You are an Information Security Officer for a small company in the retail sector

Question

You are an Information Security Officer for a small company in the retail sector. Your company accepts credit cards, and sells products that are manufactured abroad. About 60% of your corporate sales are via the company’s web site. Please describe the security measures that you would take to provide basic security and regulatory compliance for your company.

You are a contractor doing development work for a school district. Some of the information that you are handling is for the school infirmary, and has the immunization and annual physical data for the student body. What measures must be taken to protect that information, and how does it differ from the student grade and contact information?

Explanation / Answer

security measures for website:

1. enable TLS/SSL on whole site, if noth at least for cart pages and transaction pages

2. isolate database connection to a server that is only internally accisble without a public endpoint.

3. enable session timeouts for users

4. enable strict cookie policies to ensure no session hijacking is there

for school:

the data is HIPPA in nature so we have to enable all the strict measures as

1: encrypt the data at rest with at loeast AES 256

2 encrypt data in motion via encrypted VPN tunnels

3 enable password accesss and user access policies for restriction of data viewing

student gared are not hippa so they dont require such strict measures.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.