Newtorking

Security Breaches

DeVry University

6/3/12

Risk Management

In large companies and organizations today there are multiple ways for an attacker to gain access to information that he or she should not have. In these companies that have experienced a loss at or time or another had to come up with a risk management policy to inform future customers that there information would not we as easily accessible as before. Risk Management has multiple layers to it, starting with what information was lost and how to prevent this from happening again.

As an Information Security Engineer your primary goal is to implement new security features within a company that will secure the customer(s) information at the fullest. In larger company’s customers expect higher forms of security of their information. When information is stolen from individuals whom should not be allowed to access, future customers grow slim. In this case you should create new ways to keep this information secure.

The largest known way to keep something secure on a PC is a password. With individuals getting more intelligent with how a PC works they find ways to get around a password. When someone can physically touch a PC they have all power to access any information they need. So, the security needs to start from outside the computer. As an engineer I would start with a proximity card. A card that stores a security key within that only gives access to the person with the card. This is not fool proof though, the card can land into someone’s had that should not have it. The next implementation that should take place is a security camera on the PC’s that hold the important information. The cameras would be monitored by the loss prevention department.

The information in which we are securing should be only accessible to certain employees. As a manager the positions needing to be taken place is to designate these certain employees with the rights to access the secure information. Allowing all...