Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Located in Southern California, AS has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company's workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems.
The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. To assist in completing the mission, AS is undergoing a transformation into Total Employee and Customer Satisfaction (TECS) organization. In supporting its transformation the company strives to level the traditional command-and-control hierarchy and allow all members of the workforce to have a voice in customer satisfaction. By creating an environment where employees are recognized as stakeholders in the success or failure of customer satisfaction, the organization gains expertise in problem-solving and improvement initiatives. When employee contributions are actively sought, appreciated, and recognized, by management the entire organization benefits.
The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. AS will help the customer through all phases of new product deployment, from initial prototypes through final large-volume production and assembly. By involving itself in all phases of customer product development, AS hopes to establish long-term relationships and secure repeated follow-on business with its customers. In addition, AS continues to invest heavily in workforce education and training, so as to improve capability to serve its customers.
Company Geographic Layout
Aircraft Solutions' headquarters is in San Diego, California. The Commercial Division (CD) is 40 miles east in San Diego County. The Defense Division (DD) is located in Orange County in the city of Santa Ana, California. These geographic locations are close to intermodal transport hubs that have global reach. Products can be easily shipped anywhere in the world by combined truck, rail, ship, and air transportation methods.
The system administrators are members of an information technology (IT) group within the organization. They are responsible for selecting and installing hardware, software and related upgrades, implementing information security measures, and maintaining support to ensure the manufacturing execution system is working properly. They also are heavily involved in training the workforce to use and interact with the information systems. Their duties include planning for and responding to emergency events such as power outages, attempts at cyber-attack, and natural disasters.
The users at AS are employees, customers, suppliers, and contractors who need to access the company network. System access by users at different levels of the network is set on a strictly need-to-know basis. Controls are in place to secure confidential and proprietary information from unauthorized access. Users are responsible for entering and processing data and information, such as generating reports to be used for decision-making.
Business Process
AS uses Business Process Management (BPM) to handle end-to-end processes that span multiple systems and organizations. The BPM system is designed to connect customers, vendors, and suppliers to share information and maintain a timely business dialogue. BPM also aligns internal business operations with IT support to maintain production in support of customer requirements.
Business process effectiveness begins with the IT organization. Customer data such as project information, computer-aided design and development models are sorted and stored in designated servers. The Design Engineering department is responsible for reviewing the electronic models, interacting with the customer and making necessary modifications with customer approval, then placing them in an Engineering Release (ER) directory for programming. As soon as these electronic models are released, programmers use them to create production programs. All final programs must be thoroughly verified for accuracy before releasing to the Proof For Production (PFP) directory for manufacturing to make the production first article.
From the production floor, machinists download PFP programs directly to their DCNC (Direct Computer Numerical Control) machines for execution. After any further processing, completed products are inspected for verification to customer requirements, then they are moved to the Shipping department for delivery. A continuous improvement and feedback loop system is in used to correct any deficiencies in the production process.
The BPM system is capable of handling multiple projects simultaneously across every department of the company. BPM is set up to manage all aspects of business operations, including accounting, human resources, sales and marketing, and compliance activities concurrently.
Current IT Architecture
The figures shown below depict the current IT architecture and present network infrastructure of Aircraft Solutions.
Part I
Identify potential security weaknesses.
Security weaknesses - You must choose two from the following three areas:
• hardware
• software
• policy (excluding password policies)
and identify an item that requires improved security. To clarify: you must identify
a) one hardware and one software weakness or,
b) one hardware and one policy weakness or,
c) one software and one policy weakness.
You must define the asset or policy with sufficient detail to justify your assessment. Your assessment must include:
• the vulnerability associated with the asset or policy the possible threats against the asset or policy
• the likelihood that the threat will occur (risk)
• the consequences to mission critical business processes should the threat occur
• how the organization's competitive edge will be affected should the threat occur
Other Required Elements:
• Cover sheet
• APA-style In-text citations and Reference section
• Minimum length 3 pages, maximum length 5 pages (not counting cover sheet, diagram(s), references). Do not exceed the maximum length.
Part II
In this phase of the project you will include Part I (presumably improved as needed based upon week 3 feedback) and then you will recommend solutions for the security weaknesses you identified in the phase I.
Definition of the solution - Hardware solutions must include vendor, major specifications with an emphasis on the security features, location of placement with diagram. Software solutions must include vendor, major specifications with an emphasis on security features. Policy solutions must include the complete portion of the policy that addresses the weakness identified. Any outsourced solution must include the above details and the critical elements of the service level agreement.
Justification - You must address the efficacy of the solution in terms of the identified threats and vulnerabilities, the cost of the solution including its purchase (if applicable) and its implementation including training and maintenance.
Impact on business processes - You must discuss any potential positive or negative effects of the solution on business processes and discuss the need for a trade-off between security and business requirements using quantitative rather than simply qualitative statements.
Other Required Elements:
• Cover sheet
• APA-style
• In-text citations and Reference section
• 5 reference minimum.
• Minimum length of solutions: 6 pages, maximum length 10 pages (not counting cover sheet, diagram(s), references). Do not exceed the maximum length