Length: Minimum of 650 words Title: [yourname]_ISOL536_Summer2021Main_Week14Portfolio_Assignment.docxIn week #8, your midterm project was to provide a security assessment for Vestige, Inc, an online

Length: Minimum of 650 words Title: [yourname]_ISOL536_Summer2021Main_Week14Portfolio_Assignment.docxIn week #8, your midterm project was to provide a security assessment for Vestige, Inc, an online
Security Architecture and Design Santhosh Kumar Ram Kumar University of the Cumberlands ISOL 536: Security Architecture& design Dr. Sherri Brinson June 27, 2021 Security Architecture and Design Vestige Inc. is a software company whose database needs to be linked with the database of Vestiges parent company to make business operations more effective. To ensure that they are guaranteed security before the two are related, the Vestige system needs to be assessed and verified. Having trained to be a system architect, I have been responsible for evaluating Vestige and determining its security. Company system assessment is essential since it prevents any future insecurities such as cybercrimes resulting in loss or exposure of crucial private information in its database. Everything in the company is run online, which means the company has to ensure total security and ensure customers’ data and the company are well protected. As the system Architect, I will analyze the combination of Information technology components and policies that the company has adopted to reduce future risks. Through the assessment, the Vestige Company will be able to identify risks and avoid them. Assessing the company’s security risk is a fundamental element of an efficient enterprise security strategy. This assessment mitigates the impact a security breach would bring to a company(Causey, 2013). The check prevents the occurrences of such breach in the first place. Small companies are the most vulnerable and have the most loss, especially when an assessment is not well conducted. As the system architect, the first thing I did is to identify the assets of Vestige Company. After identifying the help, I created a database of the assets. The assets included software applications, laptops, servers, networks, desktops, websites, and personal devices that employees use to check external drives and emails. After this, I identified how each asset is vital to the company and its standards. After identifying the help, I then reviewed the existing security policies in the company. Some of the approaches I identified were password management policies, data backup plans, and security updates from time to time. These policies were essential in the company since they would help protect the assets, which allows the company in its daily operations. From there, I identified the threats that could harm the company. The company only thought about threats like malware and hackers and failed to understand that hardware failure may occur; natural disasters like fire and earthquakes may also arise and destroy the companies assets (Causey, 2013). Therefore I identified these security issues and recommended cloud and drive data backup. Additionally, I identified vulnerabilities within the company system that could enable a threat to harm the company. I remembered this through audit reports and an automated vulnerability scanning tool. One of the vulnerabilities I identified is the company’s lack of explaining to employees the danger of clicking on any link sent to them (White, 2014). Such links can cause security dangers. To reduce this risk, I advised the company to use IT security software which offers features like vulnerability alerts and vulnerability scanning to identify vulnerable parts in the networks and applications used in the company. As the system architect, I also analyzed the control measures the company had put into place to eliminate the probability of a threat exploiting a vulnerability. Some of the control the company has is encryption and authentication solutions. After determining the likelihood of an incident occurring, there was a low likelihood of an attack since the company had tried to implement various prevention measures. However, the probability of an employee clicking any sent link was high, which would place the company at cyberattack risk. Besides, I recommended some additional measures the company would take to avoid the potential threats I had identified during the assessment (Maria, 2018). The control measures the company should take to prevent the identified risks are training their employees on how clicking on any unknown link can be a threat to the company. In most cases, hackers use links to trap the data and information of a company. Therefore employees must be careful about that. Besides, the company should constantly update its hardware and new application to ensure they are up to date and more secure. From the analyses and assessment I conducted in Vestige Company as the System Architect, I identified that the company had put effort to stay safe and minimize the occurrences of threats. In areas where risk was more likely, I offered solutions. With the policies and security measures put in place, there is a low likelihood of significant threats. Therefore I verified the company to be secure, and the parent company database can connect to that of the Vestige database. References Causey B. (2013). How to Conduct an Effective IT Security Risk Assessment. https://security.vt.edu/content/dam/security_vt_edu/downloads/risk_assessment/strategy-how-to-conduct-an-effective-it-security-risk-assessment_2411470.pdf Maria, G. (2018). Everything you need to know about security assessments to safeguard your data. https://www.getapp.com/resources/how-to-conduct-a-security-assessment/