Analysis Of Silver Star Mines Risk Assessment

Silver Star Mines risk assessment illustrates how a company can be at great danger if proper security measures and policies are not put in effect on every business process. In fact, “an IT security risk assessment is needed for each asset in the organization that requires protection” (Stallings, 2015, p. 486). According to the initial review, Silver Star Mines risk assessment highlights the following risk areas: Supervisory Control and Data Acquisition (SCADA) at top critical risk, stored information at extreme risk, financial, procurement, production systems at high risk and e-mail services at high risks accordingly. With this in mind, management should evaluate and take proper security measures to assets that need the most protection, assets

530). The risks assessment suggests to identify and manage critical documents and store them on a centralized application and file servers. Moreover, it proposes to use applicable controls. To further explain the applicable controls, role based control (RBAC) should be enabled to regulate access to the files resources based on the roles of individual users within the company. In this structure, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job proficiency, authority, and responsibility within the business. In fact, role describes the level of access that users have for their account. For example, by assigning roles to users, administrators can allow multiple users to complete tasks securely. Also, RBAC limits risk by ensuring that users do not have access beyond their training or level of control. Thus, an employee 's role determines the level of permissions granted and ensures that junior level employees are not able to access sensitive information or perform high level tasks. Additionally, an employee education and security awareness program should be implemented to improve employee behavior, hold employees accountable for their actions, complying with rules, and improve employee knowledge base on

Likewise, the report suggests to implement a contingency planning and perform a backup on the e-mail service. Equally important, UTM deployment “systems can provide an organization with a defense in depth using multiple layers of filters and defense mechanisms to thwart attacks. One methodology to reducing the administrative and performance problem is to replace all inline network products (firewall, IPS, IDS, VPN, anti spam, antispyware, and so on) with a single device that integrates a variety of approaches to dealing with network-based attacks.” (Stallings, 2015, p. 326). Indeed, UTMs offer great protection advantages such as IDS/IPS, antimalware, anti spam and content filtering in a single, easy to manage appliance. More recently UTMs have added features, like load balancing, VPN and data loss prevention (DLP), and are progressively delivered as a service via the cloud. Again, employee security training on e-mail risks and development of policies are critical to the prevention of risks associated with spam email, worms, exploits, etc. Additional services can be implemented such as SaaS Endpoint protection to defend against email threats by scanning messages before they reach the network, and by blocking or quarantining detections