Posted: August 16th, 2022

Threats, risks, and vulnerabilities to achieve a holistic view of risk across the

Step 5: Security Weakness Assessment
Name
Institution

Threats, risks, and vulnerabilities to achieve a holistic view of risk across the entity
From the information gathered, it is evident that the company’s network systems do not have a strong security system, and this is one of the reasons why the attackers were able to access the system. In other words, Boeing’s firewall protection is inadequate. The company is also vulnerable to attacks that emanate from cloud computing since it has not invested in a cloud computing provider that could secure this system. Boeing faces security risks from its employees as well. Employees with malicious intents can attack its systems utilizing information and access routes provided to them (Aycock, 2010 – Essay Writing Service: Write My Essay by Top-Notch Writer). Application threats are also present. When employees in the company share files with sensitive information over phone applications, those files could be exposed to attacks by cyber criminals. The risk of attack in the company may also emanate from the internet of things (IoT). Utilizing web services through applications in the phone expose the organization to IoT. This is attributable to the fact that the web is interconnected via multiple devices, and attackers can easily access one of these devices (Street et al., 2017). Another source of vulnerability comes from flaws in the development of software. Due to tight schedules or deadlines software developers may create products with flaws, which may in turn become vulnerabilities because hackers usually take advantage of them to initiate attacks into the organization’s database via different cyber-security attack methods.
Areas needing improvement
Various areas should be improved. From a technology perspective, Boeing needs to focus on redefining its current firewall settings and thus prevent unauthorized access to its systems. The company should also seek the services of a cloud computing company who will secure its cloud. Boeing should install intrusion detection and prevention systems, i.e., the IDS and IPS tools. These will assist the staff in the IT department to pin point and safeguard their wired and wireless networks against a number of security types of threat. From a people perspective, the company should ensure that confidential information is not sent to the public. The company can also cancel the credentials of workers who leave the company and make habitual changes in passwords to avert insider attacks from taking place. From a policy perspective, Boeing needs to provide rules and regulations that guide employees in the use of technological devices. This will ensure that they do not expose the company’s sensitive information to attacks.
Potential risks associated with maintaining the current security exposure include Man-in-the-middle attacks, Denial-of-service attack, phishing attacks and SQL injection. A man-in-the-middle attack takes place when the digital transmission channel is penetrated by the hackers allowing them to steal information that flows through it, particularly if the information is not encrypted (Dudorov, Stupples, & Newby, 2013). Denial-of-service attack occurs when a system or network is flooded with traffic with the aim of draining most of its bandwidth making it unable to accomplish genuine requests (Dudorov, Stupples, & Newby, 2013). Hackers usually implement phishing attacks via mails where the attacker sends multiple emails to unsuspecting targets, the main goal being to set up a malware into their gadgets which would then provide them with a leeway to steal important information. Attacks that pertain to SQL occur when hackers put in a number of malicious codes into the server. This then forces this server to expose information that would be retrieved easily.

References
Aycock, J. (2010 – Essay Writing Service: Write My Essay by Top-Notch Writer). Spyware and Adware. Berlin, Germany: Springer Science & Business
Media.
Dudorov, D., Stupples, D., & Newby, M. (2013). Probability Analysis of Cyber Attack Paths against Business and Commercial Enterprise Systems. 2013 European Intelligence and Security Informatics Conference. doi:10.1109/eisic.2013.13
Street, J. E., Nabors, K., Baskin, B., & Carey, M. J. (2017). Dissecting the Hack: The
Forbidden Network, Revised Edition. Rockland, MA: Syngress.

Order | Check Discount