The foundation of all concrete security plans require a detailed knowledge of all current systems, the tools deed to accomplish security needs and employee training. The implementation of these requirements will be outlined within a final Security Presentation. Cuddle Fine Foods is an upscale specialty food store that has three locations located in the San Diego area. Cuddle has a new initiative they would like to pursue. They want to create a customer rewards program that will track their loyal customers buying behaviors.
For customers that participate in this program, they will collect loyalty points that they can redeem for high-end merchandise, specialty food or airline upgrades. “The customer purchase behavior patterns will help Cuddle refine its processes and offerings to best satisfy their valued customers” (University of Phoenix, 201 3, Para. Sales and Marketing Overview Virtual Organization Portal – Cuddle Fine Foods). This IT security report will go over the top security IT threats, security considerations, security policies, and awareness training.
The security report will help the design team protect the new system from the threats that have been identified during the design phase of the new system. At the end of this report there will be provisions suggested that will help Cuddle Fine Foods internal staff to help validate security measures once the new program is up and running so they can keep the system safe from hackers, attacks or any unauthorized personnel. Identifying Top Threats & Us Mary There are many security threats that can affect Cuddle Fine Foods.
Throughout the week, the team members worked to determine any and all possible threats that could affect Cuddle Fine Foods Customer Rewards Program. The two most significant threats that need to be focused on are “Data Loss” and Identity Theft”. Protecting customer’s personal information must be the first priority. To help reduce these risks and threats, it is important to use authentication to allow access to only those who need it. This will in turn reduce network traffic making data transfers smoother and will increase productivity.
All virus software, firewalls, and patches will also have to be regularly updated to keep the percentage of security threats to a minimum. It is also very crucial to make sure that all data is backed on at least a daily basis so the data can be retrieved for any future use. This team will use the information that was gathered this week for the foundation Of our security plan. This table below will identify threats and the vulnerabilities that each threat will exploit.
Cuddle Fine Food IT Top Security Threats Area of System The reads Potential Vulnerable itty POS Terminals Mallard Individual terminals can be compromised, and credit card data stolen Customer Information Spare Identity Theft Operating System Unauthorized Access Denial of Service (DOS) User Authentication Illegal access to the system Loss or change of information if there is illegal access occurs. Data backup Data loss The System can fail, and data will be lost if the proper backup procedures are to carried out.
Network traffic Unauthorized use can overload the network causing a slowdown in performance Causing a slowdown in performance, production and a loss of profits. Employees visiting harmful sites and downloading damaging APS. Security Considerations System Development The chart below will show the system development process phases that were identified. The system development process starts with the planning process, analysis, design, testing, implementation and ends with how the system will be maintained and kept secure. Sing the system development process hash, these security considerations will be analyzed in every stage. Every risk cannot be planned. The risks that can be identified will have policies and procedures in place so that a fix can be implemented immediately. With little to no downtime, threats and disaster create small business impacts. System Development Phase Sec rarity Threats Mitigation of Risks Planning Do not know if there are any bugs in the system or if the system is secure. Decisions about security. Preliminary risk assessment. Develop basic security needs.
Setting up an outline that will identify the response and control of a threat. Create an outline that will identify the response and control of a threat. Analysis Vulnerabilities impacts loss of confidentiality, integrity, and availability. Review legal, security requirements and regulations. Determine the effect a disaster will have on the accessibility information, and the time it will take to have the system function properly. Design Design (continued) unauthorized access and use. Bugs that were missed. Security plan and program security controls are designed and tested. Evaluation plan for security controls.
Encryption for data and authentication for each employee at the proper security level. Testing Multiple viruses and computer exploits left unchecked due to incompatible security enhancements. Preliminary testing and implementation Of security measures on isolated machines. Compatibility and stress testing amongst known hardware infections. Implementation Mallard, Spy. Rare because Firewalls and Security programs not updated. Security controls are designed, developed, implemented and tested properly to the fullest extent. Evaluation plan is written. Check any safety or security Issues.
Maintenance Enhancements, modifications, hardware and software added or replaced. Seer requirements. Ensure all enhancements modifications hardware and software are safe and secure. Replaced hardware or software should be destroyed completely by the security team. Downtime have to be scheduled very carefully during the off times. Monitor continuously for any user changes. If the system is ever removed from service due to power outages, internet outages or other disasters scenarios, all users will be moved to a manual mode. If there is not a backup system, then the data security will be compromised.
Data integrity may also be affected because the information ill be inaccessible. To overcome this, all users will have training on both main and backup systems. The users will also be instructed on manual procedures and policies. A backup in system place will enable multiple points of data restoration (cloud, network storage, and remote). These security measures will enforce the protection of data. Security Policy and Training It will be necessary to establish several security policies for the creation of Cuddle Fine Food’s Customer Rewards program.
The program’s completion will increase sales and customer service exponentially. In order for this yester to remain secure, an authentication and accessibility policy is developed. Users will only be granted access if a form of pre-authorization exists. It is important to determine who has the ability to access the information. Information is important for any company and consequently authentication and accessibility to said information must be limited. A security policy is required to ensure that the buyer’s program maintains the shopper’s information.
This is made possible through the Enterprise Information Security Policy (ISP). The ISP is a plan that is accountable for a angle of areas of data security and safety. This will include all maintenance plans, procedures and responsibilities for the users. The plan may help with legal issues, which may arise from unforeseen situations. The ISP documents will include the following factors: Review of Awareness on Protection Duties Shared by Users Duties Specific to Each Role Security Policy Elements Cuddle Fine Foods is required to protect its customer and organizational information.
To do this, a security policy will be created by senior management and reviewed by the legal department. An awareness training session will be held for all employees to go over this policy. A strong security policy will ensure this information is kept safe. The following elements Will be included in the security policy: Classification of Information Acceptable Else Internet Usage Policy E-Mail Usage policy Need to Know & Less Privilege Privacy Policy surname & Password Disposable & Destruction of Information Ensuring that all company employees are properly trained on each listed security policy is vital.
Items such as “Privacy Policy” and ‘Classification of Information” will exist on the forefront of these training sessions. This is to ensure that all customer information entered into the new system remains safe from misuse. Sessions will be reviewed and updated periodically to promote knowledge retention. “In a changing environment, policies can retain their effectiveness only if they are periodically reviewed for currency and accuracy, and modified to keep them current” (Whitman. 2004, p. 54). “Policies can be made stronger by including references to the authority who made the policy (whether this policy comes from the CEO or is a department level-policy) and also refer to any laws or regulations that are applicable to he specific policy and environment” (Conklin et al. 2011 , p. 39). Once the security policy is created and reviewed by the legal department procedures will also be established to comply with the security policy that every employee will receive a copy.
Audit Provisions The following audit provisions will help Cuddle Fine Foods internal staff to validate security measures to keep the new customer rewards program safe from hackers, attacks and unauthorized personnel. There will be ten practices for the internal staff to start with. Sluice (2003), “These ten practices include different kinds of information security, such as policy, process, people, and technology, all of which are necessary for deployment of a successful security process” (Introduction). By adopting these practices, it will give Cuddle Fine Foods and any other organization a secure way to manage their security risk.
The ten practices are: General Management – Security managers create the security policies and processes. Their job is to make sure the policies and procedures are followed on a daily basis. They will also create the audit processes. Policy – Written rules to educate employees how they need to conduct cuisines every day while keeping the information safe. Risk Management Conduct risk evaluations that will identify threats, vulnerabilities, and risks. Security Architecture & Design ? Know the assets that need to be secured. User Issues – Accountability, integrity, and training.
System & Network Management – Access controls, software integrity, backups, and data encryption. Do regular virus checks and updates. Authentication & Authorization – Provide network access to all users based on the level of access they are approved for. Restrict users to levels, they do not have approved access. Monitor – Use system monitoring tools to audit, inspect and respond to activity in question to report on the events and conditions Of the system. Physical Security – This practice is usually always forgotten, but this is a necessary practice to help secure who has access.
Use physical controls, for example, badges, swipe cards, keys, and a sign-off feature for certain of inactivity on a laptop or computer. Disaster Recovery This is just in case your data is lost or damaged. Hopefully, it will not be by using the practices above but just in case create a disaster recovery plan and est. it to make sure it works before you need it. Using these practices will help keep Cuddle Fine Foods new system safe from threats, attacks and unauthorized users getting access to information they do not have authority to see.
Conclusion In conclusion, Cuddle Fine Foods is having a customer rewards program system created. This team was given the assignment to create an IT security report where we identified the top IT security threats, security consideration, security policies, and security awareness training. The design team will use this report to build in security features at the beginning, so they do not have o backtrack and create this features after the design phase. Security awareness training is crucial that Cuddle gives their employees.