Information Security Risk Assessment for a Distribution Company
Table of Contents
1. Executive Summary
2. Introduction
3. Background
4. Risk Assessment
4.1. Organizational Assets
4.2. Assessment of Organizational Risk
4.3. Current Organizational Security Posture
4.4. Problems at GDI
4.5. Recommended Mitigation Strategy
5. Conclusion
6. References
1. Executive Summary
At this time the measures available to ensure information security include organizational controls such as limiting access to data, firewalls, antivirus systems, encryption, and application controls. When the security of the business fails and the private information of individuals is compromised the company faces many legal actions that can ruin the success of the organization. One way companies use information security that I find to be very helpful is encrypting (Rainer & Turban, 2009). Encrypting ensures that information is protected which is very important to me. Even if a cybercriminal is able to enter into a business’s network and collect information, the information will be encrypted and difficult for a hacker to use to his or her advantage. In this day and age I also think that antivirus systems are essential. The threat of viruses is everywhere and with more than one person working for a business; the network is under a huge threat for viruses which would leave the company susceptible to hackers and the unethical act of not protecting personal information.
2. Introduction
The Information Security Risk Assessment will provide Global Distribution, Inc. (GDI) with the necessary guidance information for understanding current vulnerabilities within the information security. As information technology continues t...
... middle of paper ...
.... In addition, data transmission must involve encryption and decryption with all transmissions being tracked. Through this mitigation strategy, the company can reduce costs and use the internal IT department to ensure that all information is being protected under methods that are superior and based on the company needs and not a third parties simple options for stating security.
References
Computer Security Case Study. (n.d.). Global Distribution, Inc. Retrieved from Classroom Material.
Merkow, M. & Breithaupt, J. (2006) Information Security: Principles and Practices. Upper Saddle River, NJ: Pearson/Prentice Hall
Palmer, M. (2003). Guide to Operating Systems Security. New York: NY. McGraw Hill.
Shinn, L. (2008). Slouching? Measure Your Security Posture. Retrieved from http://technology.inc.com/2008/05/01/slouching-measure-your-security-posture/
National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
Information Technology is performing a risk assessment on security related areas including physical access, network security, credit card controls, franchise security, end-point security, and several other areas. This risk assessment will show us our strengths/weaknesses and provide an overview of what Buffalo Wild Wings needs to work on. Information Technology in conjunction with other department leaders will provide guidance on our business goals and priorities. One security breach could cripple our future, our customers, and our brand. No one wants to see our tremendous growth get shattered by overlooking simple fixes and common vulnerabilities. A team effort and a focused organization can make our organization strive for decades. Let’s not be the next Target.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
The next item is to utilize a secured socket layer (SSL) to increase security by encoding data at the sent point and decrypting it at the receiving end plus adding a layer of corporate firewalls (Lee, 2003). The next method utilizes a Virtual Private Network or VPN to transport packets but utilizes its own software to encrypt and decrypt at the sending and receiving transmission platforms (Gartee, 2011). Therefore a VPN limits the data packets to those individuals who have been identified to access the information and the system is maintain within the information department of the facility. In addition, a VPN verifies the identity of the person signing on by ensuring those only with access should be able to view the data. Another benefit of a VPN is that it is not limited to WebPages and may be utilized to secure data being transmitted in other application software (Lee, 2002). The Health Insurance Portability and Accountability ACT of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH mandates the appropriate administrative, technical and physical safeguards be utilized to protect
Data encryption refers to the process of transforming electronic information into a scrambled form that can only be read by someone who knows how to translate the code. In nowadays business world, it’s the easiest and most practical way to secure the information that we stored and processed, and it’s significant for our sensitive information. For example, as electronic commerce is popular now, the vendors and retailers must protect the customers’ personal information from hackers or competitors. They also have many business files or contracts that need to be strictly protected. Without data encryption, these important information may fall into wrong hands and be misused by others. Besides, data encryption may be used to secure sensitive information that exists on company networks, or create digital signatures, and help to authorize in business. No one should underestimate the importance of encryption. A little mistake in encryption may make sensitive information revealing, or even result in illegal and criminal accuse.
The computer is considered one of the most important technological advances of the twentieth century. Security and privacy issues have been in existence long before the computer became a vital component of organizations' operations. Nevertheless, the operating features of a computer make it a double-edged sword. Computer technologies with reliable error detection and recording capabilities, permit the invasion of a supposedly secure environment to occur on a grand scale and go undetected. Furthermore, computer and communications technology permit the invasion of a persons' privacy and likewise go undetected. Two forces threaten privacy: one, the growth of information technology with its enhanced capacity for surveillance, communication, computation, storage and retrieval and two, the more insidious threat, the increased value of information in decision making. Information has become more vital in the competitive environment, thus, decision makers covet it even if it viol!
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
The ability to conduct warfare through technological methods has increased information security awareness and the need to protect an entities infrastructure. Subsequently, cyber warfare produces increased risk to security practitioners that employ technology and other methods to mitigate risks to information and the various systems that hold or transmit data. A significant risk to information lies in the conduct of electronic commerce, hereinafter called e-commerce. E-commerce is the purchasing or selling of goods and/or services through the internet or other electronic means (Liu, Chen, Huang, & Yang, 2013). In this article, the researcher will discuss cyber warfare risks, present an evaluation on established security measures, identify potential victims of identity theft, and present an examina...
In reference to computer science, physical security is one of the most important accomplishments a business can achieve. Due to the advent of the modern technical age, all of a company’s records are held on their data systems. First and foremost, theft or loss of historical records and accounting data would instantly cripple an enterprise and could very well lead to its ultimate demise. The high profile news reports just in the last decade verify that. Hackers stole the financial records of several banks, which included the personal information of thousands of customers. Ditto for the Veterans’ Administration, for an employee’s laptop was stolen off site. Inside the computer’s hard drive were the ever important Social Security Numbers of hundreds of thousands of veterans and their families. For example, a financial institution goes to stark measures to ensure the money and securities stored there are safe. Not only are there outside locks on the doors and an elaborate alarm system, there is a fireproof steel vault with the finest timed locks available. Most usually, the valuables are further stored in locked boxes inside that vault. Just like that bank, an organization must strive to make physical security a priority. However, simply locking the data and equipment is far from sufficient. The information technology also needs an “alarm” of sorts, so that the company’s police, the information security specialists, can identify the threat and diminish or eliminate it.
Information security refers to “the process and methodologies that are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption” (SANS Institute, n.d.). Information security programs are important in maintaining confidentiality, integrity, and availability (figure 1 page X). For example, a Trojan horse was planted on your system and result in the loss of customers’ personal and financial information. This failure to protect data will result in a loss, legal liability, and goodwill. In this scenario, both confidentiality and
How important or confidential is your data? Do you have network connections with trading partners that have even more sensitive data? Implement security measures in accordance with your needs. Stick with the standards of the company. Standards not only ensure others have tested the waters, but protect your investment for future changes and expansion.
Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.
Privacy exist wherever personal information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. The challenge of data privacy is to use data while safe-guarding individual's privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and utilize software, hardware, and human resources to address this issue.
This report aim to explain how is achieved risk control through strategies and through security management of information.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.