Suppose you are the IT professional in charge of security for a small pharmacy that has recently opened within a shopping mall. The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access controls geared towards protecting medication and funds located on the premises, as well as the personally identifiable information and protected health information of your customers that resides on your system. Your supervisor has tasked you with identifying inherent risks associated with your pharmacy and establishing strong physical and logical access control methods to mitigate the identified risks.
1) Firewall (1)
4) Desktop computers (4)
2) Windows 2012 Active Directory Domain Controllers (DC) (1)
5) Dedicated T1 Connection (1)
3) File Server (1)
Write an eight to ten (8-10) page paper in which you:
Identify at least five (5) potential physical threats that require attention.
Determine the impact of at least five (5) potential logical threats that require attention.
Detail the security controls (i.e., administrative, preventative, detective, and corrective) that the pharmacy could implement in order to protect it from the five (5) selected physical threats.
Explain in detail the security controls (i.e., administrative, preventative, detective, and corrective) that could be implemented to protect from the five (5) selected logical threats.
For each of the five (5) selected physical threats, choose a strategy for addressing the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Justify your chosen strategies.
For each of the five (5) selected logical threats, choose a strategy for handling the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Justify your chosen strategies.
Use at least five (5) quality resources in this assignment (no more than 2-3 years old) from material outside the textbook. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
Explain the concepts of information systems security as applied to an IT infrastructure.
Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
Explain the means attackers use to compromise systems and networks, and defenses used by organizations.
Explain the role of access controls in implementing a security policy.
Explain how businesses apply cryptography in maintaining information security.
Analyze the importance of network principles and architecture to security operations.
Use technology and information resources to research issues in information systems security.
Write clearly and concisely about network security topics using proper writing mechanics and technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills. Click here to access the rubric for this assignment
Information protection is central in numerous firms particularly pharmacies as well as other responsive areas. Security representatives are, consequently, essential to ensure equally physical as well as logical protec...
Information System Security
1. The Potential Physical Threat
The potential physical threat often reasons the PC and hardware to crash. And it may be affected by internal, human, external errors. The most important threats comprise damage of hardware and infrastructure, theft, unstable power supply, accidental errors, as well as lightening. The unsteady power supply reasons a vast loss of information and computers due to it interferes with processing unit. And the lightning is a natural incidence that man has no control over. On the other hand, Cappelli et al. (2012) declares that such threats could be controlled through application of suitable procedures. I.e., suitable procedures ensure that the security organizations decrease the damage.
2. The Potential Logical Threats
Sometimes, most of the people access the pharmacy premises so posing a threat to the processes. The logical access control offers a guidelines as well as technical means of controlling what data the workers need to use, the programs to execute, and the changes to make. And the logical threats interpretations for greater than 50 percent of all the computer threats in any business. For example, the Annual Computer Crime and Security Survey assessed that businesses lost greater than $52.4 million because of computer crimes. So the logical threats comprise Trojan, denial of service attack, spyware, worms and phishing.
The phishing is a kind of logical threat whereby the contributor tries to Giveaway Company’s sensitive data though imagining to be an official person. Kouns and Minoli (2011) represented that phishing threat has coasted most of the businesses great financial missing. This is due to people invented by sending incorrect information which encloses the authorized logo and company’s picture to steal money from them. For example, the Kiwi bank lost millions of shilling during internet banking.
The spyware is a kind of malware program planned by computer thieves to gather and spread personal details. This program is secreted from the worker so that it could collect the important data concerning internet communication, key logging, password, as well as any other significant data. Additionally, the spyware changes the computer setting and decrease the computer speed.
The Denial of Service Attack
The denial of service attack is a kind of malware that shut down the network via clouding the server. So this makes it hard to access places proposed by the computer operator. In addition, the denial of service attack reasons the data crash. In accordance with the Durcekova, Shahmehri and Schwartz (2012), the denial of service attack mostly disturbs the legitimate users like workforces, accounts, and clients. This is due to the programmers known well that such type of people play a vital role in the business.
The worms are kind of computer malware programs which require the ability to duplicate them from one computer to another computer. E.g., in a pharmacy setup, the worms may extent from books of accounts to employees, and stocks. By itself, the worms...