Technological Project Newspaper: Information Systems Security
Info Systems Reliability
Haseeb Ahmed Khan
CIS 333 Basics of Information Reliability
March 12, 2012
In the current IT world every firm has a responsibility to protect the data and sensitive data they may have. Protecting data is not only responsibility of protection and THAT staff yet every individual is definitely involved in safeguarding the information. The potential risks to data security aren't digital just, but it entails technology, persons and process that an firm may have. These hazards may stand for the problems which might be associated to complex and expensive solution, but undertaking nothing about these risks is definitely not the solution. The case we've been assigned today deals with physical and rational vulnerabilities and protection against the potential risks and threats by suggesting the best controls to both mitigate, steer clear of and transfer the risks. For being an Information Security officer at a newly opened up location within a busy shopping mall, I have been asked to identify physical and reasonable risks to the pharmacy businesses and also to advise remedies to prevent any enormous loss to the business. The pharmacy businesses involve the initial transactions which involves the essential patients' info, valuable medicine and usage of cash. The regulation set by the federal government obligates a pharmacy to fulfill certain requirements to secure reasonable and physical access to data systems. The pharmacy is usually comprised of 5 work channels, there is a drug storage are and the workplace in the building which has a data file server, website controller and a firewall. The three of the four operate stations are placed at the counter-top to record and obtain information of customers' purchase. The admittance of the store if through the mall and there the drug utility area is firmly locked location behind front side counters. A store has a back again door access which is used by the employees and for delivery of recent drugs. Because an IT officer Need to protect almost all aspect of protection including physical security of IT systems.
Information Devices Security
Physical security is an essential a part of information technology protection. Physical secureness encompasses not simply the area that contains system equipment, but likewise locations of wiring utilized to connect the systems, supporting services, back-up provisions and any other part of the systems. Laptop computers and other types of mobile computing devices should also be safeguarded from fraud. The data within the mobile devices at times more than the worth of the device. Such products can also be an entry point on network. To begin with the physical vulnerable location to THIS systems inside the pharmacy. Following identifying the IT property of business we can surly identify the physical dangers. * Server Room
2. File hardware
* Website controller
5. Front Counter workstations
The spine door because showed inside the floor prepare is used by employees from the pharmacy in fact it is often used pertaining to delivery of drugs. The gain access to through this door is actually a physical weeknesses. Only authorized personal should be allowed to use this door. Any kind of unidentified admittance or activity should be watched carefully. Such incident can lead to loss of physical devices. The server place is a very secured place which should be allowed only to THAT people, additional personal must be granted access by looking for special authorization. The door needs to be locked on a regular basis to protect THIS assets. The workstations in front counters also needs to be locked and put securely to stop any fraud. The caged area may not be locked at all times, it would lead to low productivity as employees move between the store, workplace and front side counters. Protecting the machine room simply by locking it's the first step; monitoring makes it more effective if somebody breaks into the server space. In case of an incident, one can possibly easily chin up the video and check that for a particular period or for a event. " A logical breach...
References: Kim, D., & Solomon, M. (2012). Principles of information devices security. Sudbury, MA: Smith and Bartlett.
Section of Fund and Supervision, State of Tennessee. (2008). Enterprise Data Security Guidelines. (Document Version 1 . 6)
Swanson, Meters., & Guttman, B. (1996). Technology Operations, NIST. Generally Accepted Principles and Methods for Acquiring Information Technology System, retrieved Mar 11, 2012, from http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf
Benton, Ur., (2005). Securing The Venture, retrieved March 12, 2012, from http://www.sans.org/reading_room/whitepapers/casestudies/case-study-information-security-securing-enterprise_1628
Ghosh, A., & Cigital, M. An Approach to Defending Against New and Unknown Destructive Software. Recovered Feb of sixteen, 2012, coming from http://www.cigital.com/resources/papers/
Farahmand, & F., Navathe, & T., Sharp, G., & Enslow, P., Determining Damages details Security Situations and Selecting Control Actions, a Case Analyze Approach, Retrieved March 11, 2012, from http://infosecon.net/workshop/pdf/39.pdf