1. Home
  2. Samples List
  3. View

Data security proposal

Running Head: DATA SECURITY PROPOSAL
DATA SECURITY PROPOSAL
Name
Professor
Institution
Date
DATA SECURITY PROPOSAL
Strategies to mitigate data breaches from cyber attackers
Executive summary
Cybercrimes have been on the increase with one of the most common crime being data
breaches that have faced many companies leading to loss of millions of money. However one of
the main questions that any company should seek to answer is, how do cyber attackers get hold
of information and is there a way in which data breaches can be avoided and prevented? The
surprising answer is yes, any company that seeks to maintain confidentiality of their transactions
needs to come up with strategies that will put them ahead of the cyber attackers by having
systems that can detect any unusual activities within their network system. One of the main
sources of data breaches is poor management of the third vendor systems that are responsible for
approving credentials. Any company that seeks to stand strong to cyber-attacks needs to be
aware that prevention is vital, however detecting any attempts of data breaches early enough is
key. This proposal is aimed at giving an ideal solution to the problem.
The paper proposes some of the strategies that have worked for other companies however
the strategies will be flexible in that they will incorporate the unique characteristics of the
company. Key performance indicators of whether the system is actually working will also be
suggested. The proposal also seeks to identify some of the important data that need to be
collected in formulating effective strategies that will actually work. It will also address the type
architecture the will be used in an attempt to track how information flows from the user s to the
point where it is approved for any transaction to proceed. Finally the proposal will consider
whether it is more optimal to outsource the security system or to build it within the company’s IT
department.
DATA SECURITY PROPOSAL
Introduction
Borrowing closely from the situation that was experienced by Home Depot (consequent
data breaches over a period of five months) the company need to consider that investing in a
system that actually works and detects data intrusions quite early before irretraceable damage is
done is vital (Hawkins, 2015). The company needs to develop secure security configuration
software that regulates approvals on some of their third vendor terminals; the company also
needs to work on separating the company’s main corporate network and the vendor terminal
network. Proper monitoring systems to monitor the transactions the transactions by third parties
need to be put in place.
Key Performance Indicators (KIPS)
According to Gertz (2014) while it is imperative to detect intrusion into the companies
system detecting the intrusion early enough is a major step that will put the company ahead of
the cyber hackers who have a knack for intruding into some of the most vulnerable networks.
Key performance indicator will serve as a way of detecting the problem early enough. Some of
the key indicators that the company needs to consider include;
Having a network threat protection system
An antivirus solution
Frequent updates of windows system
A vulnerability management program
Segregation of networks
DATA SECURITY PROPOSAL
Capability to communicate any network intrusion to the company security team
This are some of the most important KIPS that the company needs to consider in their
strategy to reduce its vulnerability to data intrusion. A network threat shielding system is
essential as it is a host through which intrusion can be prevented by running configurations on
external devices. An antivirus solution on the other hand helps to keep track of malware that can
be used to attack the system in an attempt to steal data.
Cerrudo (2015) states that outdated windows increase the company’s vulnerability to
attacks by hackers hence the need to regularly update windows software used by the company
computers. On the other hand a vulnerability management system is used to perform frequent
vulnerability scan whose date can be used to identify any security gaps that need to be addresses.
The company should also consider separating its corporate network. When information is stashed
in one network then it becomes easy for hackers to access it as opposed to information that is in
different networks. Data which is located in different networks is hard to retrieve for hackers, for
example the company should separate its corporate network from the external point of sale
network within the company.
Data points
The company needs to access data from various data points. The data will often be
scanned in each security configuration process. The company will engage employee accounts
from which they can monitor the activities of the employees. Also USB port on the company’s
computers are also a major source of data and the company needs to take control of this ports by
either blocking some of them leaving only those that are necessary. The other source of data is
DATA SECURITY PROPOSAL
third party accounts which allow the security system to take control of activities of third party
users.
Systems that act as sources of information
The process of creating a system that will counter data breaches will involve the use of
various systems. The system will incorporate any point of sale systems that the company uses
and also end point sales system. Since some of the data intrusion comes from these systems
through use of fake credit cards then it is imperative for the company to incorporate and connect
the systems to the main security software that is to be built. Other system that will be engaged is
the window operating system that needs to be embedded to the current version. The VLANS
(Virtualized Local Area Network System) used by the company will also be considered as a
major source of data as a bulk of information is shared over the company’s corporate network
every day.
DATA SECURITY PROPOSAL
Architectural data flow
The point of sale device allows for data interpretation once the company employee
swipes a customer’s debit or credit card which is usually encrypted using a four digit code. The
data is then transferred to the POS registry where it is identified. The internet then links the
transfer of the information to the POS solution proved where it is encrypted by the system using
a sophiscated payment algorithm that allows for access of a specific transaction key. The data is
then sent to an eternal decrypter within the POS solution where the payment data is decrypted.
Once this is over the card is then encrypted again using the database encryption code and later
sent to the bank for decrypting once again after which it is ready to be used to make a
transaction. The whole process takes seconds but is complex enough to ensure that data breaches
are avoided.
POS
Register
The
internet
POS
provider
Decrypting
device
POS provider
encrypting device
bank
DATA SECURITY PROPOSAL
Building vs. buying the data security software
One of the main problems that companies face is poor management of security systems.
Buying a software that will be responsible for ensuring continued security of activities may seem
very efficient on the outside however there is the risk of not knowing whether the people who
build it are honest enough not to try to intrude in the system (Byrne, 2001). Nonetheless,
building a system within the company’s jurisdiction is a better strategy as there is confidentiality
in the system, also the system can be customized well enough to be in line with the needs of the
company. Building one within the extremes of the company allows for follow up in case there is
an internal breach by employees.
DATA SECURITY PROPOSAL
References
Byrne, S. (2001). Patent and Trademark Office. Washington, DC.
Cerrudo, C. (2015). Emerging us (and world) threat: Cities wide open to cyber attacks. Securing
Smart Cities.
Gertz, A. (2014, July 30). The real cost of Retail Data Breach.
Hawkins, B. (2015). Case Study: The Home Depot Data Breach. The SANS Institute.

Place new order. It's free, fast and safe

-+
550 words
Total price: $ 15.00

Our customers say

Customer Avatar
Jeff Curtis
USA, Student

"I'm fully satisfied with the essay I've just received. When I read it, I felt like it was exactly what I wanted to say, but couldn’t find the necessary words. Thank you!"

Customer Avatar
Ian McGregor
UK, Student

"I don’t know what I would do without your assistance! With your help, I met my deadline just in time and the work was very professional. I will be back in several days with another assignment!"

Customer Avatar
Shannon Williams
Canada, Student

"It was the perfect experience! I enjoyed working with my writer, he delivered my work on time and followed all the guidelines about the referencing and contents."

  • 5-paragraph Essay
  • Admission Essay
  • Annotated Bibliography
  • Argumentative Essay
  • Article Review
  • Assignment
  • Biography
  • Book/Movie Review
  • Business Plan
  • Case Study
  • Cause and Effect Essay
  • Classification Essay
  • Comparison Essay
  • Coursework
  • Creative Writing
  • Critical Thinking/Review
  • Deductive Essay
  • Definition Essay
  • Essay (Any Type)
  • Exploratory Essay
  • Expository Essay
  • Informal Essay
  • Literature Essay
  • Multiple Choice Question
  • Narrative Essay
  • Personal Essay
  • Persuasive Essay
  • Powerpoint Presentation
  • Reflective Writing
  • Research Essay
  • Response Essay
  • Scholarship Essay
  • Term Paper
We use cookies to provide you with the best possible experience. By using this website you are accepting the use of cookies mentioned in our Privacy Policy.