Professional Documents
Culture Documents
Communicating A Security Strategy
Communicating A Security Strategy
Your name
Instructor
Course
Date
Running head: creating and communicating a security strategy.
Memorandum.
DATE: 25/10/2018
Retailers are facing a new era in the forces of social media, channel shopping and
payment technologies that are transforming the industry (Bayuk, 2012). Java is a retail shop
within TRM mall. The business has several computers assigned to designated workers. To
enhance efficiency in customer services it uses a point of sale system that is networked. Each
employee has a username and a password. Each employee has an identity in form of a number,
then a password that is user dependent. When admitting a new employee, it is the responsibility
for the technical assistance team to create the account for the employee and then on new
interaction with the system, the system demands that they change their password before full
activation of the account. The business also offers delivery services on payment.
Sales are made using four computers at the point of sale. Employees take turns and when
they want to make a sale, they always have to log into their accounts. After a successfully log-in
the employee can proceed to scan of the product code to make a sale, the system recognizes the
code and assigns the price of the product. The customer provides a means of payment, the means
of payments supported are cash, mobile money transfer, or plastic money. If the products exceed
the customer’s budget, they shall have to be returned to shelfs. But before shelfing, the head the
Running head: creating and communicating a security strategy.
chief accountant should verify. Since employees work in shift, they can randomly choose a
system when on duty. The system is distributed and administrative actions and network
Since the system distributed and uses a networked database that is updated from the user
accounts, this leaves a vulnerability. The business accepts mobile money transfer, and plastic
money it leaves the vulnerability due to the emergence of fake credit cards and fake mobile
payment codes. The point of sale is vulnerable due to increased marketplace for stolen cards,
lack of point security encryption, software vulnerabilities, and systems susceptible to malicious
code. The computers are run by different accounts since employees work in shifts initial user
account that was active might be misused by fellow staff. Moreover, shared passwords might
result in illegitimate log in and transactions. The business also uses a shared network that is used
by other businesses within the mall, this makes the system vulnerable to internal attacks by other
individuals within the network but not necessarily within the business. Since most of this issues
can be handled, creating awareness might be the basis of closing the vulnerability. These
problems have resulted in consumer disappointments, mobility, digital influence that has resulted
to degradation of local loyalty. This can be made simple by the use of security policies.
Security policy.
P1/018: Training; based on security chain people are identified to be the weakest in the security
chain. It will be compulsory for all new employees to undergo training on admission to be
informed about the security measures and precautions this being a networked system and is
susceptible to internal attacks. Every employee must undergo information security training
before resuming their activities within the organization with the support of the management.
Running head: creating and communicating a security strategy.
P2/018: password management; After admission, each employee must change the account
default password to his choice of characters that is subject to expire after every 3 months and the
similar password shall not be valid on renewal. In case you forget the user password, it will be
the responsibility of the technical team to reset the password after the presentation of a duly
filled application that is subject to validation signatory by the clerk. Any issues should be
addressed to the technical team and respective users shall be held liable for any account activity
unless otherwise.
P3/018: Intruder detection system; due to flaws that exist in the point of sale system, it will be
compulsory for the business to install an IDS. IDS shall be able to detect any irregular pattern or
matching addresses of suspicious systems that had been marked. This shall create an alert and
enable the team to block this suspicious system from attack. Any malicious activity detected
P4/018: Firewall; The business network system and POS computers must be secured with
firewall, this will block unauthorized intrusion into the system. It is the responsibility of the
technical team to install this system, update, and ensure that they are in a healthy state of
working. Occurrences of any malicious activity detected by the firewall must be reported
immediately, it will be the responsibility of the technical assistant team to address the issue and
shall be liable for any issues that arise due to ignorance. Each staff must check if their system is
P5/018: Password policy; Sharing of passwords shall NOT be allowed among staff. Each staff
is allocated with a user account and under no condition should another staff request to use other
accounts unless with authorized permission from the management. In case of any issues that
might arise from the account, the account holder will be held liable. Remember, you must ensure
Running head: creating and communicating a security strategy.
that you log out when taking shifts, any negligence that will result in compromise of personal
account shall be addressed to the account holder and held responsible for that activity.
P6/018: Software installation; No software installation by the staff shall be allowed unless the
technical team. Installation shall only be limited to the technical team accounts. The technical
Standards.
Password characteristics; a standard password must have numerical, symbol, letters and
at least one capital letter to be validated. This will enhance the strength of the password and
reduce the risks of being user account being compromised. A password that shall not have these
Information security standards; the systems must attain all information security standards
including the use of passwords to ensure that user accounts are secure.
Network administration; to mitigate the chances of being attacked, the network must be
secured by the firewall and an intrusion detection system. This shall enable the system to detect
malicious activity over the network and alert the technical team who shall respond accordingly
(Robertson, 2012).
Firewalls; all systems must have a firewall and an antivirus software that is up to date to
before it is administered. This shall ensure that the system is secured at all times.
Running head: creating and communicating a security strategy.
Practices.
Passwords; every employee must secure his/her account with a password that meets the
organization set standards to enhance the security of their personal accounts. The passwords shall
expire after every 3 months where the system shall demand that the user renew the password.
Network management; the network system shall have only a list of allowed devices to
connect to the network, the technical team shall allow this system on the basis of their addresses.
This shall help reduce the chances of unauthorized intrusion into the system.
Software updates; antivirus programs and firewalls must be updated at least once a
month to ensure that the system conforms to the basic information security requirements. The
technical staff shall check to ascertain that all these systems are updated. The IDS must be
Installation of software; only scanned software shall be installed in the systems. This
shall help to reduce chances of installation of malicious systems that might compromise the user
I expect the cooperation of the staff and the management to adhere to this policies, standards,
and practices.
Thank you.
Running head: creating and communicating a security strategy.
References
Bayuk, J. (2012). Cyber security policy guidebook. Hoboken, N.J.: Wiley.
Booth, D. (2015). Information security management: policies and standards. Engineering &
Robertson, R. (2012). Security Auditing: The Need for Policies and Practices. Journal Of