Risks, Standards, and Procedures / Enterprise Security Strategy Plan Instruction

Question

Risks, Standards, and Procedures / Enterprise Security Strategy Plan

Instructions: In NO LESS than 400 words, answer the following question.

Consider the company MARS, Incorporated as the subject of an Enterprise Security Strategy Plan. Use the company's business goals to base this work on.

The security awareness program for your company should include a time line of activities (such as security fair, or special “brown bag” meetings) and the types of communications (newsletters, placards, etc.) that would need to be sent to the users. Consider best practices for implementing your Enterprise Security Strategy Plan.

Identify at least 3 activities that would be part of your Enterprise Security Strategy Plan, and provide the following:

Approximate timing for roll out

Required communications

A brief explanation for choosing this implementation activity

BUSINESS GOALS OF MARS, INC. to doing secure business:

Introduce an e-commerce and digital marketing platform;

Avoid costs associated with repeated operating system upgrades;

Secure its operations and future by implementing an intranet that “effectively solves internal communication and efficiency challenges through improved business process and technology integration”;

Safeguard and reduce risk of high-value corporate data;

and Replacing an existing legacy security solution.

Explanation / Answer

Enterprise Security Strategy Plan

Activity 1:

For an E-commerce website, the most important security feature is to safeguard corporate user data. This can be achieved by putting in place strict security measures such as two step user authentication via emails and mobile One time passwords, blocking of any web requests coming in from suspicious IPs or users by implementing firewall systems or even biometric authentication in case of corresponding mobile applications for the e-commerce website.
Required Communication: Emails can be sent to users to enhance the security data required from the user.
Timeline: Incremental patches to be released over a period of time.

Activity 2:

Create an intranet framework for internal access and testing so that client data cannot be leaked by someone from within the organization. Everythingwithin the company should be hosted on the intranet rather than internet to prevent external frauds and create another layer for security which would not be exposed to the outside world.
Timeline: It would take almost 6 months to establish such a system

Activity 3:

Periodic learning sessions to the developers and security control team which would allow them to adher to the most recent security levels and also know about the latest trends used for further securing the systems. As mentioned above, Security fair can be organised twice a year for the entire company to let the employees know of the security measures taken by the company over the last 6 months. Frequent web based and classroom trainings for those interested in knowing about the latest in this domain. Frequent monthly mailers to be sent out to the users as well as employees stating the importance of using secure channels. Gathering constructive feedback from the users to enhance the portal and increase relaibility and usability.

Related Questions

Navigate

• Browse (All)
• Browse R
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.