Vulnerability of an Organization

A security vulnerability is any characteristic in a system which makes an asset more vulnerable to threats. The combination of threats, vulnerabilities, and assets provides a quantified and/or qualified measure of the likelihood of threats being realized against assets as well as the impact caused due to the realization of a threat. This measure is known as the security risk. Thus, the security mechanisms provide capabilities that reduce the security risk of a system. ( Douligeris, C. & N. Serpanos, D. (eds), 2007)

Vulnerabilities of an organization

According to Case Study 1, a number of vulnerabilities were found to be an affecting the security aspects of Jacket-X that are found in all sections of the organization. The vulnerabilities found at Jacket-X affected the following areas such as, internal factors, contractors, password, policy, data storage, access control, payroll process, users’ training and awareness, improper of network configuration, privacy issues relating to employees and external factors.

Internal factors

Internal vulnerabilities affecting Jacket-X are network security, protocols and services, user security, data storage security and password security.

Efficient network security is the backbone of any organization and the network is the gateway of many business activities. In the case of Jacket-X, the network security infrastructure lacks the capability of logging adequate network activities. Logging of network activity is a vital part of security; lags in logging can allow suspicious activity to pass unnoticed and in time of breach there is not enough information to track down the root of the attack. Also, Jacket-X upgraded system do not have adequate feature for logging failed login attempts, Jacket-X can analyze such logs to determine unauthorized network attempts into their system. In Marcella & Menendez (2008), organization should provide adequate storage for network activity-related logs. Organizations should estimate typical and peak log usage, determine how many hours or days worth of data should be retained based on the organization's policies, and ensure that systems and applications have sufficient storage available. Logs related to computer security incidents might need to be kept for a substantially longer period of time than other logs and these logs can aid network administrator to in fixing other issues.

Protocols and Services of the network components are not properly configured in particular reference to opened network ports. Temporarily opening firewall ports without first testing for vulnerabilities is very unsafe. Unused network ports should be closed and network tools such as Nmap, Snort, Nessus or GFI LanGuard can utilized detect and configure any open ports and unused ports of network servers.

In order avoid Jacket-X