Team Enterprise Security Plan Paper

Kudler Fine Foods Enterprise Security Plan

Team B

CMGT/430

18 Jan 2016

La Shanda Perry

Kudler Fine Foods Enterprise Security Plan

Kudler Fine Foods is acknowledged in San Diego as a leader in specialty foods with locations in La Jolla, Del Mar, and Encinitas. Kudlers loyal shoppers appreciate the shops line of domestic and imported foods, which attributes to Kudlers sustained success in providing some of the best gourmet foods. The company was founded by Kathy Kudler in 1998, when she recognized there was a market for fine foods in San Diego. Since 1998 the company’s growth has surpassed her expectations. With the companies continued growth there is a need to identify the organizations risk, vulnerabilities, and threat to their enterprise. For Kudler Fine Foods to maintain a competitive advantage above the competition is essential for the organizations to model and build a secure environment in which business processes and procedures can operate efficiently. The organization should uphold confidentiality and discretion and reassure the integrity and availability of organizational data. On order to meet these objectives the organization must implement the principles of risk management.

Risk Management Strategy

Team B consultants were appointed by Kudler Fine Food Risk to provide management services to analyze and document Kudlers assets. The senior Management is accountable for assisting the consultants with identifying and controlling the risks that can jeopardize the organizations operations. The information technology team plays a huge role in taking leadership in the risk management task. A main factor in the teams risk management plan is the identification, classification, and prioritization of Kudlers information systems assets. To assess the organizations assets consist of identifying assets together with the fundamentals of Kudlers information system. The dimensions of their information systems are the organization, people, and information technology.

Data and transaction security is of paramount importance to Kudler Fine foods and their systems. In the age of rapid expanding systems and networks from commercial to government organizations challenges of security issues are becoming the top priority. According to (Best Practices For Enterprise Security, 2013), the term “computer security” is a generalization for a collection of technologies that perform specific tasks related to data security. These technologies can be applied effectively to secure Kudler Fine Foods and to be effectively incorporated into the security plan. For the planning process there are proper implementation steps that need to consider: (Best Practices for Enterprise Security, 2013).

White papers are also used to focus on the different aspects of the plan. According to (“Search SOA”, 2001-2013) White papers are “articles that states an organization’s position or philosophy about a social, political, or other subject, or a not-too-detailed technical explanation of an architecture, framework, or product technology.”

  1. Gaining a detailed understanding of the risks
  2. Proactive analysis of consequences
  3. Countermeasures related to the security breach or risk
  4. Careful planning of the implementation strategy

These papers can be utilized to document and provide a better understanding of the plan. There are three categories that will be viewed for the security plan, security backgrounders, security primers, and security best practices. Security backgrounders deal with threats, strategies, and planning. Primers include entities, building block architecture, considerations for end users, and administrative authority. Best practice would include data security and data availability in the administrative authority, name resolution for administrative authority, IP security for local communication systems, data security, and data availability for end systems, monitoring, and auditing for end systems (Best Practices for Enterprise Security, 2013). These documents will give readers a solid solution plan in place to build their security strategy but also in the event there is no one to take charge during a threat or attack. Once the research is complete, the documentation is complete the team can focus on the next step of the security plan and move forward enhancing Kudler’s network.

Managing Risk and Mitigation

Once the consultants, IT team, and senior management determines the risks and security threats likely to put the organization at a competitive disadvantage, it allows the team to manage the risks. The team must determine which strategy to use and describe the risks that may happen from the vulnerabilities. The team will implement security controls that will eliminate or decrease any other uncontrollable risk factors. Mitigation is the management method that attempts to lessen, whereby planning, and preparation for the loss triggered by the manipulation of vulnerability. This method consists of incident response, disaster recovery, and business continuity.

Because typical small businesses spend three – five % of the IT budget on security and the average enterprise spends only eight% of the budget on security the team. They will look at ways to keep cost down and not increase the budget available for the IT team (Mathew J., 2007). There are techniques that can be utilized to help keep cost down yet maintain an effective mitigation plan. Targeting malware with automated defenses, such as antivirus updates regularly will help increase the effectiveness. Turning off PCs at night or closed hours will force boot ups at the start of day will make the machines run scans for malware as well as prevent off hours exploits.

Using Patches regularly will also increase security effectiveness. Vendors are beginning to move from a quarterly update to a monthly update. This would allow patches to fix weaker areas as fast as audits will increase the layers of security and respond quickly before a threat can expose a current weak area (Mathew J., 2007).

Educating users of more secure passwords will help keep unauthorized users from gaining access. Many users use weak passwords easily guessed or easy to obtain through social engineering that using tough passwords not a pet’s name or birthday will make it harder for hacker to uncover and gain unauthorized access to Kudler’s system. Setting a policy of changing passwords every 30, 60, or 90 days will prevent a hacker from attempting to exploit passwords on a certain PC over a period of (Mathew J., 2007). Another mitigation process would be to find an off-site backup site. Because property damage could happen at any Kudler location making it possible to obtain lost data through an off-site back-up would allow Kudler to recover from disasters quickly rather than becoming crippled at one or more of their stores. This will also keep disgruntle employees from exploiting Kudler by keeping the data access limited and prevent corporate secrets from being disclosed .

Probability of Risk and Impact of Risk

From some of the vulnerabilities chose for Kudler, the card access is one utilized to access the network and computers. The loss of a card (CAC) is a high probability because they are easily left behind or misplaced. Access rosters will benefit Kudler with at the door authentication. If a user is not on the access roster access is not granted. Vulnerability is biometrics continues to grow and more organizations the vulnerabilities grow will as well. Biometrics allows personnel access to certain confidential locations under lock and key. Video monitoring is a low probability because not everyone knows how to sniff into it.

Group polices and permissions can in a sense go hand in hand. With both of these mitigations for these two are to monitor the policies and comprehend the risks of giving certain users too much permission to anything. Strong passwords should have a combination of letters, numbers, special characters, and certain length. Making sure users update and change their passwords quarterly should be put into effect.

The team compiled a list of the most important vulnerabilities that could hurt the organization the most. Then matched up those we all agreed upon and discussed about which ones we did not agree upon. After we all agreed on our list, we discuss what steps we could take on how to mitigate for each vulnerability. There was not much to disagree upon on the mitigation part because there is only so much one can do to protect each vulnerability. The other vulnerabilities that did not make the top 20 because as a team we did not think they were that high on probability or impact. Not to say we would not have to address them later down the road.

References

Best Practices for Enterprise Security. (2015). Retrieved from http://technet.microsoft.com/en-us/library/cc750076.aspx

Mathew J., S. (2015). 10 Ways to Mitigate Your Security Risks. Retrieved from http://www.informationweek.com/10-ways-to-mitigate-your-security-risks/201806086?pgno=4

Search SOA. (2001-2015). Retrieved from http://searchsoa.techtarget.com/definition/white-paper

Whitman, M. (n.d.). Risk Management: Controlling Risk. : Cengage Learning.

Place an Order

Plagiarism Free!

Scroll to Top