Evaluation

profilekumar_469
Group2.pptx
Home>Information Systems homework help>Evaluation

THREATS AND COUNTERMEASURES FOR SOLOMON ENTERPRISE

University of the Cumberlands

Jai Agarwal

Kamala Bhavana Konda

Krishna Mohan Arvapalli

Poorna Chander Vemula

Roopesh Vakkantula

Satheesh Jetti

Siva Parvathi Mundru

Venkata Naga Krishna Kiran Immadisetty

Introduction

Solomon Enterprise is a known brand in home construction materials.

Regional offices in 5 locations across the country.

One data center located in West Virginia.

Provides devices to users with outdated software and for servers.

Uses VPN to manage remote access to its users

Introduction (cont…)

Threats

Huge revenues attract hackers and cyber criminals.

Centralized data storage can lead to huge data breach.

Outdated software can make the whole system vulnerable and compromised.

Outdated security patches.

Administrative Controls

Also known as Procedural Controls

Mainly these policies, procedures and agreements define human and infrastructure factors of security.

Human Factors

Infrastructure Factors

Facility Infrastructure and design – computers, firewalls, network equipment, water, and building

Physical Security Controls

Maintain Safe and Secure Work Place

Main Potential threats to consider

Disaster Recovery location

Infrastructure Construction

Monitoring Systems

Access Controls

Training and Testing

Technical Controls

Technical and logical in place controls to authorize or restrict users and information.

Identification and Authentication

Authorization & Access Controls

Encryption

Antivirus software

Least privilege

Security Policies

High standard cryptographic algorithms for secure data transmission.

Masking customer data in intranet work for securing the customer information.

Securing and protecting passwords with organization standards.

Incident response policy is organized to handle an incident to respect to limiting the damage to business operation.

Security Policies (cont…)

Installing and updating antivirus in periodically interval of time.

Disaster recovery plane and feasible recovery time wont effect business loss.

Automation Monitor tools for immediate response.

Acceptable and unacceptable use of Organization Email and communication policy.

Legislations and Regulations in Retail

PCIDSS (Payment Card Industry Data Security Standard)

PCI DSS PRINCIPLES AND ASSOCIATED REQUIREMENTS:

- Build and Maintain Secure Networks

- Protect Cardholder Data

- Maintain a Vulnerability Management Program

- Implement Strong Access Control Measures

- Monitor &Test Networks

- Maintain an Information Security Policy

Legislations and Regulations in Retail (cont…)

PCIDSS Software compliance: Two main areas to be addressed

1) Displaying sensitive information.

2) Storing sensitive information.

Network Security Tools

Solomon Enterprises can utilize various tools in ensuring they can block the criminals and hackers from getting unauthorized access to the organization.

Wireshark analyzes the security events in depth while troubleshooting issues with network security.

Snort tool prevents open-source intrusion prevention system (IPS) for Unix and Windows.

Nessus can combat the most cutting-edge cybersecurity threats that can be mustered by criminals of cybersecurity.

OSSEC has high capabilities to detect intrusion in the system.

Conclusion

Single point of contact can be reduced

Physical operations like Closed Security television, Physical Security Protection, and Perimeter Security

Upgrade of legacy systems, update firewalls, multiple factor authentication

Access Control policy, Data protection and encryption policy and disaster recovery policy.

Thank You