preload

Enterprise Security Risk and Evaluation

Enterprise system security risks and measures.

Enterprise Security Risk and Evaluation
Kevin Allen Rio
Krio Media, LLC
2008

The complexity of business systems architecture is the main contributor to poor systems security. Because of the complex nature of these systems, oftentimes security is not a primary focus when new systems architecture is being developed(Chorafas, 2004). The amount of code needed to develop an enterprise architecture solution often exceeds thirty million lines; not counting the other systems that it may be connected to. To help ensure that the best security practices are put into place, developers must account for security concerns early on during the drafting stage. Software complexity is also an area that must be explored because it leads to difficult to update software which enhances the security threats(Chorafas, 2004). Systems are at risk to countless types of attacks including malicious code, viruses, unauthorized database access, Trojan horses, denial of service attacks, firewall breaches, poor encryption leading to password and information theft, and buffer overflow attacks. The steps that are taken after an operating environment issue, such as power outages and hardware crashes must also be addressed because they can improve the chances that a threat will occur. There are security standards that should be met by users and systems to ensure the most secure operating environment possible(Chorafas, 2004). For example, systems should be developed that use sophisticated mechanisms for authorizing users to a system. This should go beyond the normal password and username setup that the majority of systems utilize. New tools and research methodologies are necessary to screen out unauthorized users and threats along with protection from DoS attacks that leave hundreds of websites nonfunctional each day. All systems should have measures in place that allow for system audits to be conducted with ease so that security breaches can be discovered in a timely manner. These are just a few of the many important security mechanisms that each system should have in place. Biometrics is an area that has been receiving attention as of late in terms of computer and systems security. The use of fingerprints, voice recognition, and iris identification are all areas that have been explored in terms of substituting passwords for data and information access(Chorafas, 2004). The advantage of biometrics is in the assessment that the computer conducts to identify if the person is authorized for access. Passwords do not provide this security in that they have no way of identifying if the person entering the password is the actual individual who is authorized to do so. Many issues have been raised when discussing biometrics, especially by the FBI due to issues related to criminals extracting the necessary parts for biometric scanning. Many believe that there are no perfect ways to completely secure systems based on these issues. It is essential that all implementations be universal in their identification and unique to each individual. Above all security solutions should be socially acceptable (Chorafas, 2004). The solutions presented must allow individuals to use the solutions on a daily basis without causing undue stress. If the user is not willing to use the system its viability immediately fails.

http://www.nytimes.com/2006/05/12/us/12vote.html

One of the most recently talked about security threats deals with the newest release of voting machines that allow users to vote using an electronic device. The newest wave of security threats are related to how the software updating system was developed. It is possible that the problem may have been corrected during the drafting stage of design if the developers had been planning for security concerns during early stages of development.

http://www.infosecwriters.com/text_resources/pdf/THyslip_Portable_Operating_System.pdf

The increasing popularity of Live CD’s and portable operating systems that leave no trace of boot up on a computer pose security risks. These Live CD’s can serve many different purposes, but some have been specifically created to pose security threats for password cracking, hard-drive forensics, and wireless internet sniffing/cracking. This pose increasingly difficult to trace security issues for enterprises, especially related to insider theft.

http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1342890,00.html

Research has shown that many times after workers are laid off their accounts may still be active on the company’s systems. Known as orphan accounts, they can pose severe security risks to companies. Individuals may have grievances and the use of these accounts may seem like the perfect way to get retribution. Managers often overlook the problems that a laid off IT worker can cause. Upper-level managers must ensure that workers accounts have the proper rights management and are decommissioned after worker layoffs take place.
Chorafas, D. (2002). Enterprise Architecture and New Generation Information Systems. Boca Raton, FL: CRC Press, LLC.

McGovern, J., Ambler, S., Stevens, M., Linn, J.,Sharan, V., & Jo, E. (2004). A Practical Guide to Enterprise Architecture. Upper Saddle River, NJ: Pearson Education, Inc..

Leave a Reply

* Required
** Your Email is never shared

About Krio Media

Welcome to Krio Media, the home of Kevin Rio, a Miami website developer. Based in Kendall, I provide web services to South Florida businesses, such as internet programming, CMS development, website design, E-Commerce shopping cart integration, payment gateway development, blog development, and more! If you have any questions, please contact me.
  • Miami Web Development
  • Web Design
    • RSS Email
    Copyright © 2010 Krio Media, LLC. A Miami Website Development Company.