Security Improvement Report 2012

1995 words - 8 pages

DIAB INC.

12
Security Improvements Report 2012
IT Infrastructure Department Yearly Security Analysis
Germaine Henderson

Contents
Company Background 4
Problem Statement 4
Potential Solutions 4
Email Encryption 5
ISO document database encryption 6
Domino Web Application security and encryption 7
VPN access for employees 8
Summary 9

Company Background
DIAB has been at the leading edge of composite core material development for over fifty years. In particular it has pioneered the use of the sandwich concept to make structures that are significantly lighter and stronger than those made from steel, aluminum and wood. The company has also been very much the technology ...view middle of the document...

Globally DIAB uses Lotus Domino from IBM as its email platform. This platform should be leveraged within the network to not only secure and encryption email messages, but also all data stored within the Domino Document server. By leveraging the internal encryption functions in Domino, DIAB INC can encrypt messages sent to other users, network ports, internet transactions, and also documents and databases. Lotus Domino uses public and private keys to encrypt data. Domino can be setup to automatically create a Lotus Notes certificate containing the user's public keys while registering a user. The user's private key is located within the user's id file. To create Lotus Notes public and private keys, Lotus Domino uses the dual-key RSA Cryptosystem and the RC2, RC4, and AES algorithms for encryption. To create the Internet public key, Lotus Domino uses the X.509 certificate format, which is an industry-standard format that many applications, including Lotus Domino, understand.
Both the Lotus Notes client and Lotus Domino server support registration of up to:
* 4096-bit RSA keys for both Lotus Notes and Internet certifiers. You can also roll over existing Lotus Notes certifiers with smaller keys to 4096-bit keys;
* 2048-bit RSA keys for user and server certificates;
* 128-bit symmetric key for S/MIME and SSL.

Larger keys provide stronger security from hackers. For instance, it would be more difficult for a private key to be deciphered based on a public one. It would also be more difficult for someone to forge cryptographic signatures on documents, agents, forms, and email.

Email Encryption

The Lotus Notes email client can be setup to use S/MIME encryption and electronic signatures when sending mail to other users of mail applications that support S/MIME. This will provide DIAB with an end to end email security solution. However, Domino also provides the ability to provide AES encryption. AES should be the encryption method we use because it meets FIPS 140-2 requirements. By meeting the FIPS requirements, DIAB FST department will finally be able to meet Department of Defense contractor requirements. This will allow DIAB to finally compete for future contracts with the government and other contractors that require FIPS certification. The only requirement that DIAB would need to meet IBM requirements for encrypting AES for messaging will be to ensure that all Domino servers in all locations are upgraded to at least release 8.0.1. If not, then older clients will not be able to decrypt AES-encrypted messages. The user base will not experience a major change in the user interface and the encryption function is handled on the Domino server side within the users .id file. The process for updating the ID files for AES encryption is as simple as changing the ID File Encryption Settings for all users. This process can be done over night during a maintenance window to run an agent at each site to update this file.
ISO document...

Other Essays Like Security Improvement Report 2012

Internet Technology, Marketing and Security Essay

1810 words - 8 pages . Retrieved February 24, 2012, from http://thomas.loc.gov/cgi-bin/query/z?c111:h4962 Privacy Rights Clearinghouse. (2011, December 16). Data breaches: A year in review. Privacy Rights Clearinghouse. Retrieved February 24, 2012, from http://www.privacyrights.org/data-breach-year-review-2011 Rosser, D. (2011, March 25). Information security awareness. Plecco Technologies, Inc. Retrieved February 24, 2012, from http://www.plecco.net/blogs/web-security

Financial Portfolio Essay

3099 words - 13 pages benchmarks (CNNMoney, 2012). Citigroup Inc. operates with 3 main subgroups: (a) Citicorp, (b) Citi Holdings, and (c) Corporate/other and the performance of each subgroup are equally important to the overall financial health of the company. As a security within Team B’s portfolio, the team must analyze the company’s 2011 financial and investment annual reports, general economic data, and Federal Reserve data to ensure the company is a proper fit for the

Why Immigration Reform Is Unnecessary

1180 words - 5 pages should be regulated and, to a certain extent, restricted for economic, security and cultural reasons. I argue that Immigration Reform is not needed in the United States because it will have detrimental effects on the economic stability, innovation, and reputation of the country. Reform, refers to the changing, improvement or restructuring of something. In the United States, Immigration Reform is used by both those who support and those who oppose

Aft2 Task 2

3115 words - 13 pages throughout the entire patient flow process from registration to discharge, and not focus solely on one department, such as the surgical department. It is recommended that the board of directors of the hospital organize a quality improvement team with representation from departments throughout the facility, including security, patient account services (registration), inpatient departments (including OB, pediatrics, and NICU), surgery, radiology, the CNO

Supply Chain Security About Target

4344 words - 18 pages the Social Responsibility Report 2014, the company only purchase responsible source of seafood to sell for both owned and national brands, since healthy oceans are critical to a healthy planet (Target Inc., 2014). Target ensured that fresh and frozen seafood is 100% sustainable and traceable, or in a credible, time-bound improvement process. Through the partnership with FishWise, Target makes progress by continuing to purchase from responsible

Technical Data Controller

810 words - 4 pages N&H Investments Inc.   March  12,  2012     To:  David  Maybach,  Director  IT  security     From:  Norman  Haughton,  IT  Security  Analyst     Subject:  Progress  of  the  ‘’Web  Security  Two-­‐Factor  access‘’  Project  at  N&H   Investments     Dear  Mr.  Maybach,     In  keeping  with  our  corporate  objective

Child Labor

8632 words - 35 pages number of labor inspectors from 130 to 380. (18) Despite this improvement, ILO reports that this department is understaffed and lacks sector-specific occupational safety and health guidelines, which weakens enforcement efforts.(76) Regional Bureaus of Social and Labor Affairs (BOLSAs) and City Administration are responsible for labor inspections at the zonal offices, and regional and city levels.(76) In 2012, the BOLSA office in Addis Ababa

Policing Cybercrime

1639 words - 7 pages , hacking, releasing viruses, shutting down computers by flooding them with unwarranted information. In addition, because of the vast improvement in technology, everything we trusted to safe secure and inaccessible, such as financial records, social security numbers and other personal information, can now easily accessed by a more technology savvy cyber-criminal and may even be used against us.

A Comparison of Information Security Surveys

3096 words - 13 pages intellectual property theft (Yuan, 2005). These problems still exist today; however, the true impact of internal and external online security breaches is unknown as only a small percentage of organizations actually report intrusions of their information systems to law enforcement (Turban et al., 2008). In order to improve awareness and determine the true financial and operational impact of these internal and external information systems security

Breach Analysis

522 words - 3 pages “Operation Get Rich or Die Tryin’ Case Study Report The impact to the organizations involved is very large and can be catastrophic if they are not quick to respond to the security breach in their network fast, in a few different ways. A company needs to be very proactive here and have a well-planned out security plan in place along with a security breach plan and response in place and the right people from within the company and outside the

Database Systems for Business

3910 words - 16 pages management. (Rainer & Watson, 2012) DBMS are implementable in organisations of any size and can operate on a single PC or on a mainframe serving many computers. (Hardcastle, 2011) Benefits In comparison to file based data storage, DBMS offer significant advantages including increased quality and accessibility of data, speed of processing and data security. Ease of Access – Employees can easily access the information they need since the data is

Related Papers

Cyber Security Essay

2577 words - 11 pages economic security, national public health or safety, or any com bination of those matters." (Caldwell ct al., 2012) ft moves to promote efficiency and effectiveness. innovation and modernization , and economic improvement and opulence, all the while increasing privacy. confidentially and discreetness of communications. Protecting their com panies from cybcr attacks included but were not limited to Trojan. viruses, worms, dos, unauthorized

Security Manager’s Role And Responsibilities Essay

1100 words - 5 pages responsibilities for the hospital security manager include; identifying risk, make recommendations, and manage programs. The hospital risk manager identify risk by examining reports of past incidents and claims, loss and liability reports, risk data report of local and national hospitals with similar cases. Also, they monitor staff behavior or work environment for compliance to policies and procedures, and may even ask the hospital management to submit risk

Hipaa How The Security Rule Supports The Privacy Rule

1643 words - 7 pages /transportable digital memory media • All transmission media used to exchange information such as the Internet, leased lines, dial-up, intranets, and private networks.(wv.gov, 2012) How the Security Rule Supports the Privacy Rule: According to HIMMS, The HIPAA Security Rule and Privacy Rule should work together. The Privacy Rule defines how the information should be used, providing rules for disclosure and access. The Security Rule defines the

International Risk Management: An Analysis Of 3m's Foreign Risk Management

5283 words - 22 pages % accordingly. Table 13: Consumer and Office Business Source: Annual Report 2012 Safety, Security and Protection Services incurred a loss on the worth of sales in 2012, because of currency translation. The loss was 2.7%, however, in 2011 and 2010, the effect was positive- the benefit was 3.4% and 0.5% respectively. Table 14: Safety, Security and Protection Services Business Source: Annual Report 2012 Display and Graphics segment