The process of facilitating proper security rates within an organization requires a complex analysis of the existing loopholes in a variety of the company’s domains. First and most obvious, the issues concerning the security of the information transfer process must be analyzed in a very detailed manner. In addition, it is essential that the safety principles adopted in the organization under analysis should comply with the ones that are listed in the set of regulations accepted in the United States. Moreover, it is imperative that the assessment in question “should not be disconnected from other assessments performed within the organization” (A practical guide to risk assessment, 2008).
To be more exact, a combination of a top-down and bottom-up views on the situation within the company will have to be incorporated into the general strategy. With the integration of two methods, one will be able to carry out a twofold analysis, therefore, eliminating the slightest chance of missing any loopholes in the organization’s security.
The fact that the company has adopted the principle of the trust domain creation as the key tool towards enhancing security can be viewed as a big step in the right direction. It is essential that the company should enhance security for every single user of the system and, therefore, every employee in the organization. At this point, however, the fact that a tree domain presupposes a link to the one and only tree needs to be brought up. The specified approach, thus, may lead to a certain confusion in the data processing and distribution as it amasses.
As far as the potential vulnerabilities of the company are concerned, one must admit that the organization will have to reconsider its approach towards managing the accounts of the staff. Specifically, the fact that some of the accounts (approximately 20%) have never been used, as well as that some are never closed even after the staff member leaves the company, gives a lot of reasons for concern. Being active, these accounts may be violated by hackers, who, in their turn, may stall the company’s key processes by disrupting the information flow.
In order to address the issues specified above, the company will need to reconsider its current approach towards supervising the performance of the security systems. To be more specific, a system of regular audits will be required in order to maintain the security rates at a decent level and, thus, enhance the company’s data safety. The audits will include penetration testing and vulnerability assessments. Apart from the traditional risk assessment of the accidental outages, hardware failures, and uptime (How to conduct an effective it security risk assessment, 2013, par. 10), the analysis of the actual security threats, i.e., the vulnerabilities discovered in the process, must be conducted.
It can also be suggested that the existing system could be improved with the introduction of the forest trusts. Despite the fact that the concept of a tree domain works relatively well within the specified structure, further expansion and, therefore, an increase in the significance of both efficient communication between the departments and the enhancement of autonomy among them will require a forest trust concept. Defined as the “a transitive trust between a forest root domain and a second forest root domain” (What are domain and forest trusts? 2014), the forest trust principle will trigger an easier data flow and will allow for a more efficient information processing.
Reference List
A practical guide to risk assessment. (2008). Web.
How to conduct an effective it security risk assessment. (2013). Web.
What are domain and forest trusts? (2014). The Microsoft Corporation.