Western Governors University C 727 Psinuvia Inc. Proposed Security Improvements

Document Content and Description Below

Psinuvia Inc. Proposed Security Improvements Presented by: name1. Physical threats to Psinuvia Inc., depending on the location of their offices, include natural disasters such as tornados affecting ... the office in Dallas, TX. These events, if realized, would threaten the main office as this facility provides 100% of the development, testing, and design of the pacemakers. The facility also stores roughly 40% of the products manufactured by the company. A loss of, or degradation of, operational capability at this facility would have a severe impact on the ability of Psinuvia Inc. to operate and fulfill orders. Environmental conditions, such as heavy rains and high humidity affect the office in Singapore as the country experiences monsoons on a continuous basis. Singapore manufactures and stores roughly 30% of the Psinuvia Inc. products. There currently is no plan to account for a surge in order fulfillment should the main office in Dallas, TX or Canada become impacted. All locations are subject to criminal acts, such as theft, the loss of proprietary information, to include prototypes, would have a catastrophic effect on Psinuvia Inc. Currently, there is not a robust physical and access control program in place to prevent or deter criminals (internal and external) from stealing hard drives, prototypes, and other physical assets at each location. The lack of a Disaster Recovery (DR) Plan and a Business Continuity (BC) Plan to address the risks mentioned above severely degrades the ability of the company to plan for future growth. Any realization of the threats would have a severe effect on the company to operate. If more than one of the threats occurred simultaneously, the effects could be catastrophic. 2. Logical vulnerabilities and threats putting Psinuvia Inc. at risk include the use of old antivirus software, unsecure firewalls, phishing campaigns, and malware attacks. The current anti-virus application that is hosted in the system is no longer supported by the vendor and we have not renewed the licensing. This has caused the virus signatures to become outdated which increases the chances that a virus can infiltrate our systems without detection, placing PII, PHI, financial, and company proprietary data at risk of exposure and theft and ultimately in violation of HIPAA rules which could cost the company civil and criminal penalties. With the ever-increasing number of malicious software attacks, Psinuvia Inc. enterprise network needs ensure they we are ready, willing, and able to defend against such threats. A malicious software attack puts the company at risk as this could result in the manipulation (integrity) and or the loss of data (availability) which would also result in HIPAA rule violations and penalties. The current firewall infrastructure does not have as much security configurations as it should, specifically the denial of all unauthorized traffic has not been implemented. This lack of configuration allows internal entities to access to anything within the network. The introduction of a virus would spread everywhere almost immediately if this is not locked down, ultimately resulting in an unusable system (availability). Because Psinuvia Inc. deals in PHI, PII, financial, and company proprietary data, this makes the company a prime target for hackers to try and infiltrate the system by conducting intelligence gathering utilizing social media platforms and other information available on the internet to steal data, resulting in a loss of confidentiality of the system. This coupled with the unsecure firewall could result in traffic that is malicious as well as the exfiltration of data out of the network without approval. [Show More]

Last updated: 2 years ago

Preview 1 out of 17 pages