Windows Vista is outdated. This company needs to update all their machines to Windows 7 or 8. There aren’t any updates miming for Windows Vista anymore therefore they are putting their company at risk everyday that they keep Vista. Also, it’s stated that the workstations connect via industry standard managed switches. This may not be a high risk but it is still a risk. The remote production facilities are connected to headquarters via routers T-1 (1. 4 Mbps telecoms circuit) LANA connections provided by an external ISP and share an internet connection through a firewall at headquarters. They do have firewalls in place; however there are still threats in place. Anyone could breach this firewall and use their system since it’s an external ISP. Individual sales personnel connect to the system using a VPN which is great however they have to connect using their own individual internet connection typically in a home office.
This puts them and the company at risk because again anyone could breach this internet connection. There needs to be multiple layers of security and firewalls protecting the information. 4. To prevent risk or threats of any kind you must safeguard all information stored on the database server. Employees have private information regarding business and customers stored on the database server and the loss or accidental leak of data could be a major it to the company.
This is why it is so important to use the risk management techniques of avoidance, transfer, and mitigation. In this certain case with the information that has been provided I believe that avoidance and mitigation are the most important of the risk management techniques. The company could modify the technical environment and train the employees. Also by eliminating the source of the risk and eliminating the exposure of assets to the risk is another way to reduce the impact of the risk.