Assignment Writing Help on Information security for SLS Company

Information security for SLS Company

In terms of external monitoring, SLP Company needs to install software that can detect external attacks before they strike. For example, the company should install firewall and antivirus software into its system to limit external attacks. This would secure the company from external attacks thereby minimize the number of attacks the company may have to deal with. As the case depicts, it is possible that the company does not have such software. In other words, if the company had software that could detect external attacks, then it could have detected the unsolicited commercial emails Bob received. Suffice to say that the reason behind the attack was lack of such software. Apart from installing such software, the company should have an IT department that solely deals with all forms of attacks (Whitman, & Mattord, 2012). The said department should monitor regularly possible attacks and deal with them.

Even though majority of the attacks could be external, it is also possible to have internal attacks. These attacks could emanate from the company’s employee in case there are vulnerabilities in the company’s system. Therefore, it would be advisable for the company to have an internal monitoring system that could update the IT department about the state of the company’s system regularly. The main task of the internal monitoring system would be to document and communicate possible attacks to the relevant authorities. In return, the relevant authority should address the possible threats that could be detected by this system.    

All things said and done, SLS Company should plan before hand the way it should address both internal and external attacks. At the same time, the company should develop mechanisms for identifying and documenting possible attacks. Accordingly, the company’s system could be able to detect new programs that could threaten it. This means that the system should be able to detect threats that could emanate from new programs, projects and processes. In such a case, the company’s system should be able to block new programs, processes and project before executing them and prompt for permission. If the company could assess risks effectively through this mechanism, then it could identify risks and deal with them before they expose the system to risks (Whitman, & Mattord, 2012). For example, it would be necessary for the company to install firewall into its system so as to avert some risks.    

Over and above, the company should continually assess areas that are vulnerable to attacks and fix those areas. In other words, the company should not take precautionary measures after attacks, but it should be proactive in this exercise. For example, the company should collect intelligence information about its vulnerable areas and address those areas before attacks strike. In fact, at this age of high internet connectivity, SLS Company should assess regularly areas that could be vulnerable to internet attack. Such exercise could minimize external attacks as well as internal attacks (Whitman, & Mattord, 2012). At the same time, the company should assess all areas that could be vulnerable to attacks and if possible block those areas. For example, the company should block external devices such as diskette and compact discs from accessing its system. This exercise could limit the number of external devices that could be introduced to the system; thus, minimize threats.

Finally, the company needs to review its security policies from time to time as a way of ensuring that they are always operational and that they are out of danger. Besides, the company needs to conduct security program review as a way of enhancing them.

Reference

Whitman, M., & Mattord, H. (2012). Principles of information security. 20 channel center, Boston: Cengage Learning.