Security Analysis and Risk Management Report for Software Company

Verified

Added on 2023/04/19

AI Summary

This report provides a comprehensive security analysis of a software company, focusing on risk assessment, mitigation strategies, and protection mechanisms. It begins with an executive summary outlining the company's technology and recommendations. The report includes a detailed risk assessment using a risk register, identifying vulnerabilities related to data storage, network security, and hardware. Mitigation strategies are proposed, such as data encryption, the use of secure protocols, and the implementation of firewalls and antivirus software. The report also highlights the importance of backup and recovery systems. Recommendations are made for improving the development system, including installing firewalls, antivirus software, diversifying LAN systems, and using strong passwords. The report concludes with a discussion of the organization's security posture and provides references to support the analysis.

Running head: SECURITY ANALYSIS
SECURITY ANALYSIS
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2
SECURITY ANALYSIS
Table of Contents
Introduction................................................................................................................................4
Conclusion................................................................................................................................14
Recommendation......................................................................................................................14
References................................................................................................................................15

3
SECURITY ANALYSIS
Executive Summary
This report recognizes the issues that are present in the commencement of the projects that
are undertaken by the software-based organization. Risk analysis is performed along with the
presence of risk register. The risk register will also help in identifying the risks that will
affect the organization in a negative manner. Risk mitigation strategies is also stated and this
will help in better completion of the project.

4
SECURITY ANALYSIS
Introduction
This report will provide a brief discussion regarding the risk assessment. Protection
measures will also be stated in this report. Recommendations regarding improvement of the
development system will also be provided.
Risk Assessment
I
D
Description Impa
ct
Likelihoo
d
Seriousne
ss
Grad
e
Mitigation Responsibili
ty
1 Risk present
in the
management
of the
software
organization
includes risks
in storing of
data in
servers. In
case of using
servers, the
entire data is
divided into
packets and
this data
packets are
stored in the
data base and
this leads to
the fact that
the data sets
are well
maintained
and gets
stored in the
computing
system of the
cloud storage
companies.
Despite being
the fact that
the cloud
storage
companies
have
individual
protocols,
imposters can
crack the
security
High Low High 6 Protection
measures
that must
include
encryption
of data.
This will
incur the
fact that
despite the
data that
are present
are stored
as per the
protocol of
the cloud
platform
the
illegibility
of the data
will be
maintained
and this
will affect
the
manageme
nt of the
data
storage in
ab better
manner
Project
Manager

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5
SECURITY ANALYSIS
protocols and
gain access to
the data.
Server
location also
acts as one of
the major
issues in case
of storage of
data in the
servers. In
case the
servers that
are present in
the cities are
not very
profound,
speed of the
entire
functioning
process will
decrease. This
is the main
reason
choosing of
server service
provider must
be performed
in a better
manner
2 Usage of
telnet and
RSH is done
in this system.
Telnet is a
TCP/ IP
protocol that
imbibes
remote
control and
this is the
main reason
that the
security
issues arises.
The remote
attackers can
use this
platform for
gaining
High Low Low 3 Usage of
SSH
(Secure
Shell) can
be done in
order to get
rid of the
issues that
are present
in using the
Telnet
server.
Network
Engineer

6
SECURITY ANALYSIS
access to the
data
transaction.
The advisory
states that the
attackers
which aim to
get the data
will send
packets to the
TCP 23. The
imposters can
also send
packets to the
reverse telnet
ports TCP
2001 to 2999.
This
processing of
the reverse
telnets and
TCP ports,
the main
transaction
that will be
commended
includes
denial of
service issues.
In this case
the
authenticated
employees
can not gain
access to the
data that are
processed will
include the
fact that the
management
pf the project
will get
performed in
a negative
manner.
These are the
main reason
that Telnet
and RSH
must not be

7
SECURITY ANALYSIS
used in this
project and
this is one of
the main
reasons
effective
denial of the
entire system
must be
performed.
3 Hardware
system of the
software
organization
is not much
protected and
this is the
reason that
the
management
of the project
will get
performed in
a negative
manner.
Spectre
vulnerabilities
have been
present in the
commenceme
nt of the
project. With
the help of the
system
management
memory the
hackers can
gain access to
the data. With
the presence
of the glitches
the processors
will include
shutting of the
down of the
central
processing
unit. SMM
memory can
also be used
Low High Medium 4 Usage of
PUF
(Physical
Unclonable
function)
must be
implemente
d in order
to better
manage the
proposition
Project
Manager

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
SECURITY ANALYSIS
by the hackers
in order to
gain the data
that they want
to gain access
to. Knowing
encryption
keys and
administrative
keys will also
help the
imposters to
gain access to
the data in an
unauthorized
manner.
4 No presence
of firewall is
also another
issue. With no
implementatio
n of firewall,
the main
disadvantage
that will be
present
includes the
fact that the
data packets
that will be
entering the
system will
not pass
through any
kind of test.
This will lead
to the fact that
the
management
of the project
will be
inefficient in
nature. The
projection
will suffer
due
unrestricted
transaction of
data. This will
ensure the
High Low Medium 5 Installation
of firewall
is very
necessary
as this
installation
will acts as
one of the
major
aspirations
of the data
protection.
In case
firewall is
installed
better
protection
can be
provide to
the data
and the
transaction
can be
restricted.
Network
Engineer

9
SECURITY ANALYSIS
fact that the
management
of the project
will be
accustomed
with the help
of improper
management
of traffic. In
case of
absence of the
firewall
entrance of
malicious
data gets
easier and this
is the main
reason that
the projection
of the
management
system will
get performed
in a better
manner. The
computing
systems that
are connected
via LAN are
affected in
case there is
an absence of
the firewall.
The danger of
leaking out is
not the only
issue that the
software
organization
will be facing
but the danger
of data
leaking in can
also be an
issue. With
the help of the
implementatio
n of the
firewall,
proper

10
SECURITY ANALYSIS
filtering of the
packets will
also be
performed.
The
implemented
firewall also
helps in
getting the
management
of the data
correct as per
the projection
of the data
management
and this is the
sole reason
that the
management
of the
gateway is
required in
better
prosecution of
the
networking
system and
the entire
process is
performed
with least
robustness in
case of the
absence of the
gateway.
5 Absence of
antivirus is
also another
issue that is
present in the
prosecution of
the system.
Antivirus
helps in
protecting the
computing
device from
unauthorized
access of the
imposters
Low High High 6 Usage of
antivirus is
also
essential in
the
projection
of the data
security. In
case
antivirus is
installed
better
unauthorize
d access to
data by the
Data
Engineer

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

11
SECURITY ANALYSIS
through virus
transaction.
As no
antivirus
software is
implemented
in the
computing
systems of the
software
company, the
main
disadvantage
that will be
gained
includes
improper
management
of the data
that are stored
in the data
base of the
software
organization.
In case virus
is transacted
in the
database
corruption of
data will take
place. This is
the reason
that
management
of the project
will get
performed in
a better
manner. Data
corruption
will lead to
inefficient
decision
making and
this is the sole
reason that
management
of the projects
that are being
undergone by
imposters
with the
help of
malware
and other
trojan
viruses can
be
mitigated

12
SECURITY ANALYSIS
the software
organization
will get
affected in a
negative
manner. In
case
inappropriate
management
of the project
is not
performed
with high
robustness,
the entire
project might
fail.
6 Absence of
backup and
recovery
system affects
the
functioning of
the software
organization.
With the help
of the
recovery
system in case
the data that
is lost can be
recovered.
This leads to
the fact that
the
management
of the project
will get
performed in
a better
manner. This
includes the
fact that in
case a data
gets deleted
will get
permanently
removed from
the data base
itself. This
High Low Medium 7 Keeping
backup is
necessary.
This can be
performed
with the
help of the
EaseUS
Todo is a
tool that
can be used
for better
provisionin
g of the
backup.
Requirement
Engineer

13
SECURITY ANALYSIS
will hamper
the
management
of the project
that is
undertaken by
the software
organization.
7 Single LAN
connects the
functioning of
the entire
software
organization.
This acts as a
disadvantage
as the data
that are being
transacted
will be done
with the help
of the single
LAN and in
case this LAN
system gets
affected the
main
disadvantage
that will be
present
includes
improper
management
of the entire
functioning
system. The
processing
entire
software
organization
will get
affected in a
negative
manner and
the entire
process will
be projected
as the
functioning of
the project
Low High Medium 6 Usage of
multiple
LAN as
per the
computin
g device
must be
made.
With the
hep of the
different
LAN
services,
in case
one LAN
gets
affected
the other
LANs
will get
enhanced
with
proper
handling
of the
data that
are to be
transacte
d
IT Engineer

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

14
SECURITY ANALYSIS
will lose its
efficiency.
8 The
computing
devices have
similar
passwords.
This ensures
the fact that
gaining
access to data
that are stored
in different
computing
systems can
be accessed
by the
employees
who are not
supposed to
gain access to
the data and
corrupting the
data gets
easier.
High Low Medium 6 Usage of
strong
passwords
will help in
maintainin
g the
privacy of
the data
that are
present in
the data
base of the
computing
devices
IT Manager
Table 1: Risk Register
(Source: Created by Author)
Conclusion
The organization that is taken into consideration is a small software hub, that is trying
to provide innovative software related services. Codes and servers are used for storing data.
These codes and servers are accessible via internet. Confidentiality is rated high and this is
the main reason that the projection of the investment in data storage is made in a very
efficient manner. The employees are mostly aware of the passwords of the servers and the
data base. This is the main reason that the projection of the data security sometimes faces axe.
Usage of Back up and Disaster Recovery is not done by the organization.
Recommendation
Recommendations that must be followed are as followed: -
1. Installing firewall in the computing system
2. Installing anti-virus in the programming system
3. Usage of Secure Shell over Telnet
4. Diversifying LAN system.

15
SECURITY ANALYSIS
References
Bass, L., Weber, I., & Zhu, L. (2015). DevOps: A software architect's perspective. Addison-
Wesley Professional.
Braude, E. J., & Bernstein, M. E. (2016). Software engineering: modern approaches.
Waveland Press.
Brettel, M., Chomik, C., & Flatten, T. C. (2015). How organizational culture influences
innovativeness, proactiveness, and risk‐taking: Fostering entrepreneurial orientation
in SMEs. Journal of Small Business Management, 53(4), 868-885.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Hulett, D. (2016). Practical schedule risk analysis. Routledge.
Modarres, M. (2016). Risk analysis in engineering: techniques, tools, and trends. CRC press.
Norman, T. L. (2016). Risk analysis and security countermeasure selection. CRC press.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Webb, A. (2017). The project manager's guide to handling risk. Routledge.