¶ … Room With a View
Enterprise Risk Assessment
The principle risk associated with the Data Security Coordinator and his or her role in the security plan is in properly training employees and selecting the proper service providers. Additionally, it is necessary to continually monitor and evaluate the progress of service providers to ensure that they are compliant with both enterprise and industry standards. Internally it is necessary to ensure that there is a set period of no more than a month for which passwords must be changed. Personal information should be accessible only to the Data Security Coordinator and to C. level employees. An orderly, formal procedure needs to take place for de-provisioning terminated employees in which they provide access to all of their data and have all of their employee access denied. Risk assessment for external risks includes evaluating and monitoring the progress of the service provider responsible for provisioning the company's firewall. Additionally, depending on the efficacy of encryption methods, data masking may be needed to augment the aforementioned method. User authentication is a point of risk that can ideally be solved with a two-pronged authentication method, such as which is provided by "Google's Authentication platform" (Harper, 2014). Data protection risks include utilizing the most salient method of replication for the purpose of backups -- cloud-based solutions are widely recommended (Harper, 2014).
Audit
Successfully auditing the Data Security Coordinator aspect of this Security Plan Outline requires going over in detail his or her training methods, and ensuring that they are successfully deployed in a consistent manner for each employee that is trained. A checklist should be created for doing so, as well as for evaluating the processes and procedures of service providers. Auditing the internal risks aspect of this security plan will involve checking records to determine when passwords for all employees were changed and if those changes were made on schedule. It will also require denoting if there are any reports of unauthorized customer information. To audit external risks, the auditors will need to see if relevant data has been encrypted or masked, which will purportedly require the 'keys' to these methods. The access control measures and the authentication profiles (the latter of which should utilize a dual identification approach) can be audited by having employees utilizing them, and testing their accessibility without employees entering the correct information. External threats can be audited by testing the validity of the security platform in use, while data protection and backups can be audited by utilizing updates for the purpose of maintenance to determine if data has been stored and is readily accessible.
Cyberlaw
You’re 74% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.