In: Computer Science
You have joined a company as a security consultant, discuss the vulnerabilities of the company’s data and systems and propose a plan to protect company assets.
First let us know the work of security consultant:
The work is to conduct information security management reviews and information security management system assessments.
The vulnerabilities of the compamy's data and systems are:-
1. Angry or Dissatisfied Employees
The members of the company with IT with knowledge of and access to networks,data centers and admin accounts can cause severe damage.
2.Careless Or Uniformed Employees
Employees who are not trained in security best practices and also have weak password,visit unauthorised wesites and or click on links in suspicious emsils or open email pose an enormous security threat.
3. Mobile Devices
Using mobile by the employees to share data,access company information,or neglect to change mobile passwords.
4. Third Party Service
Because of more complexity in company they go for outsources and vendors to support and maintain systems.These third party usually dont follow security practices,like they use default password to connect to their clients.
5. Cloud Appications
It is a internet based programme where some or all of the processing logic and data storage processed in the cloud.Sometimes these cloud appications are vulnerable because of the hackers.
Plans to protect the company asset
1.The first step is to identify the previleged accounts and credentials immediately and terminate those which are no longer in use or are connected to employees that are no longer at the company.
2.Train the employees on cybersecurity best practices.
3.Encryption is necessary,even if individual employees hasnot taken personal precautions to lock their phone.But IT department can look over upon it and to be extra safe can implement OTP,RFID and finger print etc.
4.BYOD Policy ,employees are better educated on device expectations and companies better monitor email and documents downloaded to company or empoyee owned services.
5.Implement mobile security that it protect corporate data and access corporate systems and ensures corporate content stay encrypted under ITs control.