MMT2 Task 3 ddav126.docx - Security Policy Review A Energy...

This preview shows page 1 - 4 out of 8 pages.

Security Policy ReviewA Energy CompanyDarla Davidson ddav1265/27/2020Page 1
Security PoliciesA. Effectiveness of A Energy Company security policies regarding ethical issuesThe effectiveness of security policies relies on them to be complete, available and understandable. The end users must formally acknowledge these policies and be accountable for any indiscretions. These policies should be reviewed on a regular basis to ensure that they are up to date and still effective. A1. Unethical risks by internal users1)Internal users that have full access to accounting details without any restrictions could use this data for their own benefit. This data could be used for analysis to determine when stock prices could be lower so that they know when to buy prior to public knowledge or they could use the data to know when the stock prices were high, so that they could sell prior to a drop in price. This data could be used for their own benefit or to sell the data to others outside the company. 2)Another opportunity for unethical use of data would be from the R&D department. Anyone that has access to proprietary data for new products could sell this data to the highest bidder. This would allow the competition to market and produce new products prior to A Energy Company launch of the new products. 3)The current email policy for employees states that personal email can be sent from their business email. If marked as personal, this email will not be monitored. This would be an opportunity for employees to easily export data that should be kept secret. All emails should be monitored and are company owned. A2. Unethical risks by external users1)Vendors visiting the plants could gain access to restricted areas. These vendors would be issued an electronic id card which would only allow access to certain areas. However, the vendors may be able to coerce employees to give them access to areas that would be Page 2
unethical, such as the R&D department. This would allow them to view and possibly access files that they could use to sell to competitors and/or their own customers. 2)Phishing is an unethical risk that everyone should be aware of. Emails are sent that may resemble legitimate companies/users and/or legitimate requests for actions. The legitimate companies could be Microsoft or the users could be anyone with a common name. Once the email is opened, there may be an “action required” or it may redirect to a onedrive file where you have to login. While logging in, the hackers is harvesting your credentials so that they can infiltrate the company system. B. Security ThreatsSecurity threats within any company are a huge threat for health, safety and profitability. A Energy Company has many security policies to address these concerns with the following three documented policies:Employer Security PolicyData Security PolicyAccounting Security PolicyThese policies are well documented, but there may be room for improvement. These policies

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture