Group 1 Failures in Data Security Management

comp.polyu.edu.hk

Group 1 Failures in Data Security Management

Group 1

Failures in Data Security Management


Introduction

Data Security helps ensuring privacy, and

protecting personal data. In this century,

although data is very important to the

business of corporate, they did not put the

data security in high priority, and the

budget was also very little. Data security

breaches were happened so often in

those corporate.


Corporate background

• Lowe’s


US-based chain of retail home improvement and appliance stores

In 2007, Ranked 48 on the FORTUNE® 500

• TCI (Teledata Communications Inc.)


The leader in affordable browser-based loan origination software

and background check software for small and mid-sized businesses

• Bank of America


The largest bank by assets and second largest commercial bank by

deposits and market capitalization in US

• ChoicePoint


Date aggregation company in US


Problem of the four

companies

• Lowe’s – Hardware Issue

Lack of Internet security

Network open to anyone

No Laptop access control

• TCI – Human Issue

Employee lack of ethical knowledge and

responsibility

Security policy and procedure


Problem of the four

companies

• Bank of America – Data security issue

Valuable data without protection

Customer data without encryption

• Choice Point – Technology issue

Unreliable safeguards

No customer data checking


Preventive

Measurement

Security Policy - Acceptable use policy (AUP)

guideline in details to enhance employees’

ethical knowledge

rules to restrict users or employees

allowable to use or access the local network

and Internet

approved by CIO and signed up by all

employees

definitely not allowed to use

client’s password


Preventive

Measurement

• Securing the Wireless Network and WiFiequipped

device

publish a Coverage Map of the Wireless

Network

access tracking in handling a security incident

protect the entire WiFi network

perform regular checking of log records

prevent the criminal to the network


Security Measurement

Data Encryption System





protect its data and to prevent the crime

happened in the data loose

make data unreadable to unspecific party

key must be kept secure

prevent data against the threat of

lost or stolen


Security Measurement

Security Audit

checking process of security measure

find out current environment is securely

protected

examine and analyze safeguards

failure to fulfill the security audit in Choice

Point

failure to find out unreliable

safeguards


Data Security

Management

• consideration of the preventive and

security measurements

• work out the solution

• prevent the unexpected crime

• protect valuable customer data

• responsibility of each employee in the

organization


Latest Development –

Lowe’s

Lowe’s

• Standard methods

• Secure Sockets Layer

• Verisign digital security certificate


Latest Development - TCI

TCI

• IP address restrictions

• Time restrictions.

• Limit user access by function.

Data encryption.


Latest Development -

ChoicePoint

A.Inventory and Limit Access to Sensitive

Consumer Information

B.B. Credential Customers, Employees, and

Vendors

C. Establish Corporate Accountability

D. Execute Policies, Procedures and

Guidelines

E. Self Regulate Through Audit and

Compliance


Latest Development -

ChoicePoint

F. Implement Technology Solutions

G. Train and Educate Associates

H. Enhance Internal and External Outreach

Program

I. Transparency with Consumers


Latest Development -

Bank of America

• Credit Protection Plus

• Photo Security

• Safety Tips

• Demos and Guides

More magazines by this user
Similar magazines