DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Cover image for Company information security analysis
Awal Ariansyah
Awal Ariansyah

Posted on

Company information security analysis

In my recent class of college, a Network and Information Security, I have tasked to do some analysis of a company and identify the information assets and also the threat of that company. So, I decided to write it here.

Before we jump, I will explain briefly what I learned so far regarding to Network and Information Security.

What is information system?

I will rephrase the definition from Satzinger, Jackson and Burd.

Information System is a group that are linked one to another in purpose of gathering, processing and storing information that can be used as an output to solve a business problem. (Satzinger, Jackson, Burd: 2010).

What is assets?

Assets in terms of Information System is an assets that is important as the fundamental block of the system.

Assets categorised into:

  • Personnel
  • Hardware
  • Application software
  • System software
  • Data
  • Facility
  • Support

What is a threats?

Threats is an action or event in a company that can occurs in the form of harm, resulting in losses. It can be losses in money or costs, energy or effort and even opportunity, good reputation and bankruptcy.

The category of threats:

  • Human resources failures
  • Hardware failures
  • Software failures
  • External threats
  • Internal threats
  • Financial
  • Nature

The purpose of information security

A value of information will be valued by the people if it can be trusted for:

  • Integrity
  • Confidentiality
  • Availability
  • Authenticity

Company analysis

Now we are back to the task, the company I picked is a local Indonesian hosting company, namely Rumahweb.

Rumahweb - Painless hosting solution, is a Platform as a Service (PaaS) provider that serves a web hosting as well as domain registration focusing in a low to mid-level online businesses. (https://www.rumahweb.com/).

I am not trying to promote Rumahweb, but it is worth to check due to cheap cost for your development test. So, let us analyse the assets and the threats of Rumahweb.

Assets analysis

Personnel

As a platform service, sure they had a lot of personnel. Let's just mention several of them. Customer supports, Accountant, and probably the whole IT departments such as IT support, Database Administrator, Back end Developer, Front End Developer and more.

Hardware

The hardware is a server computer with a lot of VM's running and also a datacenter to store customer's data. It can be independent server, or partnering with bigger cloud company like AWS, Alibaba, Litespeed, Google Cloud or Digital Ocean.

Application software

In the client-area it will provide a web-based application of cPanel with tools and utilities.

System software

Rumahweb provide a Virtual Private Server a.k.a VPS to handle system-level of business requirements.

Data

They store a client's application data, the critical data of the company and other internal data such as financial data and services documentation.

Facility

The company essential facility of Rumahweb is the office building. They have 2 building, a headquarter and a branch buildings located in Yogyakarta and Jakarta respectively.

Support

Support or helper assets of Rumahweb is the Indonesian Law to protect the client's data and the eligibility of the company itself.

Threats analysis

Human resources failure

No system is safe

No matter how secure a system, a failure can happen. Especially in the human's level, a social engineering is the common threats with a fatality depends on the target and the data leaked.

A hosting provider, typically can happen a failure from the non-IT staff due to Social Engineering. That does not mean an IT staff would not likely to be affected.

Hardware failures

Hardware failures can happen like the server overheat, unnoticed damage in hardware, low quality hardware. I can not think anymore example.

Software failures

This category of failures is the common one among many company, it can be causes by missed User Experience implementation, outdated application, and poor user-interface.

External threats

In a hosting provider scenario, the bad actor is going to target the client from the hosting provider because the client is the first-layer of the attack.

The threats can be a Remote Code Execution due to poor web application deployed to the hosting, a phising, DDoS, or a malware that steal the access token's users.

Internal threats

Internal threats from the perspective of the company would be a sabotage, human-error as well as non-technical problems among the staff.

Financial threats

The financial threats of Rumahweb would be can not afford an infrastructure to scale the client's business either by financial miscalculation, partner regulations, and wrong financial strategy.

The others would be lost to its own competitor.

Nature threats

This one is an easy analysis, if Rumahweb only relies on Regional or National data centre, the nature threats would be a Flood or a Earthquake.

Because those are the most common disaster that occurs in Indonesia.

Conclusion

Well, that's wrap all of it. I am sorry if you are ended up reading into this section and do not find it any useful. I wrote this as my part of college's task, so enjoy.

I hope you learn something new, thank you.

Top comments (0)

Timeless DEV post...

How to write a kickass README

Arguably the single most important piece of documentation for any open source project is the README. A good README not only informs people what the project does and who it is for but also how they use and contribute to it.

If you write a README without sufficient explanation of what your project does or how people can use it then it pretty much defeats the purpose of being open source as other developers are less likely to engage with or contribute towards it.