Gail Industries Security and Infrastructure
Gail Industries’ security infrastructure policies and practices review evaluated its existing policies and practices for compliance with current industry standards. The review included policies and infrastructure used to protect physical and intellectual assets, analysis of security policies and practices, and its alignment with the best industry standards. A review of the Gail Industries also recommends on mitigations for shortcomings concerning the Gail Industry Small Ville case study. A summary of existing policies and procedures include physical security for data center, physical security to facilities, policies for change management, policies for logical security, and policies for password creation.
The procedures involved in the physical protection of the data center restrict its access to authorized personnel. Documentation and implementation of physical access procedures monitor and control the granting and revocation of onsite access to the data center. Accessing the data center involves two-factor authentication and requires retina eye scanning and badge access card to allow access to the data center. For individuals requesting badge access privileges, they need to document a request on a standardized employee management form approved by departmental management. The badge access system restricted to an authorized IT personnel administrator. As part of an employee termination process, the IT manager is responsible for revoking terminated employees’ badge access privileges. To avoid terminated employees accessing badge access privileges, the IT manager performs monthly audits. Don't use plagiarised sources.Get your custom essay just from $11/page
The policies and practices involved in ensuring physical security in the facilities include restriction measures for monitoring and controlling access to the facility. Documentation and management of procedures grants and revoks onsite access to the facility. The door badge system is used along predefined security zones limiting access to the facility and data center. For individuals requesting badge access privileges, they have to document the request on an employee onboarding system. In case an employee involuntarily or voluntarily terminates their job, the IT personnel is responsible for revoking badge access privileges. A monthly audit of badge access rights of the terminated employee avoids employees’ retention of badge access rights.
In change management control policies and procedures, ensure any network infrastructure and system software document changes appropriately to protect data from unauthorized changes for efficient internal control and financial reporting. Documented change management policies effective control of change management activities. Emergency provisions catering for any abrupt infrastructure and operating system changes. Documentation of change requests through a change request form prevents unauthorized data changes. Change request consists of change details, the person requesting the change, date of request, change description, and specification changes. Change requests prioritized and reviewed weekly by the management through the change advisory board meeting. Through signing off on the change request form, the management is responsible for authorizing change requests during the meeting.
In logical security procedures and policies restrict access to infrastructure and operating systems by allowing access to authorized users and system administrators to support internal control and financial reporting. Documentation of annual information security policy updates assists personnel in modifying information system access privileges, necessary in safeguarding information system assets, data, and system infrastructure. User accounts and password authenticates infrastructure and operating system users to system access. Configuration of password requires enforcement of password complexity, expiration interval, history, minimum length, and invalid password account lockout threshold. To gain access to the central collection system, users are authenticated through their individual user accounts and passwords. For role-based access privileges to the central collection system, the application utilizes a predefined security group.
According to the password creation policy, all user and administrator passwords need to be eight characters in length or more. The utilization of password dictionaries is necessary to prevent easily cracked passwords .the use of unique passwords for a personal account or system application. The immediate change of default passwords after the system application is complete. For every 60 days, user passwords need to be changed, and passwords previously should not be used . One should replace system passwords every month. To enforce a password protection password must not be shared, revealed, or send electronically. Passwords should not be written down or physically stored and should not be in an unencrypted format.
According to the current industry best security and infrastructure practices, Gail industries have adopted most of the policies and practices required for its effective delivery of digital services. However, it has failed to utilize several control objectives necessary for the effective operation of its service delivery. These include using cloud computing for its local servers and the adoption of an incidence response plan. Cloud computing security (Brotherston & Berlin, 2017) contains controls and procedures that work collectively for the protection of data, infrastructure, and cloud-based systems. Security incidence plan (Kim & Solomon, 2010) refers to a set of instructions that guide and assist the IT personnel in responding to network infrastructure security incidences.
Some of the recommendations for Gail Industries include the utilization of cloud computing security for their information system data and applications. While their AWS utilizes internet cloud-based servers for its applications, the local servers store most of the stored data. In the occurrence of any disaster and the performance of the server falls, they would risk losing data. Cloud computing benefits include easy information sharing, continuous data back up, and flexible data access. Another additional recommendation is the implementation of the incidence response plan. While a lot of effort focused on the prevention of security attacks, more time is required to maintain and create a robust security incidence response plan. In case of an outage, malicious attack, or disaster, they will be able to respond to the attack quickly and resolve the issue as well as implement mitigation measures in the future.
Collectively, Gail industries and Small Ville demonstrate satisfactory security practices. Their policies and practices address physical security, physical assets, firewalls, passwords, and align with the best industrial practices. However, additional recommendations required to protect the industries’ security and infrastructure include cloud computing and the incidence response plan. In case of an outage, malicious attack, or disaster, they will be able to respond to the attack quickly and resolve the issue as well as implement mitigation measures in the future. If Gall industries and Small Ville implement security incidence plan and the security cloud-based computing for local servers as priority security elements, they will optimize their information systems and network security.
ReferencesTop of Form
Bottom of Form
Brotherston, L., & Berlin, A. (2017). Defensive security handbook: Best practices for securing infrastructure.
Kim, D., & Solomon, M. G. (2010). Fundamentals of Information Systems Security. Burlington: Jones & Bartlett Learning, LLC.