CYB 230 7-2 Project Three - Network System Security Plan Recommendation
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
230
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
5
Uploaded by SuperKoala931
1
7-2 Project Three: Network System Security Plan Recommendation
Chris Lawton
Southern New Hampshire University
CYB 230: Operating System Security
Dr. Casey R. Morganelli
April 16, 2023
2
Helios Health Insurance is due for its annual IT systems review and has determined that
they lack in-house expertise to update its network system security plan. I have been hired by the
organization to consult and assist them in this process of reviewing their current security plan
and identifying deficiencies and recommend proper solutions to get them back on track. Helios
has provided me their current system security plan, as well as their network diagram.
Helios Health Insurance falls under HIPAA and HITECH laws on how their information
should be regulated so confidentiality is not only important – it is required. Dealing with people’s
personal health information requires a certain level of security. After reviewing the provided
documents, I have a few major security concerns with some of the hardware that is currently
being used. One of the concerns is how the Wi-Fi is set to be open. Having open Wi-Fi allows for
any hacker to connect to the network with ease as they do not need any sort of password. This
will allow them to plant malicious software into any device and easily exploit any data traffic
going through the network. This could lead to major data breaches and many HIPAA and
HITECH violations that could get the company sued by partners or the client’s information that
they store. The unsecure Wi-Fi along with the unencrypted hard drives makes for an easy target
to be exploited. Unencrypted hard drives allow for greater speed but throw all security away.
When you leave hard drives unencrypted it makes it much easier for the hacker that has just
accessed the open Wi-Fi to gain access to almost all information stored on the hard drive.
There are a few routes to remediate the hardware issue and protect the system. My
recommendations would be to immediately set a password on the Wi-Fi, as well as set it to
private. This will prevent attackers from being able to easily locate the Wi-Fi network as well as
make it harder to access if they do. Setting the Wi-Fi to private comes with many benefits such
as controlling what content all users connected to the network can access, what kind of devices
3
can connect to the network and how much bandwidth said devices will have access to. They also
offer firewalls, IP address filters, and occasionally IDS (intrusion detection systems). With the
allowance of controlling content, you would then need to set up an access control list and only
allow the least privilege. Least privilege keeps users from gaining access to information or parts
of the network that they should not have access to and allows for more confidentiality in the data
being stored. The next step would be to immediately encrypt all hard drives. Hard drive
encryption prevents unauthorized users from having the ability to read any data without the
proper access to the appropriate key or password. This will slow the computer but confidentiality
of the data being stored is much more important.
Now that we have covered some hardware deficiencies and some actions that should be
taken to fix them – we will now shift over to some software-based deficiencies. One major one
that stands out is not regularly patching or updating end user’s computers. Patches and updates
are provided to add levels of security. As new holes in security are found in software – they must
be filled with patches and/or updates. As time goes along with software, attackers find easier
ways to manipulate it and find holes that they can then exploit easily before a patch is installed.
According to a recent survey conveyed by Ponemon Institute revealed that almost 60% of
breaches that organizations have suffered from were because of unpatched vulnerabilities.
My suggestion for fixing this deficiency would be to implement a regularly scheduled
time to update software and patches throughout the company. Setting a day at least once a month
outside of business hours to regularly go through and ensure every end user’s software is update
to date with the latest patches will help to keep the network safe by adding the extra layer of
security the manufacturer has added with their updated patches. Another route to go instead of
trying to do the entire organization all at once would be to do 20% of the organization at a time
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
throughout the month. This could also help to reduce issues that could arise from unexpected
patching problems.
References
5
Cyber Essentials: patch management
. (n.d.).
https://www.itgovernance.co.uk/patch-management
The Benefits of a Private Network - Mission Critical Communications Review
. (n.d.). MCCR.
https://www.mccr.info/blog/product-reviews-comparisons/the-benefits-of-a-private-
network#:~:text=With%20a%20private%20network%2C%20not,bandwidth%20they
%20have%20access%20to.
Tlgadmin. (2022). Software Patching Best Practices – 18 Must Do Tips.
Alvaka
.
https://www.alvaka.net/software-patching-best-practices-18-must-do-tips/#:~:text=Set
%20a%20regularly%20scheduled%20routine,impacts%20from%20unexpected
%20patching%20problems.