Create a strengths, weaknesses, opportunities, and threats (SWOT) for IT organization

In
preparation for the final submission to the management team of the organization
(Puget Sound Micro), one will create a strengths, weaknesses, opportunities,
and threats (SWOT).


In an
analysis, create the following:

A SWOT analysis.

Critique the report (below) and describe what
could have been completed better. Explain why.


From
the Report, the types of tests that would be performed better arose based on
the complacent and lackadaisical climate of the organization being audited.

·       
Examples of tests that could have been
performed better included vulnerability scans, social engineering, and
penetration tests. Under this test, the organization’s security level was
evaluated through triaging applications. The penetration testing included
initiating or simulating real-life cyber-attacks to determine how vulnerable an
organization is to such threats (Khera et al., 2019). This can be done by
making infiltrative attempts or installing viruses in the systems to check
their preparedness for intrusion detection and response. Lastly, social
engineering testing was done where the workforce carelessly released sensitive
information for hackers to have access to systems without permission (Washo,
2021).

·       
Some indicative test results that could have
been better included unpatched trials and misconfigured network devices,
subjecting the organization to a plethora of diverse threats. Lack of policy and
training also caused human errors such as downloaded malware. What is more,
there was physical security vulnerabilities, including insecure access to network
server rooms and other critical areas, translating to intellectual theft and
damage to the physical property of the company. Lastly, there was improper
updating and testing of controls by organization, thus leaving the organization
with loopholes and weaknesses and subjecting the information security posture
to unnecessary threats and vulnerabilities.

Weaknesses

·       
Unpatched Software: Puget Sound Micro does not
run regular software updates, exposing its systems to known security threats
and exploits. This increases the risks of successful attacks on Puget Sound Micro’s
Information Technology (IT) infrastructure.

·       
Misconfigured Network Devices: Puget Sound Micro
fails to properly configure network devices since some ports of entry remain
open to perpetrators. This includes weak passwords or default settings,
providing seamless access to unauthorized users.

·       
Lack of security policies: The Puget Sound Micro
needs to set up elaborate security policies to enforce their systems in case of
breaches caused by human errors and inadvertences.

·       
Human errors – Harmful software is mistakenly
installed within the system by one of the Puget Sound Micro staff members,
which means it is insecure. This reveals an absolute necessity for proper
training and awareness programs among employees to prevent such mistakes from
recurring.

·       
Physical security: The server room in Puget Sound
Micro can be accessed by unauthorized persons, making it easy for physical
theft or damage to Puget Sound Micro’s IT resources.

Opportunities

·       
Hardware: All servers, workstations, and other
networking equipment fall under the hardware assets of Puget Sound Micro. These
hardware assets bear the evidence of activities critical to the operations and
interests of the organization. Protecting these from threats, vulnerabilities,
and the likelihood of risks is imperative.

·       
Software – Puget Sound Micro software includes
operating systems, application software, and databases. These are the most
confidential corporate and client information; hence, they must be adequately
secured against information security breaches.

·       
Data: This is information about the clients
and intellectual property of the Puget Sound Micro. These are sensitive data
necessary and must not be compromised through unauthorized access or corporate theft.

·       
Human Resources – Puget Sound Micro human
resources includes the IT staff that maintains and secures the IT
infrastructure. Proper training and awareness of security protocols are
requisites to prevent errors by these personnel.

·       
Physical Infrastructure: The server room
supports the critical IT infrastructure. Countermeasures must be implemented to
address physical security, from theft to destruction.

Strengths

·       
Data – This is the most vulnerable asset since
it serves as the primary target of malicious persons (Madnick, 2023). In the
case of Puget Sound Micro, its data comprises sensitive details about the
company and its clients. The lack of security measures, like patching and
configuring network devices, makes it more open to the threat of data breaches,
which translates to financial and valuable reputational damages.

·       
Software assets: These may disclose sensitive
information, typically earning them the second position. The systems lack
proper security policies and patching updates, making them open to exploitation
by cyber-attackers.

·       
Hardware assets come third because they are
susceptible to physical theft and damage. The high risk of these assets stems
from faulty physical security, antiquated software, and weak configurations on Puget
Sound Micro network devices.

·       
Physical infrastructure: Physical
infrastructure, such as the server room, comes in fourth place. Failure to
implement necessary physical measures to secure access to the server room can
make it susceptible to physical theft or damage. This could negatively affect
the Puget Sound Micro organization’s operations.

·       
Human Resources: Puget Sound Micro human
resources, which are included under this category,

are IT personnel. Indeed, human errors such as non-intentional malware
downloads could compromise IT infrastructure. Such mistakes have reportedly
already occurred among

Puget Sound Micro employees before. This calls for the implementation of
training and awareness programs considering these observations.

·        IT
Policies: IT Policies are in the sixth position. The partial absence of
complete security policies exposes Puget Sound Micro’s systems to human errors
and unintentional breaches. In contrast,

proper policies protect the systems from breaches and strengthen the Puget Sound
Micro organization’s IT environment.

 

References

Khera,
Y., Kumar, D., & Garg, N. (2019, February). Analysis and impact of vulnerability
assessment and penetration testing. In 2019 International Conference on Machine
Learning, Big Data, Cloud and Parallel Computing (COMITCon) (pp. 525–530).
IEEE. Retrieved from
https://www.researchgate.net/publication/336439468_Analysis_and_Impact_of_Vulnerability_Assessment_and_Penetration_Testing

Washo,
A. H. (2021). An interdisciplinary view of social engineering: A call to action
for research. Computers in Human Behavior Reports, p. 4, 100126. Retrieved from
https://www.sciencedirect.com/science/article/pii/S2451958821000749

 

Lastly, create
a simulated certification and accreditation document for review and create a signature
from instructor. Document can have embedded tables and/or text.

Are you struggling with your paper? Let us handle it - WE ARE EXPERTS!

Whatever paper you need - we will help you write it

Get started

Starts at $9 /page

How our paper writing service works

It's very simple!

  • Fill out the order form

    Complete the order form by providing as much information as possible, and then click the submit button.

  • Choose writer

    Select your preferred writer for the project, or let us assign the best writer for you.

  • Add funds

    Allocate funds to your wallet. You can release these funds to the writer incrementally, after each section is completed and meets your expected quality.

  • Ready

    Download the finished work. Review the paper and request free edits if needed. Optionally, rate the writer and leave a review.