CYB_200_Project One
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
4
Uploaded by ISSIT_Learn
Professor Tharp
CYB 200
12 June 2022
6-1 Project One: Security Awareness Training Study Case Scenario Two
In this scenario, I work for as a security analyst for an IT firm that is serving a helpdesk role a financial company. While helping the administrative assistant in securing a printer, I noticed several issues in the security of the facility and how sensitive data was being handled and
secured. Customer data, financial data, and the company’s reputation are the assets in this scenario and the things that need to be protected. There are several security gaps that are severe and need to be addressed to prevent the company from losing any sensitive data and to ensure that the client’s needs are met.
One issue with this financial company and its practices is the fact that the cleaning crew moves about the facility unsupervised. The fact that this is a financial company should give the impression that everything should be locked down like a bank. However, this is not the case. The
cleaning crew was observed shoulder surfing the data on some of the financial analysts’ screens. Sensitive customer data could have been observed by the unauthorized person. This could cause major problems to the customer if personal identifying information is stolen that could lead to identity theft. There is also the issue of financial problems in the event that customer financial data is leaked. Another issue is the fact that cleaning crew members were observed retrieving documents that were sensitive in nature from the financial company’s destroy bins. This security issue is more severe than the previous one where a person who shoulder surfs may retrieve small amounts of information depending on how good they can memorize what they see. Here taking actual sensitive documents can provide a wealth of information that can be reviewed and dissected for personal gain. This financial company has a Service Level Agreement (SLA) or similar binding contract
with their clients “not” to share their personal information with anyone outside the company. The
legal implications to data breach can ruin this company. From a legal perspective, every state has
its own laws regarding the safeguarding of data such as California’s AB 1950; which outlines what security procedures and practices must be followed to protect personal information. “The likelihood and severity of the fines vary depending on the level of breach, number of individuals affected, and regional jurisdiction” (Shaw, 2021). The company would also be “exposed to regulatory penalties and private lawsuits” (Springmeyer, 2021). In the end, the company can go bankrupt due to the amount of money that it would have to spend paying the legal fines and settling the lawsuits; not to mention that fact that no other company would ever want to put their data in their hands due to the bad reputation. The fact that the financial analysts in this company are not aware of what is going on around them could be credited to the fact that they are too busy doing their assigned roles. However, I believe that the lack of security awareness training is major contributor to what is going on. This organization has to implement security awareness training to ensure that every single employee knows the importance of security, data handling and storing, and the role of the company as a whole to its customers. Employees have to be trained on regulatory compliance and legal requirements. These employees must be reminded to be vigilant of suspicious behavior such as the looking out for people shoulder surfing or people taking sensitive documents from the destroy pile. Certain additional security rules have to implemented to help reduce the risk of data leaks such as ensuring that someone monitors the cleaning team as they perform their duties,
and destroying sensitive documents placed in the “destroy bin” every evening before the close of
business. Implementing security awareness training could greatly enhance this company’s ability
to maintain sensitive data secured by ensuring that its employees know and follow the established security guidelines and protocols.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
References:
Kim, D., & Solomon, M. (2016). Fundamentals of Information Systems Security, (3
rd
Ed), Jones & Bartlett Learning.
Shaw, R. (2021). A look at the Legal Consequence of a Cyber Attack. TRIPWIRE
, Retrieved
11 June 2022, from https://www.tripwire.com/state-of-security/featured/
legal-consequence-cyber-attack/
The Human Factor: The Hidden Problem of Cybersecurity. CYDEF
, Retrieved 11 June 2022,
from https://cydef.ca/blog/the-human-factor-the-hidden-problem-of-cybersecurity/.
Wu, S. (2022). Data Security Breaches: A Legal Guide to Prevention and Incident Response.
Silicon Valley Law Group. Retrieved 11 June 2022, from https://www.svlg.com/data-security-breaches-a-legal-guide-to-prevention-and-
incident.html
.