Wk 4 - Apply_Devils Canyon Part 1
docx
keyboard_arrow_up
School
University of North Carolina, Charlotte *
*We aren’t endorsed by this school
Course
3300
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by ChefWorld11126
1
Devil’s Canyon, Part 1
University of Phoenix CMGT/582
Ellen Gaston
February 6
th
, 2024
2
Devil’s Canyon Part 1 Security is a vital concept that comes in all shapes and forms. At Devil’s Canyon we put security our top priority. Its crucial that we understand the relationship and difference between security policies and security plans. Many people confuse these two concepts while both handle the security of an environment. Security policies is a document that “spells out the rules, expectations, and overall approach that an organization uses to maintain the confidentiality, integrity, and availability of its data.” (
Grimmick, 2023)
While Security Plan is when an organization identifies which assets require protection and the types of risks that could compromise those assets
. (Grimmick, 2023) Devil’s Canyon will need both processes implemented to ensure that customers feel protected when it comes to visual that will be taken and making sure those visuals are protected and not wrongly distributed to the wrong people. In order to do this, we will need to implement a security policy where customers are aware such as notifying customers where cameras are and the what the camera are recording, getting written consent from customers of how and where their images and video will be used for this way, they have a option to opt out if they want. Security Plans To have an organization compliant and secure a security plan must be implemented to ensure that data is protected. The goal for a security plan is to develop a strategy for the information and procedures that are developed as part of process and be used for data classification, risk management and threat detection and response.
(Habte, 2022)
This plan covers
all areas which Devil’s Canyons also requires that way we are compliant, and all risks are taken account for so that way we are prepared to remediate any issues that might arise. We will be covering the top five security threats that Devil’s Canyon can encounter because of the videos
3
that will be recorded. The first threat is which many times is overlooked is the internal people who have access become a threat and this can be done by individuals who have access the system, but they are not authorized, some might steal the content or sometimes you might end up
with disgruntled employees who harm and misuse the system. The second threat is physical tampering of the video equipment that will be installed at the slopes because this area will have many people going there is threat of people stealing, tampering and disconnecting the equipment. The third threat that can happen is not maintaining the systems and having a vulnerability open where attacker can take over and get access to the videos. The fourth threat is implementing false information in the recording and exploiting the person with it. (RoboticsBiz, 2023)
The last threat is Data Leakage, an attack can access the cameras and storage systems to leak the videos of people to the web without their consent and demand ransom. (RoboticsBiz, 2023) (Image 1.1: ARMS Reliability: Beyond the Risk Matrix
, n.d.)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
All the threats that have been discussed above we will be evaluating the risk and the impact if this threat by utilizing Image 1.1
. Unauthorized access to the system and the likelihood of this happening can be measured Medium High if someone were wanting to get back. The second threat which is the physical tampering of software, hardware, smart lift and web cam systems is and the likelihood of this happening is likely which can be measured at high significance with all equipment being in the cloud and connecting to the internet. The third threat
of vulnerabilities in the system that has occurred and the likelihood of it occurring is possible can
be measured at Low Medium. The fourth threat which is falsifying the video content with the likelihood of it being unlikely. This can be measured at Medium low. Lastly, data leakage this is high impact if this would occur at Devil’s Canyon and would be measured at High Severity. Conclusion
At Devil’s Canyon it is our responsibility to make our customers aware and ensure that there data will is highly protected and they should not worry at all of connecting to the internet, or the videography taken at the resort all data will be accessed and the risk will be managed through our detailed security plan and security policy.
5
References
ARMS Reliability: Beyond the risk matrix
. (n.d.). https://www.armsreliability.com/page/resources/blog/beyond-the-risk-matrix
RoboticsBiz. (2023, March 1). Common threats and attacks against video surveillance cameras
. https://roboticsbiz.com/common-threats-and-attacks-against-video-surveillance-cameras/
Habte, F. (2022, March 8). What is Security Management? Check Point Software. https://www.checkpoint.com/cyber-hub/network-security/what-is-security-management/
#:~:text=Purpose%20of%20Security%20Management,and%20threat%20detection
%20and%20response
.
Grimmick, R. (2023, April 6). What is a Security Policy? Definition, Elements, and Examples. What is a Security Policy? Definition, Elements, and Examples
. https://www.varonis.com/blog/what-is-a-security-policy