To decently procure an information system means protecting its files and other confidential information from abuse. The current velocity of technological growing requires of all time evolving security steps to follow these developments. As the members of Team “A” set out to turn to this demand. it was necessary to discourse the demands. The foundation of all concrete security programs require a elaborate cognition of all current systems. the tools needed to carry through security demands and employee preparation. The execution of these demands will be outlined within a concluding Security Presentation. Kudler Fine Foods is an upscale forte nutrient shop that has three locations located in the San Diego country. Kudler has a new enterprise they would wish to prosecute. They want to make a client wages plan that will track their loyal clients purchasing behaviours. For clients that participate in this plan. they will roll up trueness points that they can deliver for high-end ware. forte nutrient or air hose ascents.
“The client purchase behaviour forms will assist Kudler polish its procedures and offerings to outdo satisfy their valued customers” ( University of Phoenix. 2013. parity. Gross saless and Marketing Overview Virtual Organization Portal – Kudler Fine Foods ) . This IT security study will travel over the top security IT threats. security considerations. security policies. and awareness preparation. The security study will assist the design squad protect the new system from the menaces that have been identified during the design stage of the new system. At the terminal of this study there will be commissariats suggested that will assist Kudler Fine Foods internal staff to assist formalize security steps one time the new plan is up and running so they can maintain the system safe from hackers. onslaughts or any unauthorised forces. Identifying Top Threats & A ; Summary
There are many security menaces that can impact Kudler Fine Foods. Throughout the hebdomad. the squad members worked to find any and all possible menaces that could impact Kudler Fine Foods Customer Rewards Program. The two most important menaces that need to be focused on are “Data Loss” and Identity Theft” . Protecting customer’s personal information must be the first precedence. To assist cut down these hazards and menaces. it is of import to utilize hallmark to let entree to merely those who need it. This will in bend cut down web traffic doing informations transportations smoother and will increase productiveness. All virus package. firewalls. and spots will besides hold to be on a regular basis updated to maintain the per centum of security menaces to a lower limit. It is besides really important to do certain that all informations is backed on at least a day-to-day footing so the informations can be retrieved for any hereafter usage. This squad will utilize the information that was gathered this hebdomad for the foundation of our security program. This tabular array below will place menaces and the exposures that each menace will work. Kudler Fine Food IT Top Security Threats
Area of System
Individual terminuss can be compromised. and recognition card informations stolen Customer Information
Denial of Service ( DoS )
Illegal entree to the system
Loss or alteration of information if there is illegal entree occurs. Data backup
The System can neglect. and informations will be lost if the proper backup processs
are non carried out. Network traffic
Unauthorized usage can overload the web doing a lag in public presentation Causing a lag in public presentation. production and a loss of net incomes. Employees sing harmful sites and downloading detrimental apps.
Security Considerations System Development
The chart below will demo the system development procedure stages that were identified. The system development procedure starts with the planning procedure. analysis. design. proving. execution and ends with how the system will be maintained and unbroken secure. Using the system development procedure stage. these security considerations will be analyzed in every phase. Every hazard can non be planned. The hazards that can be identified will hold policies and processs in topographic point so that a hole can be implemented instantly. With small to no downtime. menaces and catastrophe create little concern impacts. System Development Phase
Extenuation of Risks
Do non cognize if there are any bugs in the system or if the system is unafraid. Decisions about security. Preliminary hazard appraisal.
Develop basic security demands. Puting up an lineation that will place the response and control of a menace. Create an lineation that will place the response and control of a menace. Analysis
Vulnerabilities impacts loss of confidentiality. unity. and handiness. Review legal. security demands and ordinances. Determine the consequence a catastrophe will hold on the handiness information. and the clip it will take to hold the system map decently. Design
Design ( continued )
Unauthorized entree and usage. Bugs that were missed.
Security program and plan security controls are designed and tested. Evaluation program for security controls. Encoding for informations and hallmark for each employee at the proper security degree. Testing
Multiple viruses and computing machine feats left unbridled due to incompatible security sweetenings. Preliminary testing and execution of security steps on stray machines. Compatibility and stress proving amongst known hardware infections. Execution
Malware. Spyware because Firewalls and Security plans non updated. Security controls are designed. developed. implemented and tested decently to the fullest extent. Evaluation program is written. Check any safety or security issues.
Enhancements. alterations. hardware and package added or replaced. User demands. Ensure all sweetenings alterations hardware and package are safe and secure. Replaced hardware or package should be destroyed wholly by the security squad. Downtimes have to be scheduled really carefully during the off times. Monitor continuously for any user alterations.
If the system is of all time removed from service due to power outages. cyberspace outages or other catastrophes scenarios. all users will be moved to a manual manner. If there is non a backup system. so the informations security will be compromised. Data unity may besides be affected because the information will be unaccessible. To get the better of this. all users will hold preparation on both chief and backup systems. The users will besides be instructed on manual processs and policies. A backup in system topographic point will enable multiple points of informations Restoration ( cloud. web storage. and distant ) . These security steps will implement the protection of informations. Security Policy and Training
It will be necessary to set up several security policies for the creative activity of Kudler Fine Food’s Customer Rewards plan. The program’s completion will increase gross revenues and client service exponentially. In order for this system to stay secure. an hallmark and handiness policy is developed. Users will merely be granted entree if a signifier of pre-authorization exists. It is of import to find who has the ability to entree the information. Information is of import for any company and accordingly hallmark and handiness to said information must be limited. A security policy is required to guarantee that the buyer’s plan maintains the shopper’s information. This is made possible through the Enterprise Information Security Policy ( EISP ) . The EISP is a program that is accountable for a scope of countries of informations security and safety. This will include all care programs. processs and duties for the users. The program may assist with legal issues. which may originate from unanticipated state of affairss. The EISP paperss will include the undermentioned factors: Review of Awareness on Protection
Duties Shared by Users
Duties Specific to Each Role
Security Policy Elementss
Kudler Fine Foods is required to protect its client and organisational information. To make this. a security policy will be created by senior direction and reviewed by the legal section. An awareness preparation session will be held for all employees to travel over this policy. A strong security policy will guarantee this information is kept safe. The undermentioned elements will be included in the security policy: Categorization of Information
Internet Use Policy
E-Mail Use Policy
Need to Know & A ; Less Privilege
Username & A ; Password
Disposable & A ; Destruction of Information
The undermentioned audit commissariats will assist Kudler Fine Foods internal staff to formalize security steps to maintain the new client wagess plan safe from hackers. onslaughts and unauthorised forces. There will be 10 patterns for the internal staff to get down with. Gluscevic ( 2003 ) . “These 10 patterns include different sorts of information security. such as policy. procedure. people. and engineering. all of which are necessary for deployment of a successful security process” ( Introduction ) . By following these patterns. it will give Kudler Fine Foods and any other organisation a unafraid manner to pull off their security hazard. The 10 patterns are: General Management – Security directors create the security policies and procedures. Their occupation is to do certain the policies and processs are followed on a day-to-day footing. They will besides make the audit processes.
Policy – Written regulations to educate employees how they need to carry on concern every twenty-four hours while maintaining the information safe. Risk Management – Conduct hazard ratings that will place menaces. exposures. and hazards. Security Architecture & A ; Design – Know the assets that need to be secured. User Issues – Accountability. unity. and preparation.
System & A ; Network Management – Access controls. package unity. backups. and informations encoding. Make regular virus cheques and updates. Authentication & A ; Authorization – Provide web entree to all users based on the degree of entree they are approved for. Restrict users to degrees. they do non hold approved entree. Monitor – Use system monitoring tools to scrutinize. inspect and respond to activity in inquiry to describe on the events and conditions of the system. Physical Security – This pattern is normally ever forgotten. but this is a necessary pattern to assist secure who has entree. Use physical controls. for illustration. badges. swipe cards. keys. and a sign-off characteristic for certain of inaction on a laptop or computing machine. Disaster Recovery – This is merely in instance your informations is lost or damaged. Hopefully. it will non be by utilizing the patterns above but merely in instance make a catastrophe recovery program and prove it to do certain it works before you need it. Using these patterns will assist maintain Kudler Fine Foods new system safe from menaces. onslaughts and unauthorised users acquiring entree to information they do non hold authorization to see. Decision
In decision. Kudler Fine Foods is holding a client wages plan system created. This squad was given the assignment to make an IT security study where we identified the top IT security menaces. security consideration. security policies. and security consciousness preparation. The design squad will utilize this study to construct in security characteristics at the beginning. so they do non hold to turn back and make this characteristics after the design stage. Security consciousness preparation is important that Kudler gives their employees. This preparation will assist the employees detect possible invasions and will understand how valuable the information is to their employer and the unity. If everyone follows the security policies and processs. this system will be free of hackers. onslaughts. and unauthorised forces.
Conklin. W. A. . White. G. . Williams. D. . Davis. R. . & A ; Cothern. C. . ( 2011 ) . Comp TIA Security + ( 3rd ed. ) . Retrieved from The University of Phoenix eBook.
Gartenberg. M. ( 2005. January 13 ) . How to develop an enterprise security policy. Retrieved from hypertext transfer protocol: //www. computerworld. com/article/2569303/security0/how-to-develop-an-enterprise-security-policy. hypertext markup language
Gluscevic. M. ( 2003 ) . Implementing Basic Security Measures. Retrieved from
hypertext transfer protocol: //www. net-security. org/article. php? id=458
University of Phoenix. ( 2013 ) . Virtual Organization Portal – Kudler Fine Foods. Retrieved from University of Phoenix. CMGT400 web site.
Whitman. M. . & A ; Mattord. H. ( 2004 ) . Information Security Policy. In Management of information security ( Fourth ed. . p. 154 ) . Boston. Mass. : Thomson Course