Course Hero Logo

CST630_Project3_SSR.docx - Running Head: System Security...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 4 out of 16 pages.

Running Head: System Security ReportProject 3 Cybersecurity System Security Report for Acquisition
System Security Report 1I.Policy Gap AnalysisIn Recent months this company has undergone dramatic changes to its digitalinfrastructure. With the implementation of the Bring Your Own Device (BYOD) policy thecompany has radically altered the IT topology of the company’s network. Now the company willsoon be merging with Anothrtech, a streaming company with a customer base of approximately150,000 users, and an additional 50 employees. While this merger will undoubtedly be a boonfor the company’s financial future in the near term it will add an additional layer of complexityto the company’s security posture.New security concerns will arise due to the merging of IT infrastructure between the twocompanies, as well as the merging of the policies which concern them. The PCI SecurityStandards Council (PCI SSC) has developed standards which are intended to protect paymentdata of customers during business transactions. It is necessary to address the gaps in policy toplace the company back in compliance with these standards as quickly as possible.There are two areas which have been identified as needing to be addressed, protectingcard holder data, and maintaining a vulnerability management program. These areas are thebiggest issues of noncompliance which have been identified. Taking steps to address these issueswill ensure the company remains in compliance and increase the overall security posture of thecompany. Protecting cardholder data involves two separate standards. The protection ofcardholder data at rest, and the protection of data in motion.Data in transit, is the state of data as it is transported across digital infrastructure to adestination. Protecting data here requires that customers be able to transmit cardholder data to usin an encrypted, secure form so as to avoid interception. This requires that payment websites
System Security Report 2utilize a high level of encryption as well as a secured http (https) address. While this will notnecessarily protect a customer from threats in between their device and the router they are usingit is important that the company protect this data at the soonest possible point.Data at rest is data that is being stored and not currently either in use or being transported.This includes when the data is being stored on company servers. Even at this point paymentinformation should be in an encrypted state. While information can be intercepted during transitit is far more likely that it will be stolen while at rest. When contained on the company’s serversthe company is responsible for the protection of such information. Encryption and a solidsecurity posture are essential to safeguarding this data while in this vulnerable state.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 16 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Summer
Professor
N/A

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture