1.      Security and Privacy Issues
The installation of a comprehensive Lotus Notes and Domino system brings about a host of security and privacy issue. As a wide variety of sensitive corporate information on Kucera Clothiers is stored and easily accessibly on the Lotus Notes and Domino system, the security and integrity of this information, as well as read and write access, is a critical issue.

 

There are two main security risks that Kucera Clothiers’ need to address. The first is external attacks by hackers which attempt to access the data stored in Lotus Notes and Domino, namely information such as credit card numbers or contact numbers. The second is unauthorized access by either internal employees of Kucera Clothiers’, or external parties through various intrusive methods, to sensitive customer data such as credit card numbers and details or addresses for non-official purposes.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Lotus Notes and Domino has certain inbuilt security features, such as public key cryptography for client-server and server-server authentication as well as the encryption of data stored in the Lotus Notes and Domino servers. However, the inbuilt security features in Lotus Notes and Domino are neither foolproof nor sufficient to ensure that customer data stored by Kucera Clothiers’ in confidence is safe and secure.

 

2.      Security and Defensive Measures

 

The possibilities of security threads that Kucera Clothier’s new Lotus Notes and Domino system might face are varied, sophisticated and ever-evolving. Hence a comprehensive defense against hackers and unauthorized intrusions requires a comprehensive and integrated list of defensive measures which work together to fortify Kucera Clothier’s system. Here we discuss the various elements that should be present in such defence.

 

3.      Security Policies

 

Security policies specify what constitutes appropriate and inappropriate access to computing resources or data. It should specify who should access what resources and data, and what different groups of people should avoid doing to endanger the security and integrity of the system and data, and what they should do to be safe.

 

The security policy should answer questions such as:

 

·         What kinds of passwords are users allowed to create for use on the new system and how often should they change passwords?
·         Who is allowed to have accounts on the new system?
·         What security features must be activated on a computer before it can connect to the new network?

·         What services are allowed to operate inside the new system?
·         What are users allowed to access or download?
·         How is the security policy to be enforced?

 

Other benefits of having a security policy in place is that it can resolve confusion about handling information and reacting appropriately under different circumstances, as well as streamlining activities in the face of a security issue, as it helps people to know what to do and when to do it, assisting them in responding to security crisis decisively and correctly. (Wright, 2001)

 

4.      Firewalls

 

A firewall is an integrated collection of hardware and software designed to prevent unauthorized access to computing resources. (O’Brien, 1997) In this case it is to protect against external hackers who might try to access Kucera Clothiers’ data in the new system without authorization. At the same time, it must also be able to allow legitimate users who try to connect to the new system externally to do so, such as employees on the road of satellite offices.

 

According to Applegate, Austin and McFarlan (2004), firewalls are best located at points of maximum leverage within a network, which are typically at the point of connection between a company’s internal network and the external public network. They then filter “packets” of data coming from outside the network, discarding those which do not comply with existing security policies, appear harmful or exhibit attack patterns. They are especially useful in enforcing important aspects of an existing security policy by not allowing certain kinds of communication to traverse the internal networks, as well as being able to collect information about network traffic entering and exiting the network. Firewalls also work as a sort of electronic camouflage that makes “breaking in” by hackers harder as it conceals internal network configurations from external prying.

 

5.      Authentication

 

Authentication refers to the variety of techniques and software used to control who accesses elements of computing resources. Both host and network authentication is necessary to safeguard Kucera Clothiers’ data. As Cyber Security (2006) writes, it is necessary to be able to identify and authenticate users with a high level of certainty; so that they can be held accountable should their actions threaten the security and productivity of the new system.

 

Some measures to ensure strong authentication is that passwords expire regularly, with their format being restricted to make them harder to guess. For example, Kucera Clothiers’ might require that passwords be changed monthly, and be made up of a combination of at least 6 alphanumeric characters. Yet stronger authentication can be enabled by placing a second identification measure together with user name/password authentication, both being required to gain access to the system. This secondary identification measure could be anything such as biometric verification or certificate authentication.

 

6.      Intrusion Detection and Network Monitoring

 

Intrusion detection and network monitoring work together to help network administrators recognize when their network is under attack or has been attack. They log activity throughout company networks, highlighting patterns of suspicious activities for further investigation. This logged information can help Kucera Clothiers’ reconstruct what exactly and intruder did as quickly as possible so as to take preventive or damage control measures. (Conry-Murray, 2000)

 

 

 

 

 
References

 

Applegate. Lynda M., Austin, Robert D., and McFarlan, F.Warren. Corporate Information Strategy and Management”, 2004, McGraw-Hill

 

Conry-Murray, Andrew. “Intrusion Detection”, IT Architect, 5 May 2000

 

CyberSecurity, “About Strong Authentication & One-Time Passwords”, Accessed 19 May 2006, < http://www.bnl.gov/cybersecurity/strong_auth.asp >

 

O’Brien, James A. Introduction to Information Systems, 1997, Times Mirror

 

Wright, Timothy E..,” How to Design a Useful Incident Response Policy”, SecurityFocus, 18 September 2001.

 
PART 2 UNIT 04

 

When introducing the new Lotus Notes and Domino system, Kucera Clothiers’ need to manage users expectations about the changes that will occur. As change is frequently threatening to those it affects, managing the change well is critical to the success of the new system.

 

The introduction of the new system might change how users carry out their work, or even change their job scope. Business processes might change as well, either progressively and gradually improved over time, or suddenly in one fell swoop. In either case, it is critical that senior management commitment to the introduction of the new system, as well as the changes that occur as a result of the new system, is made known and prominent. It must be seen to be present by those likely to be affected by or involved with the change. (Applegate, Austin and McFarlan, 2004)

 

Without the acceptance and commitment of the relevant staff and end users in Kucera Clothiers’ failure of the new system is highly likely. Absence of acceptance/commitment to the new system will usually manifest itself as resistance to the change and includes attempts to sabotage it. To prevent this, it is important to identify the important and powerful stakeholders who will be affected by the change, and to gain their support for the change if possible, through open communication about the changes and assurances of job stability and scope. End users must be assured that the new system is not meant to replace them, but rather, to complement them.  (Schwalbe, 2005)

 

 

 

 

 

 

References
Applegate. Lynda M., Austin, Robert D., and McFarlan, F.Warren. Corporate Information Strategy and Management”, 2004, McGraw-Hill

 

Schwalbe, Kathy. Information Technology Project Management, Fourth Edition, Course Technology, March 15 2005.