An Investigation into the Level of Security at Bridgewater

10,000 3,000

Topic Description

 ALL listed project topics on our website are complete material from chapter 1-5 which are well supervised and approved by lecturers who are intellectual in their various fields of discipline, documented to assist you with complete, quality and well organized researched materials. which should be use as reference or Guild line...  See frequently asked questions and answeres

A b s t r a c t
The objective of this project was to determine the level of security of the organisation Bridgewater Travel.
A security audit based on a model adapted from the collective work of academic literature was
undertaken to asses the secur ity controls in place against the British Standard BS7799. The audit process revealed that the current information security at the organisation is inadequate, and recommendations were made to improve information security at the firm to protect its key info rmation assets and to a degree approved by the British government. To compile this report, the audit process involved review of academic literature, review of the firm’s security policy, risk analysis and project review leading to the creation of a separat e document to be presented to the company highlighting the project findings and recommendations

1 Understanding the Problem 1
1.1 Introduction 1
1.1.1 Background to company 1
1.1.2 Project Problem 1
1.1.3 Problem implications 1
1.2 Background Reading 2
1.2.1 Security 2
1.2.2 Framework 3
1.2.3 Security Policy 4
1.2.4 Risk Analysis 5
1.2.5 Audit 7 BS 7799 / BS ISO 17799:2000 Information
Management Security Systems
7 AS/NZS 4444.1:1999 Information security
1.2.6 Review 9
2. Project Management 10
3. Producing a Solution 10
3.1 Identify the legal and business requirements 10
3.2 Identify and Value the Information assets 11
3.3 Identify Threats and Vulnerabilities 11
3.3.1 Threat Identification 12
3.3.2. Vulnerability Identification 14
3.4 Assess the Likelihood of Each Risk Event 14
3.5 Asses the Actual Risks 19
3.5.1 Direct attack on Data from Internet 20
3.5.2 Accidental Data Overwrite/ Deletion of Data
Records Inside Database
3.5.3 Malicious Intent to Copy/ Delete Files Over Network 22
3.5.4 Malicious Intent to Copy/Delete Files Directly
at Datastore & Physical Theft
3.5.5 Attack from Internet via Malicious
Code Received from E-mail
4. Evaluation 26
4.1 What the problem was and how the solution solves this problem 26
4.2 The findings from the audit 26
4.3 Criticisms of the methodology 27
4.4 Recommendations 28
4.4.1 Direct Attack on Data from Internet 28
4.4.2 Accidental overwrite/ deletion of data records inside database 29
4.4.3 Malicious intent to copy/ delete files over network 30
4.4.4 Malicious intent to copy/delete files
directly at datastore & physical theft of data store
4.4.5 Attack from internet via
malicious code received from e-mail
4.5 Potential for Extensions 32
5. Appendices