70 strategy implementation project 2 11 71 security

This preview shows page 10 - 13 out of 19 pages.

7.0 STRATEGY IMPLEMENTATION
Project 2 11 7.1 Security Controls The need for security controls in cybersecurity cannot be underestimated. Since hackers are always on the lookout to commit a crime using advanced technology, to help the organization counteract such ill intentions, it is crucial to ensure that both national and international standards properly adhere (Tripwire, 2019). In this case, security controls refer to measures taken to mitigate or minimize security threats; therefore, PBI-Fs will need to implement these security controls. 7.1.1Baseline (Mandatory Controls) 7.1.1.1 Implement strict access control The access control measures refer to the security accorded to the authentication process used by the organization. Access control gives certain employees the privileges to access specific data and resources in the organization's information system. For instance, certain information cannot be made available to ordinary staff members, but it can only be availed to the high- ranking I.T. personnel in the organization. Thus, it is the responsibility of the I.T. department to deny or grant access to certain information to various users (Michael, 2018). 7.1.1.2 Secure encryption and back up data The company uses cloud-based services in which the data from transactions are backed up every 30 minutes. Moreover, it is essential to know that the database is copied weekly to the cloud-based servers for data backup. The significant controls that will ensure data availability and integrity are data backup and encryption. However, one should note that cybersecurity may still occur, leading to significant data loss even to the organizations that have implemented robust security policies. As such, the organization needs to have a continuity
Project 2 12 plan. In the event of total data loss, it will be easy for the business to find a new system and continue its operations. Moreover, the business can secure the backup data stored in the cloud through access control measures and strong passwords ( Srinivas, Das & Kumar, 2019). 7.1.2 Compulsory Controls (Administrative, Operational, Tactical) 7.1.2.1 Implementing Perimeter Defense (VPN and Firewall) The perimeter defense is a control technique that helps to protect the organization's network from internet hackers. A firewall, one of the universal perimeter defense systems, helps protect the corporate information system or network. Using Virtual Private Network is an important control that protects offices that are located far from each other. Yet, they need to share the network resources. The VPN helps secure the organization from internet hackers since it prevents sniffing and eavesdropping ( Srinivas, Das & Kumar, 2019). 7.1.2.2 Have a comprehensive incidence response plan It is recommended that PBI-FS should maintain a comprehensive incident response plan.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture