measures must be implemented to effectively protect the data, as well as the company assets from potential threats such as theft or litigation. Security Requirements When it comes to effectively protecting company data, any organization has the great responsibility to identify as well as implement security policies, values, strategies, processes, procedures, and best practices to fully ensure data protection, as well as ensure that organizational goals and objectives are continually being met (Reiner, 2008). The information that will be stored within the Huffman Trucking database will include: employee names, social security numbers, birthdates, etc. The loss of such data can ultimately not only harm the employee, but the organization as a whole. In an effort to reduce and/or eliminate such risks, security requirements for the Benefits Elections System should include: firewall security, encryption, and password protection and renewal. Firewall security is an absolute necessary security requirement to effectively protect the database from malicious attacks such as hackers. Firewall security refers to a network device that will block certain types of network traffic, forming a barricade between a trusted and an untrusted network (â€Å"Dell†, 2013). The purpose of this security measure is to prevent the spread of computer attacks by blocking access to information from unauthorized sources. Due to the amount of sensitive data that will be stored within the system, it is recommended that the firewalls should be configured to support the default-deny policy, in which the allowed network services are listed, and everything else is denied (â€Å"Dell†, 2013). The use of encryption will also enhance the security of the information that will be stored within the Benefits Elections System. Encryption is a simple security measure that will distort the information contained within an employee file so that it can be viewed only by the authorized users who have the proper encryption key to decipher it. Much like firewall security, it will block unauthorized users from accessing confidential information by making the data impossible to view. Password protection and renewal are crucial security measures that must be enforced by Huffman Trucking to ensure the protection of data stored within the Benefits Elections System. Authorized users should protect their passwords at all costs; unprotected passwords leave critical data vulnerable to access by unauthorized users. Recommendations to ensure a password is protected include: * Password length: A password should always be at least eight characters long. * Complexity: Make a password as complex as possible by using a variety of letters, numbers, symbols and punctuations. The more complex the password, the better protected it is. * Variation: Change a password at least every three months, if not more. * Variety: Use different passwords for different accounts. Never use the same password for everything. * Confidentiality: Never share or write down a password. Writing down or sharing a password leaves critical data vulnerable in ways that most people can never imagine. The ability of an organization to renew passwords frequently is a significant step towards enhanced data protection (Brown, 2010). To enhance the effectiveness of password renewal, system users should not have the ability to use previous passwords when renewing the current ones. Implementing password renewal on the Benefits Elections System will ensure security measures are continually enforced, especially in the event that if an unauthorized user were to gain access to the system, the password would only be good for a specific length of time before it will be changed. Possible Risks â€Å"Risk† is a term that most people, as well as organizations, are familiar with. Risk can be defined as the probability of any possible threat turning into a disaster, which is why significant measures are often taken to reduce and/or eliminate such possibilities. By utilizing a SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats), Huffman Trucking can effectively determine the vulnerabilities associated with implementing a Benefits Elections System, and develop action plans to correct the vulnerabilities to prevent the risks from becoming reality. Several risks are often associated with the implementation of a new system, however, the main risks that must be considered by Huffman Trucking include: database corruption, human error, and hacking and other malicious attacks. Database corruption is likely the most common cause of data loss within an information system (Mulvey, 2006). Database corruption damages the database and impairs functionality. Memory errors, network errors, power glitches, PC crashing when the database is open are all examples of incidences that can lead to database corruption. Data corruption is unfortunately inevitable; however, there are several practices that can be done to avoid such a threat. These practices include, but are not limited to: * Ensuring the network is set up properly. * Running Scandisk and Defrag often to ensure hard disk functionality. * Refraining from using databases during thunderstorms to avoid power glitches. * Ensuring the database is implemented correctly, and is ready to be utilized by all system users. Human error is perhaps one of the biggest threats that can lead to data corruption. It is important to keep in mind that the greater the number of system users of the Benefits Elections System, the more chances there are for crucial information to be leaked or mishandled. Taking the proper precautions to safeguard the data (this should include a thorough training after system implementation) to ensure the information is appropriately handled at all times is vital to the well-being of both the employees, as well as the organization. Given the amount of sensitive information that will be stored within the Benefits Elections System, it is obvious that Huffman Trucking must be aware that cyber-criminals will try to gain access to such data should it be left unprotected. Breaking into information systems for malicious intent is something that has made security what it is today: thorough and inflexible. Hackers are smart nowadays; they can make use of a number of tools and techniques to grant them access to information, which can have damaging effects on the victim(s). The possibilities of what a cyber-criminal will do once he or she has access to sensitive information are endless; however, one thing is for sure: the victim(s) could virtually lose everything. Without the proper security measures that were previously mentioned in place, the Benefits Elections System will be vulnerable to hackers and other malicious attacks. Thoroughly examining the potential risks with the implementation of any information system will allow an organization to effectively develop action plans and enforce the necessary security measures required to reduce and/or eliminate such risks. A thorough and effective risk analysis will demonstrate how firewall security, encryption, and password protection can reduce the risks of database corruption and malicious attacks. Like any information system, the Benefits Elections System will prove to be vulnerable to potential threats if not protected at all costs. References Brown, T. (2010). Protecting Organizations’ Most Critical Data with Privileged Password Management. New York, NY: Auerbach Publications . Dell. (2013). Retrieved from http://www.secureworks.com/resources/articles/other_articles/firewall-security/ Mulvey, A. (2006). QA Database Corruption. Retrieved from