Application Security

profilesanj71
Group3project.docx

Introduction

Due to an increase in digital devices such as computers in business and commerce workplaces, cybercriminals are increasing their targets on them. In this digital world, ensuring the security of devices is necessary, and getting things to the right track is normal. Increasing trends on the transformation of working of both people and devices are accompanied by data breaches; business' sensitive data being exposed to unauthorized people. This proposal aims at providing the various causes of increased data breaches at our organization, and the various steps to follow to mitigate the risk of data insecurity in future. Comment by Richmond Ibe: Please, rewrite your introduction. You can phrase it like this: The ABC corporation experienced data breach as such we the security team where asked to investigate into the possible cause of the issue. This project proposal will focus on the root cause of the data breach. Although, the request for proposal indicated that the incidence occurred as a result of lousy security. Based on our research we find out the losy security were as a result of high excalation of privillage given to emaployees that weren’t meant to have access. Therefore this project will focuss on the implimentastion of processes of assigning privileges to emaployess within ABC corporation. Something like this.

Problem Statement:

Data breaches are a great threat to organizations' data and information. Ideally, our employees regularly use computers and their laptops in the workplace to carry out daily business tasks. They, therefore, have access to all applications they need to use. In reality, many applications are used daily in work accomplishment. Although each application is protected by passwords and latest antivirus, cybercriminals may introduce new malware in the form of application. An employee may download the application without knowing its consequences, or download videos and music. Numerous cases of data breaches have been reported occurring in such a manner in many organizations. Comment by Richmond Ibe: Delete all of these sentences and rewrite it. Please, phrase it as: The problem researched is that there were lack of access control or lousy implementation of access control that created vulnerability for the ABC corporation. This vulnerability was as a result of providing higher excalation privillsges to employees that weren’t suppose to gain such access. Thereby violating the law of least privilege. Just something like this.

Purpose Statement

The purpose of the security department at the ABC Corporation fraternity is to ensure the security of all resources, data and any other company effort. The department aim at reaching our seniors to help us with strategies to ensure data security mostly, and strategies that are friendly to every worker. The purpose of this paper is to investigate on various causes of data breaches at our organization, and the various methods that we can follow to ensure that we mitigate the risk of data insecurity from occurring again in the future. Comment by Richmond Ibe: The purpose of this project is to investigate into the data security breach that occurred in 2018, and to find ways to mitigate the future risk of occurence. We will also, look into how to assign privillages to the emaployess, which was one of the major cause of the breach.

Scope Statement:

The project aims at researching the various causes of data breaches at ABS Corporation. This will help in coming up with the various steps that need to be followed in reducing the risk of a data breach in the organization. The goals for this project are maintaining a healthy environment and completely reducing the activities of cybercriminals to the organizational systems. The project would focus on data breaches and how to reduce them, rather it will not cover on the security of other organization's resources. We assume that we will have ample time to carry out the process effectively, although the lack of proper tools and enough personnel may hinder it. Fortunately, we believe that we shall deliver the right tools and techniques that will assist the organization in reaching out the various goals.

Impact assessment

Improving data security will be of benefits to the whole organization. Generally, the systems will be much safe. Improving the security of existing systems will be achieved in various ways. For instance, reducing data breach will ensure investment in virtual private networks, thus securing the systems. Proper disposal of business data would assist in reducing the related risks. This can be achieved by destroying the various papers and digital files completely to keep away the information from cybercriminals and other malicious attacks.

By limiting data exposure, the security of existing systems will be enabled. This can be achieved by measures such as data encryption while transmitting, and proper disposal of unnecessary and old business data. Also, limiting the data exposed and accessed by employees while performing their daily tasks can help in securing business data and information, thus mitigating related breaches. Moreover, forbidding the unencrypted devices within the organization will close the door to the attackers, denying them access to sensitive data and information. The systems, therefore, will be safe from being attacked.

Budget /Financial Assessment Comment by Richmond Ibe: You need to create a budget. You can use a table to present the budget outlays. The project sponsor will like to know how much it will cost him, and it should be made clear to him.

Implementing the project will have many advantages to the organization. As a result, various financial requirements would be needed in accomplishing the final project. For instance, the tools needed, personnel and time required will cost the organization. Also, the final deliverables will cost the organization a certain amount of cash. Generally, the whole project will cost the organization approximately three hundred dollars.

High-Level Functional Requirements: Comment by Richmond Ibe: High-level equirement should be presented into a diagram either by creating a used case scenario or Data-flow diagram.

Reducing the risks of data breaches within the organization would involve using various tools. Firstly, a tool for mapping data flow may be required, enhancing easy assessing of flow of information and data in the organization. Also, Data breach service would be used to help respond quickly to the incidences of a data breach. This would assist in getting back to normal business operations faster without much time being wasted. Appointing data protection officer would assist in overseeing protection practices. Moreover, the old firewalls would require to be advanced to new ones to enhance the security of various applications and software.