Security Policy and Risk Strategy

Security Policy and Risk Strategy

Over the last several years, a variety of organizations have begun to implement various security and risk assessment protocols, to ensure that they are protected against the changing nature of threats against them. This has caused many organizations to assume that they are safe from all possible threats, which increases the overall amounts of vulnerability. As this lack of vigilance has created a situation where some type of security vulnerability will be missed. Once this happens, is when the entire network is exposed to these threats. In the case of Making Money Corporation (MMC), they are vulnerable to the changing nature of threats from: the different locations and the large amounts of personal / financial information that they store on their servers. As a result, the company is interested in implementing a robust data recovery plan. To successfully implement this type of protocol requires examining: the characteristics of the environment, the responsibilities for selecting / maintaining the strategy, the procedures / products that will be used, how the procedures / products will help the organization and where these procedures / products should be implemented within the company. Together, these different elements will provide the greatest insights as to how MMC can successfully implement a new risk protocol.

Characteristics of the particular environment that may influence the strategy

Since the company has 30 branches across three different states, means that there is always that possibility that security could be breached or compromised in some way. This could be in the form of hackers being able to successfully penetrate a location's security infrastructure. Where, the it staff at a particular location many assume that they are safe, without keeping on top of the changing nature of the threat. This is problematic because once such attitudes begin to occur, means that there is the possibility that the financial information of a particular branch could be compromised. An example as to how severe this problem has become can be seen with a study that was conducted by the Department of Homeland Security, which found that 30% of companies monitor and test their plans. (Mason, 2010) This is significant, because it shows how each individual branch could have its own unique security threat. If they are not testing their plan, then the realistic possibility exists that at some point, hackers will successfully penetrate the system. The way that you could implement these risks in the system, is to have a team that will randomly test the security of each location (unannounced). Once the vulnerabilities are discovered, is when they can work with the it personnel at each location to rectify these different security issues.

Roles involved in the selection and maintenance of the strategy

To successfully implement and maintain any kind of security protocol requires that the entire staff understands their responsibilities. At which point, they would then communicate the different issues that could be encountered. As a far as the management is concerned, their responsibility is to maintain the necessary leadership and constant focus on always identifying weaknesses in the system. This would include: ensuring that there are sufficient funds for the it personnel to implementing new changes quickly. The various it staff would serve as the front line defense that is monitoring for various breaches and is communicating this information to management / staff. Once the staff is informed of what is occurring; they can serve in secondary role by monitoring for any kind of strange activity. You would then, have an independent team of security personnel, at another location that will constantly seek out ways to exploit the system's vulnerabilities. At which point, they would report to management what they discovered.

Selection of a particular set of procedures and products

The procedure that will be selected is one that involves the process of streamlining. Since, the company is using a total of 50 different servers, makes it obvious that each location is storing their own set of information. This increases the overall security risks that are faced by the company exponentially. To effectively prevent such situations, requires using a single protocol that will store all information at two separate locations. The most appropriate products that could be used by MMC to achieve this objective would be: IP San and a Snap Lock. An IP San is a fiber optic channel that can provide secure real time data to each location. Where, software and security applications can be adapted to the current system that is being used. The Snap Lock is: a security software that can be used to provide an effective way for each location to retrieve, update and change information.

Support for why these procedures and products are the optimal approach for this organization

The reason why these different procedures and products were selected was: to reduce the overall risk exposure of the company's external threats. The current system that is being used by MMC increases risks dramatically, by having a number of different systems, where financial information is stored. If any one of these systems is vulnerable, there is the possibility that you could see a major security breach. To reduce these risks requires limiting the number of locations to two. You would then, use fiber optics and other high speed protocols to deliver the data to each location. The IP San was chosen, because it can effectively adapt to the current system that is being used, it works with a variety of financial programs and it offers secure connections. ("IP San, " 2010) You would then, use the Snap Lock security software as an added layer of safety against possible breaches. This system would work more effectively, because it would create a virtual fortress around the company's it infrastructure. ("Snap Lock Compliance and Snap Lock Enterprise Software," 2010)

High level architectural and design details for how and where these procedures and products will be implemented within the organization