Security auditing in any company involves establishing security levels in the company’s system. It comprises of vulnerability scans, reviewing applications and systems controls, and analyzing physical access into the system. Auditing is carried out to ensure information integrity of a company’s data and reliability of data exchange process through networked environment. In most cases, security auditing is done to ensure security measures are in place to protect the company against loss of information to the outside world. This paper addresses all the issues involved in security auditing of Ariam travel agency’s network and its premises.
Ariam travel agency handles bulk information that contains sensitive customers and employees’ information; it contains multiple external users and various e-commerce applications. Therefore, data security at this company is very important. Information that requires protection in this agency include customers details, associated business procedures, company policies, employees’ information, network documentation, security policies, and sensitive business procedures among others.
Firstly, when trying to cover the loopholes caused by network vulnerabilities, we identify people who have access to the company’s information. These include the employees, customers, programmers and network coordinators at large. Then, we sort out the limits of access of the information and the type of information various parties can access. Another factor is the occasion at which the data is accessible and from where the data can be retrieved. At this stage, we need to identify the network configuration, connection to the external network and the protection levels portrayed.
Since Ariam travel agency is a huge organization, network tools used are broad. We will seek to incorporate security tools to enhance security of data in the company and within the transmission period through the network. Therefore, we construct a topological representation of critical security models that we intend to implement within the organization. Among the tools are firewalls, proxy servers, encryption facilities, logical security and access controls, antivirus software and auditing systems.
As displayed on the above network diagram, Ariam Travel Agency comprises of six data centers with head data center located at Sydney. Since Sydney holds vital information, we shall opt to stock it with an extra security firewall. The firewall on each data center is placed before a switch connection. At the main data center, we structure the topology in a manner that is unique from all the other data centers. This is purposed for security reasons. The layout at this center is complex and many security measures will be put in place to ensure integrity.
Data center personnel
Each data center has a number of staff that has access to data. However, we limit the amount and type of data that various personnel can access....