ppts
Radina99
Group2.pptxIntroduction
Solomon Enterprise is a known brand in home construction materials.
Regional offices in 5 locations across the country.
One data center located in West Virginia.
Provides devices to users with outdated software and for servers.
Uses VPN to manage remote access to its users
Introduction (cont…)
Threats
Huge revenues attract hackers and cyber criminals.
Centralized data storage can lead to huge data breach.
Outdated software can make the whole system vulnerable and compromised.
Outdated security patches.
Administrative Controls
Also known as Procedural Controls
Mainly these policies, procedures and agreements define human and infrastructure factors of security.
Human Factors
Infrastructure Factors
Facility Infrastructure and design – computers, firewalls, network equipment, water, and building
Physical Security Controls
Maintain Safe and Secure Work Place
Main Potential threats to consider
Disaster Recovery location
Infrastructure Construction
Monitoring Systems
Access Controls
Training and Testing
Technical Controls
Technical and logical in place controls to authorize or restrict users and information.
Identification and Authentication
Authorization & Access Controls
Encryption
Antivirus software
Least privilege
Security Policies
High standard cryptographic algorithms for secure data transmission.
Masking customer data in intranet work for securing the customer information.
Securing and protecting passwords with organization standards.
Incident response policy is organized to handle an incident to respect to limiting the damage to business operation.
Security Policies (cont…)
Installing and updating antivirus in periodically interval of time.
Disaster recovery plane and feasible recovery time wont effect business loss.
Automation Monitor tools for immediate response.
Acceptable and unacceptable use of Organization Email and communication policy.
Legislations and Regulations in Retail
PCIDSS (Payment Card Industry Data Security Standard)
PCI DSS PRINCIPLES AND ASSOCIATED REQUIREMENTS:
- Build and Maintain Secure Networks
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Monitor &Test Networks
- Maintain an Information Security Policy
Legislations and Regulations in Retail (cont…)
PCIDSS Software compliance: Two main areas to be addressed
1) Displaying sensitive information.
2) Storing sensitive information.
Network Security Tools
Solomon Enterprises can utilize various tools in ensuring they can block the criminals and hackers from getting unauthorized access to the organization.
Wireshark analyzes the security events in depth while troubleshooting issues with network security.
Snort tool prevents open-source intrusion prevention system (IPS) for Unix and Windows.
Nessus can combat the most cutting-edge cybersecurity threats that can be mustered by criminals of cybersecurity.
OSSEC has high capabilities to detect intrusion in the system.
Conclusion
Single point of contact can be reduced
Physical operations like Closed Security television, Physical Security Protection, and Perimeter Security
Upgrade of legacy systems, update firewalls, multiple factor authentication
Access Control policy, Data protection and encryption policy and disaster recovery policy.
Thank You
