Security Assessment and Recommendations
Security Assessment and Recommendations
Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Located in Southern California, AS has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company’s workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems.
The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. AS will help the customer through all phases of new product deployment, from initial prototypes through final large-volume production and assembly. By involving itself in all phases of customer product development, AS hopes to establish long-term relationships and secure repeated follow-on business with its customers. In addition, AS continues to invest heavily in workforce education and training, so as to improve capability to serve its customers.
Company Geographic Layout
Aircraft Solutions’ headquarters is in San Diego, California. The Commercial Division (CD) is 40 miles east in San Diego County. The Defense Division (DD) is located in Orange County in the city of Santa Ana, California. These geographic locations are close to intermodal transport hubs that have global reach. Products can be easily shipped anywhere in the world by combined truck, rail, ship, and air transportation methods.
The system administrators are members of an information technology (IT) group within the organization. They are responsible for selecting and installing hardware, software and related upgrades, implementing information security measures, and maintaining support to ensure the manufacturing execution system is working properly. They also are heavily involved in training the workforce to use and interact with the information systems.
Their duties include planning for and responding to emergency events such as power outages, attempts at cyber-attack, and natural disasters. The users at AS are employees, customers, suppliers, and contractors who need to access the company network. System access by users at different levels of the network is set strictly on a need-to-know basis. Controls are in place to secure confidential and proprietary information from unauthorized access. Users are responsible for entering and processing data and information, such as generating reports to be used for decision-making.
AS uses Business Process Management (BPM) to handle end-to-end processes that span multiple systems and organizations. The BPM system is designed to connect customers, vendors, and suppliers to share information and maintain a timely business dialogue. BPM also aligns internal business operations with IT support to maintain production in support of customer requirements. Business process effectiveness begins with the IT organization. Customer data such as project information, computer-aided design and development models are sorted and stored in designated servers. The Design Engineering department is responsible for reviewing the electronic models, interacting with the customer and making necessary modifications with customer approval, then placing them in an Engineering Release (ER) directory for programming.
As soon as these electronic models are released, programmers use them to create production programs. All final programs must be thoroughly verified for accuracy before releasing to the Proof For Production (PFP) directory for manufacturing to make the production first article. From the production floor, machinists download PFP programs directly to their DCNC (Direct Computer Numerical Control) machines for execution.
After any further processing, completed products are inspected for verification to customer requirements, then they are moved to the Shipping department for delivery. A continuous improvement and feedback loop system is in used to correct any deficiencies in the production process. The BPM system is capable of handling multiple projects simultaneously across every department of the company. BPM is set up to manage all aspects of business operations, including accounting, human resources, sales and marketing, and compliance activities concurrently.
Current IT Architecture
The figures shown below depict the current IT architecture and present network infrastructure of Aircraft Solutions.
Security Controls in Place
The current security controls include independent anti-virus software on every workstation and server, host-based intrusion detection systems on the servers in the corporate office. Security policy requires that all firewalls and router rule sets are evaluated every two years and that all local servers are backed up to network attached storage devices maintained at the server location.
Quality Web Design (QWD) is an organization that specializes in Web site and Web content design for all types of businesses. QWD’s mission is to provide top quality Web design that will increase consumer generated revenue to QWD’s customer Web sites. QWD’s database contains over 250,000 proprietary images and graphical designs that will enhance most Web site’s appeal to a target demographic.
Quality Web Design has several mission critical business processes. First is the use of the repository of Web site templates, custom written scripts and/or custom applications. This repository is stored in a Microsoft Visual Studio Team Foundation Service (TFS) server. This application is used to monitor the project development lifecycle of custom Visual Studio applications from inception to deployment, including the quality assurance testing phase. Other critical business processes are QWD’s accounting, payroll and Marketing operations all of which are supported by IT assets. There are strict technology-based access controls associated with each of these systems to ensure that only authorized personnel can access them.
There is a published corporate security manual that covers the following security practices. Username standard including having a separate account for any elevated privileges. Password length, complexity, rotation and history requirements. Data classification levels depend upon what type of data each system contains and security group accounts control access to each data classification level. Security training is also describe and required communications quarterly and annual training classes.
University/College: University of California
Type of paper: Thesis/Dissertation Chapter
Date: 6 November 2016
We will write a custom essay sample on Security Assessment and Recommendations
for only $16.38 $12.9/page