Vulnerability Assessment – Swift Service Company

A vulnerability assessment is basically a systematic method of identifying areas in a system that are or could be used to an attacker’s advantage. This paper presents the case of Swift Service Company, a company that has been operating as a mid-sized company dealing in services such as logistics and transportation. Serving various customer segments with a wide range of automobiles and backed up by strong IT environments, it is critical to protect tangible and intangible assets. This vulnerability assessment seeks to identify potential gaps in the business organization’s operations, particularly in natural surveillance, territoriality, access control, and maintenance measures in order to improve security in Swift Service Company (Steventon, 2011). Such procedures are a prerequisite of the four principal strategies used in crime prevention through environmental design.

Natural Surveillance

Natural surveillance at Swift Service Company involves measures put in place to maximize the perceived ease of observation with regard to specific areas in order to discourage any unauthorized persons from accessing such areas and to facilitate the observation of these areas by security personnel. This, in turn, creates a situation where probable attackers feel uncomfortable and, thus, do not venture into executing attacks (Fennelly & Perry, 2017).

Visibility of Critical Systems and Infrastructure

Key IT components such as servers, network equipment, and other vital IT parts are sited in areas visible to the staff. The critical systems should not be located in concealed or obscure regions as this creates blind spots, which hinders the monitoring of suspicious activities (Coe, 2005). By placing these assets in more conspicuous locations, the staff are in a better position to identify any suspicious activity or attempts.

Monitoring of User Activity

Swift Service Company has implemented effective logging and monitoring solutions. These tools help the organization monitor access and the usage of systems, networks, and applications by the users. Since users’ activities are closely observed, it is likely that security personnel would quickly identify some irregularities in activities that could be a sign that a vulnerability is being exploited or that malware is active, among other things. This way, there is early identification of threats, and an effective response is launched to avert them.

Visibility of Entry and Exit Points

Another aspect of natural surveillance that is examined concerns various access points, including hallways, doors, and stairwells of the secure areas that are visible to the workers in the facility. Again, areas of obscurity and/or limited vision must be kept to a minimum for optimal sight-line control across the IT terrain. This makes it possible for employees to see who is accessing and who is leaving the restricted areas, and also see who is loitering around the areas they are unauthorized to access. It can also challenge potential invaders and respond to compromising conditions as soon as possible because of the presence of visibility.

Territorial Reinforcement

Territorial reinforcement is a key principle of Crime Prevention Through Environmental Design (CPTED) that creates a feeling of possession and protection of a certain area to discourage people with ill intentions (Steventon, 2011). Territorial reinforcement at Swift Service Company provides object clarifications of whose territory belongs to whom, and this way, controls the organization’s premises.

Clearly Defined Physical Boundaries

In some restricted areas, the company uses fences, locked doors, walls, and other structures to prevent physical access. The company also has signs showing restricted areas and conveying that those areas are well-monitored, private areas (Environmental & Guidebook, n.d.). In the design of the Swift Service Company layout, physical barriers such as doors and gates are used, meaning that the management communicates that intrusion is prohibited. These boundaries reduce the accessibility to the intruders if the territorial control is made evident.

Personalization of Workspaces

The subordinate staff are allowed to adapt or bring personal items into their working environment. If employees engage with the area assigned to them and emotionally own the place, there will be a stronger impulse. This makes it easier for the monitoring agency to easily note the presence of individuals who are not supposed to be in that particular area.

Secure Storage of Sensitive Materials

Documents, media, and other equipment belonging to Swift Service Company are properly secured by being stored in locked cabinets and safe or exclusively secured storage rooms. Since these are sensitive documents, and storage areas are marked ‘Private’ and ‘Do Not Enter’, the organization makes sure that no one touches what is in there. This controlled ownership of the space and its contents still deters potential attackers from trying to intrude more into the organization’s security perimeter.

Access Control

Access control at Swift Service Company is a critical security measure that regulates who has the right to enter a physical space or access digital resources. The access control in place protects the company’s systems, data, and infrastructure from unauthorized access and potential threats (Jajoriya et al., 2023).

Strict Authentication Requirements

Swift Service Company requires users and employees to provide strong, complex passwords, as well as leverage additional security controls like multi-factor authentication (MFA). MFA introduces another level of authentication, for instance, by entering a code that is delivered once to a user’s mobile device to ensure the user is who they portray to be online. This lowers the risks of unauthorized access, even if login credentials are compromised.

Granular Access Privileges

At Swift Service Company, the principle of least privilege holds. This means that all users are provided with the lowest level of privilege they need to conduct their business and not the highest or global privilege. Additionally, avoiding giving many administrative rights while disintegrating duties is a mechanism that keeps off privileges that may be exploited.

Visitor Management Procedures

There are standard procedures in place for visitor management to control access to secure areas within the company. There is a formal process for registering, escorting, and monitoring visitors. Everyone should be able to distinguish visitors; for instance, visitors should wear visitor IDs and should only have the right to access certain areas and items in the organization.

Maintenance

At Swift Service Company, regular maintenance is done to ensure the continuous effectiveness of security controls. This helps prevent vulnerabilities from developing over time. Key maintenance tasks assessed are as follows:

Patch Management

The IT team ensures all the software and systems are patched with the latest secure versions. The absence of patches implies that basic weaknesses in the systems can be pointed out by incoming attackers seeking to obtain unauthorized access. The patch management is comprehensive to routinely scan for the missing patches and prioritize the most important patches.

Configuration Management

Swift Service Company consistently secures configurations across systems. Configuration management is put in place to detail how secure configurations will be implemented and enforced on all the systems, applications, and network devices.

Backup and Recovery

The company has implemented effective backup plans. The backup plans are meant to protect against data loss and enable quick recovery if a security incident, system failure, or other disaster occurs. Backup reliability is regularly checked. The system is backed up, and tests are conducted to ensure they can be recovered when necessary.

References

Coe, M. (2005). CPTED Audit & Site Assessment Checklists. 1–13. https://www.cmap.illinois.gov/documents/10180/113513/CPTED-Audit-Checklist.pdf/8adf9ae4-1649-41ed-88ca-39c3dff3d2fb

Environmental, T., & Guidebook, D. (n.d.). VISIO We work in partnership.

Fennelly, L. J., & Perry, M. A. (2017). Crime and crime prevention techniques. In Physical Security: 150 Things You Should Know (pp. 97–113). Elsevier. https://doi.org/10.1016/b978-0-12-809487-7.00003-6

Jajoriya, S., Singh, P., Shubham Jajoriya, A., & Singh, A. P. (2023). Natural surveillance and natural access control: Implementation strategies for enhancing safety in Indian neighborhoods. Qeios, 1–12. https://doi.org/10.32388/43TW5L.2

Steventon, G. (2011). Crime prevention through environmental design. International Encyclopedia of Housing and Home, 280–284. https://doi.org/10.1016/B978-0-08-047163-1.00559-2

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Topic: Perform a Vulnerability Assessment of your place of employment or living area. If you use your work area, make sure you inform the Security Manager to get permission for what you are doing. If you live in a gated community, inform the security guard of your activities.

Vulnerability Assessment – Swift Service Company

Instructions: Please download the Assignment 1 Vulnerability Assessment template (MS Word), which is already in APA 7 format, using size 12 Times New Roman font, 1-inch margins, TOC, Headings and Reference page. If you insert images or tables in your report make sure you label them appropriately according to APA. (click here for link).
For this assignment, the 4 Heading-1s are required. Each Heading-1 must have at least 3 Heading-2s. Each Heading must have at least 2 properly formatted paragraphs with 3 properly formatted sentences each. Once complete, name your file: YourName_Assignment_1_Vulnerability_Assessment.docx and submit to this dropbox.
Review the Risk Management Series Reference Manual from FEMA and the additional files attached for more information.