Introduction

The modern world is running in the era of information, which is providing various modes of communication to this world. Computer and Internet are one of the main communication and information mediums that are being used by most of the companies and individuals (Jajodia & Wijesekera, 2005). As per Case Study Assignment Writing Services experts, Internet is a larger form of small interconnected networks spread all over the world. Internet is known for providing the fast and cheap communication.

These days, almost all the companies are using computer based information system and internet. It has become an essential element for their business. Information system is used for storing, processing and retrieving information immediately with the help of computers (Stallings, 2006). This has reduced the paperwork and manual labor up to certain extent. Internet has enabled the companies that are using computer based information system to get in touch with their suppliers, clients and employees; but information security has become a critical issue for all the businesses.

With the development of new modes of communication and information sharing such as internet, the problem of securing the data & information from unauthorized access has increased. Such unauthorized access to an organization’s information system may be quite harmful for the organization (Jawadekar, 2004). If the company is not able to maintain proper security features in its information, the intruders can access it, steal vital information and cause harm to it.

This assignment help paper is based on the on the operation system and information technology process used by the company Plantain Building Company (PBC). The computer and networking systems of the firm are mainly used to store the data and information about the existing or coming land availability. Presently, the IT and operational system of the company is not secure. The company has not adequate IT resources and knowledge to manage the security mechanism and ensure high safety of the operations. The Head office of OBC has implemented a new strategy. According o that strategy the management of regional office will be responsible for the protection and security of financial and operational data.

The suspectability of an attack by a threat, which probably creates some affect, is known as vulnerability (Forouzan, 2003). Lack of security mechanism would be harmful for the networking and systems of PBC. This situation of the firm can be explained as the issue of security vulnerabilities. By means of the following paper, the reader would be able to understand the parameters that are associated with the various security vulnerabilities available for PBC and impact of IT security mechanisms on it business operations and security of data and information.

Current Computer System Operations

Plantain Building Company (PBC) is a national house building firm that operates in the construction industry and develops new houses and buildings for the general public. As the company operates at the national level, it has many regional offices to handle its construction operations at different states, cities and places. According to the given scenario, the Cardiff regional office of the firm has a week networking system. The company has a computer system in which the management bought their computers from a local computer company (Danchev, 200). This company is also responsible for the maintenance of the system.

It has given in the scenario that company has 27 desktop computer and printers that are associated with the central server system. All these computers work on the various applications such as Window XP operating system with the MS-office. All these computers have licensed package of antivirus system applications, so that the firm can use these PCs for IT as well as administrative tasks.

As the business operations are mainly linked with the construction activity, use of internet is not very high in the firm. At the local and state level, the employees use telephones as the main communication tool. Use of telephone does not require a firewall protection in the system (Jajodia & Wijesekera, 2005).

All the employees in the regional office have separate computers to complete their regular tasks and responsibilities. Only in few PC’s the employees can access internet with the common ID and password. Only the manger Theo Barratt has different PC with internet connection and different ID and password.

The details about the development and constructions of house buildings is keep safe in these computers. Furthermore, in order to determine the requirement of raw material, cad drawing and other different types of available houses, the company management uses different tools and packages. The company has no specific mechanism to maintain the high level of security in the computers and networking system. These computers also used to perform general administrative task and everyone assess the computer and data and information of the company.

Back up of data and information is also taken by the firm each week in a disk. This disk is kept in store room of office supplies with safety. Apart from this, the computer system of the regional office is also connected with the systems of head office, so that the manager can access financial statement and information. In this concern, Theo Barratt has different ID and password.

The computer systems and networking process also comprise the plans and specifications for the project managers. Project manager can also access these computers with the same ID and password. The house database of the company is kept at the head office and the manager of regional office sent a CD-Rom for new house data type. The land managers also use this system to assess the land database and know the prices of lands.

Security Vulnerabilities

The security vulnerabilities can be explained as the loop holes in the networking or computer systems. The loop holes and weak points of the networking enable the hacker (a person who is involved in accessing and stealing an organization’s vital information) to assess the company’s important data and information (Forouzan, 2003). The security vulnerabilities decrease the authenticity of the system and process.

These Vulnerabilities poses the threat of being exploited by those people who attempt such kind of activities in order to develop problems or create complex situations for the individual or organization. According to the given scenario, various vulnerabilities are available in the computer and networking system of PBC, which are as follow:

Lack of Security Mechanism, such as Firewall: Presently, the networking and computer system used by PBC is highly associated with the security risks. The company has not an effective security mechanism, means the important information and data of the firm is not secure and can be used by anyone in an unauthorized way (Jawadekar, 2004). All the computers used by the employee are lacking with the effective security method and firewall systems (Ezziyyani, Bennouna, Essaaidi, Cherrat, Zouitni & Hlimi, 2006). Firewalls mainly control the outsider’s unauthorized access to control the company’s system. Lack of firewall enables the outsider to access computers of the company by getting IP addresses (Stallings, 2006).

Lack of Vulnerability identification System: The system of the company is also lacking with the security software and mechanism. The management has not any kind of software to indentify future vulnerability and implement effective solutions in emergency. This is also a concentrating vulnerability. Lack of these software and methods questions the security and safety of not only the financial information as well as the personal and private information of the employees. It ultimately reduces the reliability of the company’s system.

Common ID and Password is also a Threat: All the employees have a common ID and password to access the system, is also one of the biggest risk in the IT system of PBC. As these systems are used to assess both financial as well as administrative information, by using common ID and password anyone can steal the information, which would be a problem for the firm (Stallings, 2006).

Lack of Antivirus Programs: According to the scenario, the use of internet in PBC’s networking system is not very high. Due to this, the IT management does not update the antivirus protection regularly. This is also security vulnerability for PBC. Various virus and Trojan applications can harm the system any time, which can be a cause of information lost.

Due to the above reasons, it is integral for the PBC to concentrate on the security vulnerabilities and issues before preparing the financial record and keeping these record in the systems of the regional office. Lack of security mechanism can lead some security vulnerabilities in the networking system of regional office such as hackers or attackers can manipulate the actual data and steal correct information, copy the data and financial information, etc. (Ezziyyani, Bennouna, Essaaidi, Cherrat, Zouitni & Hlimi, 2006).

The security vulnerabilities in the networking system of the company also affect the operations in negative way. Disadvantages of Security Vulnerabilities:

Common ID and password reduced the feeling of enthusiasm and responsibilities among the employees (Internet Security Issues and Solutions for Small and Medium Businesses, 2001). Productivity and efficiency of the employees are also decreased due to the security vulnerabilities.

In addition, issues related to the security of the data and information also affect the confidentiality level, integrity among the employees and compliance of the region office with the head office activities (Bhimani, 1996).

Proposals for Addressing Security Issues

As the head office PBC has executed the strategies of keeping the financial records in the computer systems of regional office to reduce the work stress and distribute responsibility, it is necessary for the regional office to implement security mechanism in the computer and networking systems (Jajodia & Wijesekera, 2005). If the system would not have adequate security mechanism, it would be difficult for the regional office management to ensure about the quality and reliability of the data because anyone can change or steal the information by using common id and password (Jawadekar, 2004).

Due to this new strategy, security issues has become one of the main concerns for any individual or organization, so these should be considered as key aspects to protect data and information. In order to prevent PBC in Cardiff office from being exploited, due to these securities vulnerabilities, it is essential to have some strategies, which in turn assist them to encounter the problems in an effective manner (Information Security Policy – A Development Guide for Large and Small Companies, 2007).

These security mechanism and strategies play a significant role in the solutions of those problems, which are created as a result of these vulnerabilities. Cardiff office should concrete on security policies to address various security issues. Various security mechanisms are as follows:

Different ID and Password for Each Employee: It is essential for the networking department of PBC to implement different user id and password for each employee. By generating different id and passwords, it would be difficult to assess private information and few people would be responsible for the protection of data (Danchev, 2003). Their role and responsibility would increase to secure the information, which ultimately motivate them to perform with zeal and enthusiasm.

With the help of this security policy, it would be easy for the company to maintain the reliability and integrity about the financial and operational information. Head office can also access the information as it is, without any question of unreliability and cheating (Stallings, 2006). For Cardiff regional office of PBC, this security policy is also adequate and cost effective. The employees would not need any additional training and educational program to use this policy.

Virtual Private Network: Development of Virtual Private Network (VPN) is also a security method to protect the financial and operational information of PBC. The Virtual Private Network is a kind of application, which allows only some authorized persons such as employees, clients, etc, to use the network system of the firm (Danchev, 2003). It develops an effective communication with the identification of user and reduces the risk of information stealing. This is a technical security policy, which need to follow a procedure before accessing the information.

Virtual Private Network also allows the employees to connect with the company’s network at different places. This would enable the manager Theo Barratt to connect its computer with the company’s network from his home. This way he can work at home (Internet Security Issues and Solutions for Small and Medium Businesses, 2001).

Implementation of Firewall Systems in Each Computer: Implementation of Firewall applications supports the system to control the reaches of malicious applications. It also restricts the hackers to access the computer in unauthorized way (Jawadekar, 2004). It is a simple application, which needs knowledge about the connection of internet through DSL or ADSL digital lines, dial-up, cable modem, etc. (Jajodia & Wijesekera, 2005). Turning on of firewall in each computer will control the entry of virus in system. Firewall also blocks infected e-mails and information received from other computers. The company can implement the policy of network administrator. This application allows the management to configure firewall on all system with single connection (Forouzan, 2003).

Other Application for the security of Network Systems: Other security applications are data categorization, virus protection, backups, maintenances, virus protection, encryptions, incident handling, etc.  By using all these applications, it would be easy for the employees to protect the networking system from the internet and virus threats. All the data can be categorized in different sections (Information Security Policy – A Development Guide for Large and Small Companies, 2007).

Conclusion

Thus, on the basis of above discussion by Assignment Help Sydney, it can be concluded that if the company has not effective security policies and techniques of IT, it would be difficult to ensure the protection of data and information. Success and growth of the company is highly dependent upon the security mechanism used by the IT department. Without having a secure IT and networking system, it is very difficult for the firm to rely on the information and data (Stallings, 2006).

Protection of information is also essential to hide the important data from the competitors. If they have knowledge about the company’s policies and status, it would be difficult for the firms to develop competitive advantage. Thus, in PBC the need of IT security method is on high priority.

In order to implement an effective and secure networking system and utilize the information technologies properly, it is necessary to identify the security vulnerabilities (Jawadekar, 2004). Presently, the computer system network of PBC is lacking with numerous vulnerabilities, thus the company has to implement some security mechanism and techniques. Various vulnerabilities available in the computer and networking system of PBC are lack of firewall system, common id and password, old antivirus lack of VPN technology to allow the manager to work at home, etc.

The important security mechanisms to reduce the risk of vulnerabilities are data categorization, VPN, separate ID and password, firewall, data encryptions. All these protection methodologies would allow PBC and its management to protect data and implement a security IT networking system. Use of firewall through digital DSL and ADSL line us also a simple and cost effective solution for the firm. Updated and most up-to-date antivirus applications are also essential to restrict the entry of injected applications and viruses.

All these security method enable PBC and its management to secure data and information effectively.

References

Bhimani, A. (1996). Securing the Commercial Internet. Communications of the ACM, 39(6), 29-35.

Danchev, D. (2003). Building and Implementing a Successful Information Security Policy. Retrieved October 24, 2010 from http://www.windowsecurity.com/pages/security-policy.pdf

Ezziyyani, M., Bennouna, M., Essaaidi, M., Cherrat, L., Zouitni, A., & Hlimi, M. (2006). Security techniques and specifications for the resources protection. Journal of Internet Security, 16(19), 824-827.

Forouzan, B. A. (2003). Data Communications and Networking (2nd Updated ed.). New Delhi: Tata McGraw-Hill Publishing Company Limited.

Information Security Policy – A Development Guide for Large and Small Companies (2007). Retrieved October 24, 2010 from http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331

Internet Security Issues and Solutions for Small and Medium Businesse (2001). Retrieved October 20, 2010, from http://www.imagecomputer.com/whitepapers/Internet_Security_Issues.pdf

Jajodia, S. & Wijesekera, D. (2005). Data and Applications Security. Birkhauser

Jawadekar, W. S. (2004). Management Information System (3rd Revised ed.). New Delhi: Tata McGraw Hill Publishing Company Limited.

Stallings, W. (2006). Network Security Essentials (2nd Revised ed.). New Delhi: Pearson Educational Publishers.