Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am working for a company with perhaps the least security possible. We have ser

ID: 658022 • Letter: I

Question

I am working for a company with perhaps the least security possible.

We have servers, databases, web applications, and websites that are all unsecured. There only exists one account: root, which everyone uses for every purpose. The websites have hard coded passwords where the account information can be discovered by viewing page source.

I want to start enhancing the security here, one step at a time. However there is so much unattended to that I don't even know where to begin. What would be the basic, essential security?

I can think of
1. Using HTTPS for the websites and apps.
2. Creating numerous accounts that have different read and write privileges as opposed to everyone using the root account.
3. Then making sure each app is using the appropriate accounts.

What are the other things I should focus on?

Explanation / Answer

From your question and comments it seems that the business leadership of your company have no interest in security. This is the fundamental thing you're going to have to fix before you do anything else. Implementing security controls is inevitably going to a) cost some money and b) cause some pain. Without support from your leadership, you won't get over these hurdles.

This means putting together a solid business case to show how ignoring these risks is going to hurt the company, and selling it to them.

Once that is done, you still have the question of where to start. As an ISO27001 nerd, I'm going to suggest you start with a thorough risk assessment. Put together a list of the assets you need to protect. For each one, identify the threats they face and the vulnerabilities they have. Estimate the likelihood of damage and the cost to the company. Those two figures let you roughly calculate a level of risk. (e.g. things that are very likely and would cause a lot of damage are high risk) That gives you a list of risks in order of how worried you should be about them, and you can just start at the top of that.

Related Questions

I am very new to web development. I have been a C,C++ programmer for 5 years and
Question #651039
I am very picky on answers, GIVE A UNIQUE ANSWER AND PLEASE BE THOROUGH IN YOUR
Question #667154
I am very picky on answers, GIVE A UNIQUE ANSWER AND PLEASE BE THOROUGH IN YOUR
Question #667168
I am very picky on answers, GIVE A UNIQUE ANSWER AND PLEASE BE THOROUGH IN YOUR
Question #667171
I am very picky on answers, PLEASE BE THOROUGH IN YOUR ANSWERS! The Project is t
Question #667113
I am very picky on answers, PLEASE BE THOROUGH IN YOUR ANSWERS! The Project is t
Question #667139
I am very picky on answers, THIS IS MY 6TH TIME ASKING THE SAME QUESTION! GIVE A
Question #667193
I am very stuck on how to figure out these with the data I have. I need each fro
Question #536458
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I am working for a Topics Name : Labor Market Dynamic (Demand Side). In this pap
Next
I am working for a large government organization, where we have been using Power

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.