The organization had just been awarded a government contract worth several million dollars. The sensitive nature of the information requires the company to evaluate and take security measures. Regardless of the network, there are many threats, both internal and external, that can lead to loss of productivity, data loss, or even information theft. I will address several of these threats and suggest measures to ensure a protected environment and mitigate these risks. Vulnerability Assessment Entry to the office area is controlled by physically keyed doors. Employees work in an open cubic environment and have the ability to physically secure documents and personal items, but not computer equipment. All IT systems run a current suite of anti-virus and anti-malware protection software and are centrally managed and updated daily from a central management system. The logical computing environment is a Microsoft Active Directory (AD) domain. Access to domain resources such as file shares and printing requires a domain user account and is secured using security groups. There is a centralized server room that houses all the network infrastructure equipment. Access to the server room is restricted to IT, security and facilities personnel and is controlled by a key and combination lock. Internet access is available and the physical entry point is in the secure server room. However, there is currently no firewall installed. Security Recommendation A solution that addresses physical and logical security concerns while mitigating internal and external threats is required. The first possible danger I will address is external security risk. This can take various forms, the first being physical security... middle of paper ...... with the latest security patches; Policies and user and computer education will significantly reduce the risk of unauthorized access or infection. Implementing the recommended systems, policies and procedures will significantly improve this organization's security posture and reduce vulnerabilities related to internal and external threats. Works Cited Cisco, (2014). Cisco ASA 5500-X Next Generation Firewall. Retrieved from http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-Generation-firewalls/index.html Gercek, G. and Saleem, N. (2005, July) . Securing Small Business Computer Networks: A Review of the Top Security Threats and Their Solution. Information Systems Security, 14(3), 18-28.Microsoft, (2014). Windows Server Update Services. Retrieved from http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx