Group 1 Failures in Data Security Management

Group 1
Failures in Data Security Management

Introduction
Data Security helps ensuring privacy, and
protecting personal data. In this century,
although data is very important to the
business of corporate, they did not put the
data security in high priority, and the
budget was also very little. Data security
breaches were happened so often in
those corporate.

Corporate background
• Lowe’s
US-based chain of retail home improvement and appliance stores
In 2007, Ranked 48 on the FORTUNE® 500
• TCI (Teledata Communications Inc.)
The leader in affordable browser-based loan origination software
and background check software for small and mid-sized businesses
• Bank of America
The largest bank by assets and second largest commercial bank by
deposits and market capitalization in US
• ChoicePoint
Date aggregation company in US

Problem of the four
companies
• Lowe’s – Hardware Issue
Lack of Internet security
Network open to anyone
No Laptop access control
• TCI – Human Issue
Employee lack of ethical knowledge and
responsibility
Security policy and procedure

Problem of the four
companies
• Bank of America – Data security issue
Valuable data without protection
Customer data without encryption
• Choice Point – Technology issue
Unreliable safeguards
No customer data checking

Preventive
Measurement
• Security Policy - Acceptable use policy (AUP)
guideline in details to enhance employees’
ethical knowledge
rules to restrict users or employees
allowable to use or access the local network
and Internet
approved by CIO and signed up by all
employees
definitely not allowed to use
client’s password

Preventive
Measurement
• Securing the Wireless Network and WiFiequipped
device
publish a Coverage Map of the Wireless
Network
access tracking in handling a security incident
protect the entire WiFi network
perform regular checking of log records
prevent the criminal to the network

Security Measurement
• Data Encryption System
protect its data and to prevent the crime
happened in the data loose
make data unreadable to unspecific party
key must be kept secure
prevent data against the threat of
lost or stolen

Security Measurement
• Security Audit
checking process of security measure
find out current environment is securely
protected
examine and analyze safeguards
failure to fulfill the security audit in Choice
Point
failure to find out unreliable
safeguards

Data Security
Management
• consideration of the preventive and
security measurements
• work out the solution
• prevent the unexpected crime
• protect valuable customer data
• responsibility of each employee in the
organization

Latest Development –
Lowe’s
Lowe’s
• Standard methods
• Secure Sockets Layer
• Verisign digital security certificate

Latest Development - TCI
TCI
• IP address restrictions
• Time restrictions.
• Limit user access by function.
• Data encryption.

Latest Development -
ChoicePoint
A.Inventory and Limit Access to Sensitive
Consumer Information
B.B. Credential Customers, Employees, and
Vendors
C. Establish Corporate Accountability
D. Execute Policies, Procedures and
Guidelines
E. Self Regulate Through Audit and
Compliance

Latest Development -
ChoicePoint
F. Implement Technology Solutions
G. Train and Educate Associates
H. Enhance Internal and External Outreach
Program
I. Transparency with Consumers

Latest Development -
Bank of America
• Credit Protection Plus
• Photo Security
• Safety Tips
• Demos and Guides