The Security Breach at Nelm

The Security Breach at Nelm The security breach at Nelm has resulted in data being acquired by un ized users tapping into the system and gaining access to sensitive files. There is a concern that an insider is gaining the information on the advertising campaign and making it available to the Erm Company. There is also the possibility that an outsider has taken advantage of the system configuration and its security flaws to gain unauthorized access to the data. Nelm has taken the first step by appointing a head security officer that should report directly to the board of directors. However, there are serious flaws in the system configuration and the access control.
The first concern should be that an insider might be acquiring the information in question. There are currently members of the sales, engineering, and production that are sharing the files on the LAN. The files should be restricted and only available on a need to know basis. There should only be a limited number of people in the marketing department that have access to the advertising files. This would eliminate unauthorized access to this sensitive information by a member of the production or engineering staff.
If the attack is coming from an outside source, system access needs to be secured and limited. This may be done by the addition of an effective User ID and password system. The system should require regular changing of the passwords and have a mechanism to lockout the user after a limited number of failed attempts to stop a brute force attack. In addition, IP address monitoring should be implemented and users should be restricted to entering the system only from approved IPs. This would prevent off site hackers from gaining access to the system.
To further secure the system, the Web server needs to be properly configured. The web based e-mail system will give unauthorized users a portal that may be exploited if the server has security flaws in it. An adequate firewall should be implemented that blocks most illegal activity. Web logs should be constantly monitored for unauthorized activity. In addition, sensitive server configuration files should only be accessible by the head of security. The system needs to be constantly updated to include the latest security patches, inactive users deleted, and evaluated for an ongoing threat assessment.
In most cases, data is stolen by the easiest method possible. When large numbers of employees have access tot he entire system, it opens the possibility of an insider theft of data. Internally, the system needs to be secured from users who are not authorized to view or alter certain files. Authorized users need to change their passwords regularly to prevent unauthorized acquisition by a third party. To prevent access from outside hackers, the web server needs to be configured and updated to an appropriate level of security. Limited access by IP address or through a firewall would help prevent unauthorized access. Monitoring web logs to see who is accessing the files and when would point out irregularities. In data security there is no one answer, but rather a series of actions that need to be taken at several levels in the information system.
Works Consulted
Bodnar, George, and William Hopwood. Accounting Information Systems. 9th ed. Upper Saddle River, NJ: Prentice Hall, 2004.
Stein, Lincoln, and John Stewart. "The World Wide Web Security FAQ." W3C. 23 Feb. 2003. The World Wide Web Consortium. 18 June 2007 .