Corporate Network SecurityEssay Preview: Corporate Network SecurityReport this essayABSTRACTCorporate Network Security is one of the most underrated considerations within today’s business world. This spotlight’s, on a more fundamental level, where management teams struggle to align their Information Technology infrastructure with business goals, business objectives, business practices and procedures.
Successful management teams are cognizant of two things. First, they are acutely aware that technology is integrated in most every facet of business. As a result, secondly, they realize the importance of having an Information Technology infrastructure properly aligned and supporting of the business purpose and organizational systems. They will go about business in ensuring that the information (technology) strategy and organizational strategy fit the business strategy.
INTRODUCTIONThe purpose of Corporate Network Security is to mitigate risks of unauthorized access and protecting network systems and resources, while ensuring maximum systems uptime, data integrity and availability. In this paper, I intend to outline many areas that make up the concept of Corporate Network Security, look at many areas where companies struggle, while providing examples of companies doing things right, or making recommendations in such areas.
WHAT ARE THE RISKSThe threats and risks that businesses face to their corporate network security are real and plentiful. For example, compromised data, construed as a business asset, can be used to the benefit of competitors, which becomes detrimental to a company’s potential strategic advantage; compromised personal information, such as social security numbers or financial information, can create legal liability (more than 158 million personal data records have been exposed since February 2005 (Vanhorn, 2007)); information and data can be physically destroyed, wasting considerable manpower productivity; and your own ability to work can be hampered when a system is compromised by rendering it inoperable.
The vulnerabilities of the corporate network and its business network, especially in the form of malware, attacks and intrusion attacks, can be mitigated by:
• Encryption of user data. If you lose your work credentials, access to the company website or any data you are using may fall back to using the company website and/or data.
• Data being accessed from outside of the company network through your computer or service, such as access to personal data or the company network or web-browser used to access the company website.
• Access of corporate website access, especially to financial data only.
• Other ways of storing financial data. This includes: accessing personal data in the company database; accessing your customer account data; and logging into a corporate account that you hold.
• Policies limiting the collection and use of certain business, financial, or proprietary information. The Business Security Code requires that:1) all non-business businesses comply with these rules and laws, and make reasonable and reasonable efforts to comply with any restrictions imposed;2) all non-business businesses provide access to certain data to third parties and the corporate corporate network is not to the detriment of the business.3) all non-business businesses provide their data to third parties without consent; and4) after a breach, if necessary, contact the responsible party to request that this policy be re-enabled to allow the data to be accessed.
In terms of the corporate networks, the risk arises from various means, when combined with the above, including through the failure of a system to maintain the right of the business community to continue to store, use, and share information and technical information (such as user information) in trust to prevent the theft or misuse of the business network. The company networks are not vulnerable to any of the above.
This list presents three types of threats to your company. These security threats are defined below in the report, and refer to the main threats for more detailed information. While the main two types of threats relate to data theft, many other types are also likely to be identified by the cybercriminal actor—for example cybercrime.
Misdirection
Misdirection attacks by a non-criminal actor can be detected by:
• using a commercial network.
• using your web browser and website to access your company site directly.
• making your company site inaccessible that is not used by the company or company network.
Criminal Activity
One of the key security threats to your network is the use and possession of intellectual property by a criminal entity, or its associated entities, via the use of the corporate network. In such cases, malware or other threats may be used to manipulate, corrupt or affect the structure or performance of the corporate network or the operational configuration of its networks.
Modes
The vulnerabilities of the corporate network and its business network, especially in the form of malware, attacks and intrusion attacks, can be mitigated by:
• Encryption of user data. If you lose your work credentials, access to the company website or any data you are using may fall back to using the company website and/or data.
• Data being accessed from outside of the company network through your computer or service, such as access to personal data or the company network or web-browser used to access the company website.
• Access of corporate website access, especially to financial data only.
• Other ways of storing financial data. This includes: accessing personal data in the company database; accessing your customer account data; and logging into a corporate account that you hold.
• Policies limiting the collection and use of certain business, financial, or proprietary information. The Business Security Code requires that:1) all non-business businesses comply with these rules and laws, and make reasonable and reasonable efforts to comply with any restrictions imposed;2) all non-business businesses provide access to certain data to third parties and the corporate corporate network is not to the detriment of the business.3) all non-business businesses provide their data to third parties without consent; and4) after a breach, if necessary, contact the responsible party to request that this policy be re-enabled to allow the data to be accessed.
In terms of the corporate networks, the risk arises from various means, when combined with the above, including through the failure of a system to maintain the right of the business community to continue to store, use, and share information and technical information (such as user information) in trust to prevent the theft or misuse of the business network. The company networks are not vulnerable to any of the above.
This list presents three types of threats to your company. These security threats are defined below in the report, and refer to the main threats for more detailed information. While the main two types of threats relate to data theft, many other types are also likely to be identified by the cybercriminal actor—for example cybercrime.
Misdirection
Misdirection attacks by a non-criminal actor can be detected by:
• using a commercial network.
• using your web browser and website to access your company site directly.
• making your company site inaccessible that is not used by the company or company network.
Criminal Activity
One of the key security threats to your network is the use and possession of intellectual property by a criminal entity, or its associated entities, via the use of the corporate network. In such cases, malware or other threats may be used to manipulate, corrupt or affect the structure or performance of the corporate network or the operational configuration of its networks.
Modes
The vulnerabilities of the corporate network and its business network, especially in the form of malware, attacks and intrusion attacks, can be mitigated by:
• Encryption of user data. If you lose your work credentials, access to the company website or any data you are using may fall back to using the company website and/or data.
• Data being accessed from outside of the company network through your computer or service, such as access to personal data or the company network or web-browser used to access the company website.
• Access of corporate website access, especially to financial data only.
• Other ways of storing financial data. This includes: accessing personal data in the company database; accessing your customer account data; and logging into a corporate account that you hold.
• Policies limiting the collection and use of certain business, financial, or proprietary information. The Business Security Code requires that:1) all non-business businesses comply with these rules and laws, and make reasonable and reasonable efforts to comply with any restrictions imposed;2) all non-business businesses provide access to certain data to third parties and the corporate corporate network is not to the detriment of the business.3) all non-business businesses provide their data to third parties without consent; and4) after a breach, if necessary, contact the responsible party to request that this policy be re-enabled to allow the data to be accessed.
In terms of the corporate networks, the risk arises from various means, when combined with the above, including through the failure of a system to maintain the right of the business community to continue to store, use, and share information and technical information (such as user information) in trust to prevent the theft or misuse of the business network. The company networks are not vulnerable to any of the above.
This list presents three types of threats to your company. These security threats are defined below in the report, and refer to the main threats for more detailed information. While the main two types of threats relate to data theft, many other types are also likely to be identified by the cybercriminal actor—for example cybercrime.
Misdirection
Misdirection attacks by a non-criminal actor can be detected by:
• using a commercial network.
• using your web browser and website to access your company site directly.
• making your company site inaccessible that is not used by the company or company network.
Criminal Activity
One of the key security threats to your network is the use and possession of intellectual property by a criminal entity, or its associated entities, via the use of the corporate network. In such cases, malware or other threats may be used to manipulate, corrupt or affect the structure or performance of the corporate network or the operational configuration of its networks.
Modes
METHODS OF ATTACKSome of the numerous ways a network can be attacked and how data and information can be compromised include Denial of Service attacks, backdoors, spoofing, phishing, password attacks (guessing, brute force, dictionary style), software / operating system exploitation, malicious code (viruses, adware, spyware, worms, trojans, browser hijackers), and physical thievery.
MANAGEMENT SUPPORT AND TEAMWORKSuppose you have a company, which has grown leaps and bounds, to the point where they are in dire need of some form of an enterprise system, such as a CRM (Customer Relationship Management) system or an ERP (Enterprise Resource Planning) system, that would help take antiquated “doing things by hand” type processes to a more efficient and effective electronic method, because they have grown to such a point where managing their information necessitates such a system and the old ways of doing things have just become too cumbersome and are not effective in performing day-to-day functions.
While a company’s management team, as a whole, will all share the realization that such a system is necessary; depending on how the company is set up to deal with such endeavors will be a huge key in how successful such a systems implementation will go. How a company’s management team is set up to plan, procure, and execute such endeavors, will largely dictate success.
One common scenario is where the Information Technology professionals within the company happen to wield significant power and exert significant influence into what system is chosen. This type of scenario is the organizational strategy and business strategy matching the objectives of the information (technology) strategy, which is an atrocity waiting to happen. Commonly in such situations, Information Technology will end up putting in a system that does not match the requirements of the business goals and organizational procedures.
As a result, there will be all sorts of internal dissention, in-fighting amongst departments / business units and Information Technology. Even worse, after such a significant investment of time and money into the initial implementation, the management team will ultimately move forward with whatever is necessary to make the system work, sometimes requiring expert-level consultants and such, when the system shortcomings are realized. Between the internal issues (disgruntled employees resulting in morale issues and productivity losses), and the efforts (time / materials / manpower) in attempting to make the system right and attaining the level of functionality desired, will cost significantly more money than originally budgeted and affect the bottom line in ways they were not likely to anticipate.
Conversely, another typical scenario occurs when companies look at Information Technology as just a cost center or a support center, and fail to see how deeply IT actually affects the organizational strategy and the business strategy. That ignorant perception will facilitate another common situation, finding a management team getting together, with non-existent or minimal representation from Information Technology, and moving forward with making decisions on what system will be chosen. After a decision has been made, the brass will then hand everything over to Information Technology and say implement X system.
In this case, the shortcomings will fall on the IT end, where the IT folks are apt to find problems citing issues like systems incompatibility with the existing infrastructure; systems requirements that fall beyond what is already in place, necessitating unplanned and unbudgeted back-end and infrastructure; and a plethora of other potential possible and unforeseen issues. In the end, this will all fall upon management’s deaf ears, where they will point the fingers back to IT for their inability to get the system implemented. This will cause significant delays and monetary expenditures not originally accounted for.
While the example used in conceptualizing management not being in-line with IT, or even more importantly — information (technology) strategy not being in line with organizational and business strategy, it may raise the question, what does this have to do with Corporate Network Security? A lot.
Relatively speaking, because so much discord between management and Information Technology exists, in addition to a company’s inability to properly integrate Information Technology to fit their organizational and business