Login Signup
Verified Document

Security Implementation Business Proposal

Related Topics:
Security Security Management Auditing Audit
Open Document Cite Document

¶ … Room With a View Enterprise Risk Assessment

The principle risk associated with the Data Security Coordinator and his or her role in the security plan is in properly training employees and selecting the proper service providers. Additionally, it is necessary to continually monitor and evaluate the progress of service providers to ensure that they are compliant with both enterprise and industry standards. Internally it is necessary to ensure that there is a set period of no more than a month for which passwords must be changed. Personal information should be accessible only to the Data Security Coordinator and to C. level employees. An orderly, formal procedure needs to take place for de-provisioning terminated employees in which they provide access to all of their data and have all of their employee access denied. Risk assessment for external risks includes evaluating and monitoring the progress of the service provider responsible for provisioning the company's firewall. Additionally, depending on the efficacy of encryption methods, data masking may be needed to augment the aforementioned method. User authentication is a point of risk that can ideally be solved with a two-pronged authentication method, such as which is provided by "Google's Authentication platform" (Harper, 2014). Data protection...

Parts of this document are hidden

View Full Document
svg-one

A checklist should be created for doing so, as well as for evaluating the processes and procedures of service providers. Auditing the internal risks aspect of this security plan will involve checking records to determine when passwords for all employees were changed and if those changes were made on schedule. It will also require denoting if there are any reports of unauthorized customer information. To audit external risks, the auditors will need to see if relevant data has been encrypted or masked, which will purportedly require the 'keys' to these methods. The access control measures and the authentication profiles (the latter of which should utilize a dual identification approach) can be audited by having employees utilizing them, and testing their accessibility without employees entering the correct information. External threats can be audited by testing the validity of the security…

Continue Reading...
Sources used in this document:
References

Harper, J. (2014). Data replication: The crux of data management. www.dataversity.net Retrieved from http://www.dataversity.net/data-replication-crux-data-management/

Harper, J. (2014). Cloud data protection. www.dataversity.net Retrieved from http://www.dataversity.net/cloud-data-protection/
Cite this Document:
Copy Bibliography Citation

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now