Sample Case Study Paper on Network Security

Network Security

The current reliance on wireless connections for connectivity and transfer of data has had numerous repercussions for organizations, especially when these connections have vulnerabilities that can easily be manipulated by leechers and hackers. Such vulnerabilities expose intricate customer data such as credit cards, financial and confidential information. While organizations may also have strongly protected networks, employee access to some information that they are not authorized to can also be a major avenue of information theft and leakages.  It is therefore important that an organization put in place a risk management policy that addresses wireless network security and information access only by authorized individuals.

Although the cost of securing a wireless network may seem high, especially for a corporation that has not been attacked, it is estimated that the cost for any breach, for companies handling customer accounts, can be more than $300 for every breached account (Motorola, 2009). The cost for such intrusions sometimes transcends the monetary costs to a damaged image, loss of confidence, and time wastage in data recovery and system security. The same costs are also incurred in cases of inside jobs where employees access and steal valuable information through unauthorized access to such valuable information. It is therefore imperative that a risk management policy be in place to deter hacker intrusion into the system, as well as only allow authorized personnel access to valuable information.

In developing the risk management policy, the initial stages involve the identification of the vulnerabilities present within the system and organization. Given the nature of the vulnerabilities (wireless network security and access authorization); therefore, the policy will therefore involve the mitigation and action plan for these two risks. Securing the wireless network will not only require intrusion detection and prevention systems but compliance with industry and government regulations. The PCI-DSS (Payment Card Industry Data Security Standard) provides security guidelines for the prevention of credit card identity theft and fraud (Motorola, 2009).

Implementing a user policy will assist in risk management since employees will not be able to establish personal wireless installations without prior approval.  Additionally, it is important to identify the information present within the network for precise assessment and reasonability of the security plan. For networks that carry sensitive information, tighter security will be requisite, than those with general information. Even more important for the security of the wireless network will be an inventory of all access points. Not only does this improve project management, it also improves the capacity for management and updating of device settings and configurations, in addition to the application of patches network management and device security (Sharpe, 2003).

At the same stance, the risk management policy will involve an access control policy in which rules are specified for access to various levels of information. This stipulates operational needs of different levels and the access to information for operation within the given level (McGraw, 2012). Therefore, only personnel with a certain level of clearance can gain access to particular information. This is in addition to having an overarching authorization to different departments within the network. This mitigates the chances of unauthorized individuals getting access to information above their level. Developing the sub-level information access protocol, therefore, determines each individual’s operational needs and grants access according to the operational needs as stipulated by the risk management and company policy.

References

McGraw, R. W. (2012). Risk-Adaptable Access Control. Trusted Computing Group.

Motorola. (2009). What You Need to Know about WLAN Security. Motorola

Sharpe, R. E. (2003). Risk Management of Wireless Networks. Comptroller of the Currency Administrator of National Banks