In: Operations Management
"Today's state-of-the-art network security appliances do a great job of keeping the cyber monsters from invading your business. But what do you do when the monster is actually inside the security perimeter? Unfortunately, all of the crosses, garlic, wooden stakes, and silver bullets in the world have little effect on today's most nefarious cyber creatures" (Manky, 2010). Review the Office Security Violations media and identify at least 10 security violations. For each violation, describe a remediation strategy. As the auditor, develop an e-mail for the director of this facility and include the violations as well as the remediation strategies along with a date for a second audit. expanding on the identified violations and strategies in their initial posts.
To : [email protected]
Subject: Violations of cyber security measures at the facility
Dear Sir,
Please find below the findings of the first cyber security audit with remedial measures that need to be taken to prevent potential breach of cyber security measures.
S.No. | Violation of of cyber security | Remedial measures |
1 | Unattended systems with account logged in | Formation of guidelines and need to educate / train the employees |
2 | Outside devices being run on the system | Prevention of use of outside / personal storage devices on the systems |
3 | Potentially harmful sites being opened on the system | Issue internet use policy at the workplace. Use of filters for eliminating these sites |
4 | Login credentials shared by the employees | Form policy of maintaining confidentiality of personal rights and privileges |
5 | Ambiguity in the roles to implement cyber security within the company | Clear assignment of roles and responsibilities to individuals |
6 | No policy to classify, store and maintain backup of the data | Data must be classified, access controlled and backup measures be in place. |
7 | Crisis response policy not in palce. | Form the policy to respond to a incident of cyber attack with defined roles and responsibilities |
8 | No vendor compliance policy in place | Policy and guidelines regarding third party vendors with complete control of access, both physical and virtual |
9 | Lack of physical security of systems at places | Installation of CCTV cameras or such security devices to monitor and check the unauthorised access |
10 | Software usage policy is not in line with licenscing agreements with companies | Re design the policy to comply with the licencing agreements and prevent the incidents of breach |
Kindly ensure complaince to / resolution of the above mentioned issues. We will conduct the second audit after six weeks, i.e. on Monday June 4th 2018.
Sincerely yours
MNO