Emerging GROUP & sELF REFLECTION
Security Policy of Solomon Enterprises
Introduction
The Advent of IT has made businesses more integrated.
The company is an online marketplace with e-commerce mechanism.
An industry with an annual revenue of $200 million.
With more customers come more security threats as well.
The organization is information- centric and sensitive.
Various security threats surround the organization.
Administrative Controls
Thee are steps taken to clear barriers and increase accountability.
Completely implemented by employees and personnel.
All personnel should have security clearances to access information.
Proper training should be given to all personnel.
All security measures, threats and issues need to be known to all employees.
No security errors are tolerated inside the organization.
Administrative Controls (Contd.)
Management should scrutinize the training activities.
There has to be a clear separation of duties
Roles and responsibilities should be properly constituted to all.
Employee conduct and functioning has top priority.
Anyone violating the laws and security clearances should be terminated.
Physical Controls
The stronger the physical security, the lesser the security threats.
Security guards: Always should guard the office premises.
Perimeter fence, high security doors and windows, CCTV cameras should be installed for surveillance.
Strong alarm systems should be installed everywhere.
Doors and windows, and locks to all of them should be there.
Presence of fire extinguishers, heat and smoke sensors and detectors.
Technical Controls
Main aim is to protect hardware and software assets of the company.
Firewalls- To prevent insecure traffic from coming into host network
Passwords- Multi-factor authentication is the key to security.
Intrusion Detection Systems
Intrusion Prevention Systems
Encryption- the most important tool for security of data.
Principle of Least Privilege- Giving access to what is necessary.
Security Policies
Incident response and Disaster Recovery Plan is the most crucial.
Preparation of the plan- Involves steps to prevent the attack.
An incident response team needs to be constituted.
Detection and Analysis of any insecure and threatening aspect and analyzing it.
Incident Response- Involves data back ups, employing all technical controls
Ensuring Business continuity operations in an alternative location present in Billings, Montana
Legislation/ Regulations or Industry Standards
Company has to be compliant to federal laws and regulations
Compliance laws impact the way businesses operate.
If laws are not followed, leads to taxation and penalties.
To maintain the ethics, security and safety of information, policies must be adhered to.
PCI-DSS and Gramm-Leach-Bliley acts need to be followed.
PCI- DSS
Payment Card Industry- Data Security Standard
Tt involves the credit, debit and other personal details of the customers who purchase the products.
A secure network has to be built by installing firewalls
Protection of the personal and financial data of the card holder
Updating the software and antivirus regularly
Implementing the technical controls so as to secure the customer information
Gramm-Leach-Bliley Act
Ensures the protection of customer information that is collected by financial institutions.
Information about data privacy has to be sent to customers by the company.
The act follows complete information transfer, unbounded rationality, and asymmetric information.
Network Security Tools
The tools include Mimecast, Snort and Wireshark.
Remote Access situations are also considered.
Cyber resilience is the key to network security.
Snort does prevention by conducting real-time packet analysis and packet logging.
Wireshark decrypts various protocols, outputs of XML, postscript, CSV or plaintext.
Mimecast ensures email security and as a compliance platform.
Conclusion
IT development also comes with cyber threats and various disasters.
Management needs to be aware of all threats.
Regular drills and training sessions need to be conducted.
Administrative, technical and physical controls should be followed.
References
Bock, M. E. (2020). Biometrics and Banking: Assessing the Adequacy of the Gramm-Leach-Bliley Act. NC Banking Inst., 24, 309.
Calder, A., & Williams, G. (2019). Pci Dss: A Pocket Guide. It Governance Ltd.
Fennelly, L. J. (2016). Effective physical security. Butterworth-Heinemann.
Gont, F., & Baker, F. (2016). On Firewalls in Network Security. draft-gont-opsawg-firewalls-analysis-02 (work in progress).
Kambourakis, G., Shabtai, A., Kolias, C., & Damopoulos, D. (Eds.). (2017). Intrusion Detection and Prevention for Mobile Ecosystems. CRC Press.
Linkov, I., & Kott, A. (2019). Fundamental concepts of cyber resilience: Introduction and overview. In Cyber resilience of systems and networks (pp. 1-25). Springer, Cham.
Pompon, R. (2016). Administrative Controls. In IT Security Risk Control Management (pp. 153-163). Apress, Berkeley, CA.
References (Contd.)
Raghavan, K., Desai, M. S., & Rajkumar, P. V. (2017). Managing cybersecurity and ecommerce risks in small businesses. Journal of Manangement Science and Business Intelligence, 9-15.
Scott, B. (2020). Creating an Incident Response Plan.
Vacca, J. R. (Ed.). (2016). Cloud computing security: foundations and challenges. CRC Press.
Walrath, D. (2017). Privacy and information disclosure: An economic analysis of the Gramm-Leach-Bliley Act. Policy Perspectives, 55-65.
Williams, B. (2017). How Does the Law Affect Businesses? Retrieved from https://yourstory.com/mystory/6d7c3b1641-how-does-the-law-affect-businesses-#:~:text=Change%20in%20business%20laws%20means%20changes%20in%20the%20way%20businesses%20operate.&text=Business%20laws%20affect%20employer%20to,employees%20and%20their%20hiring%20mechanism.
Thank You
.MsftOfcThm_Accent1_Fill { fill:#4472C4; } .MsftOfcThm_Accent1_Stroke { stroke:#4472C4; }