This website uses cookies to ensure you have the best experience. Learn more

Security Controls Essay

687 words - 3 pages

List and describe the security controls in place. Where are the weaknesses?
TXJ Companies’ security controls were very weak. The organization used the Wired Equivalent Privacy (WEP) encryption system, instead of upgrading to Wi-Fi Protected Access (WPA), apparently because beefing up security wouldn’t “provide a clear return on investment” (Laudon & Laudon, 2009, p.263). This means that what encryption the company did use was weak and easy to crack. Although it sounds as if firewalls were used to protect the main databases, the wireless networks used in TXJ’s retail stores did not have firewalls or data encryption on many of their computers, and there was no firewall separating the ...view middle of the document...

Once transactions were completed, this sensitive data needs to be removed from the company’s database. Basically, TXJ Companies needed to comply with PCI regulations.
What was the business effect of TXJ’s data loss on TXJ, consumers, and banks?
                Unfortunately, it seems TXJ received less of the impact than the banks involved. The banks that issued the credit and debit cards that are being fraudulently reproduced as a result of the TXJ (lack of) security breach are responsible for refunding the card owners for fraudulent purchases and replacing the compromised cards. This is clearly unfair and, as a result, TXJ Companies is facing lawsuits by those banks hoping to be compensated for the losses, as well as the consumers who have been affected. In addition to the inconvenience caused by stolen credit cards, hundreds of thousands of TXJ customers have also had personal information stolen that could result in identity theft. While the direct impact to TXJ Companies was not as harsh as it was on the banks and consumers, the long-term results are much more devastating....

Other Papers Like Security Controls Lab Cnaa Essay

608 words - 3 pages site provides multiple resources, including a list of the top 20 Critical Security Controls for Effective Cyber Defense and the weekly @Risk: The Consensus Security Alert newsletter. This newsletter details new network attacks and vulnerabilities. In this lab, you will navigate to and explore the SANS site, use the SANS site to identify recent network security threats, research other websites that identify threats, and research and present the

Information Security Evaluation Essay

633 words - 3 pages company. Around 2008 to 2009, a consortium of security specialists from the United States government, private industry, and international organizations generate a list of the 20 most critical security controls against threats on the Internet. Transferred in 2013 by SANS Institute the list is to assist network administrators with the most developed Internet security faults (SANS Institute, 2000-2014). This list was intended for network

Administrative Controls

1217 words - 5 pages | Administrative Controls | | | Administrative controls are basically directives from the senior management that provide the essential framework for the organizations security infrastructure. Administrative controls consist of the procedures that are implemented to define the roles, responsibilities, policies and various administrative functions that are required to manage the control environment as well as necessary to oversee and

It Audit Guide

4838 words - 20 pages 2.4. Selecting an Information System’s Security Controls 7 3. Purpose of the Checklist 8 4. How to Use the Checklist 8 4.1. The Checklist Structure 8 4.2. Security Objectives 9 4.3. Guidance for IRAP Assessors 9 4.4. Information System Compliance 10 5. Guidance for IRAP Assessors 10 6. The Checklist 11 6.1. The Information Security Policy & Risk Management 11 6.2. Information Security Organisation 14 6.3

Risk Managment

769 words - 4 pages , availability, authenticity, or accountability. The output of the risk assessment will determine the actions for managing security risks and for implementing the appropriate controls needed to protect the company assets. The risk assessment process consists of the following tasks: • “Identify business needs and changes to requirements that may affect overall IT and security direction. • Review adequacy of existing security policies, standards

Unit 3 Discussion 1: Access Control Models

407 words - 2 pages Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Discretionary Access Controls should be used in this scenario because the company is small and not in need of high security environment. This solution is the simplest to maintain and monitor for a small business. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees

Linux Security

448 words - 2 pages recognized best practice framework for an information security management system. It helps you identify the risks to your important information and put in place the appropriate controls to help reduce the risk. • Identify risks and put controls in place to manage or reduce them • Flexibility to adapt controls to all or selected areas of your business • Gain stakeholder and customer trust that their data is protected • Demonstrate compliance and gain


379 words - 2 pages desktop services to remotely access the TargetWindows01 server. Finally, you tested the security layers you placed in the previous parts of the lab by using each new user account to access and modify the nested folders on the remote server. Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective security program for information systems? 2. Of these three fundamental controls, which two are used by the Domain


2232 words - 9 pages organization is safe. The data in these files must be protected from errors or tampering whether intentional or accidental. Hardware Security The computer hardware is not only important to the processing of the information but is also a valuable fixed asset for the company. Therefore controls for the protection of the hardware must be put into place. Computer hardware must be placed in a secure area where the access to it is limited only to those who

Internal Control System Justification

672 words - 3 pages Internal Control System Justification Brandy Ritz ACC/445 May 5, 2014 Bunney Schmidt Internal Control System Justification Internal controls are a good way to keep records up to date and valid. Insurance and portfolio approaches are great to have set in place for risk management, but a system of controls would provide extra security with the books. Below is an overview of insurance and portfolio approaches along with why internal

Computer Science Xyz Company

1026 words - 5 pages About Organization: ABC Inc. is a leading telecom provider with a customer base of over million of users. It provides all the telephone and internet services to its customers. Management Controls Risk Management ABC Inc. is ready with the disaster recovery technique, so the risks can be handled in the organization with care and proper management; they are also maintaining a risk assessment report. Review of Security Controls They

Related Essays

Testing And Monitoring Security Controls Essay

776 words - 4 pages Testing and Monitoring Security Controls In the grand scheme of things security controls, in a nutshell, are in place to prevent security breaches. Security controls are safeguards or countermeasures to avoid, counteract or minimize security risks relating to personal property, or computer software. So anything that has to do with accessing sensitive information with the intent of using it maliciously is considered a security risk. Things that

Administrative Controls Essay

606 words - 3 pages would lead to an absence of standards. Projects within the IT department would be disparate and security measures would differ from system to system resulting in an incompatibility of systems. This incompatibility would ultimately result in a vulnerability to the project, creating a threat to the organizations network, and placing the information that the organization handles at risk. Administrative Controls set the framework in which projects within

Access Control Methods For Companies Essay

614 words - 3 pages control mechanism for most desktop operating systems. Which is appropriate for the company because they are desktop dependant. This allows for enforcement of a good security policy. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. For this scenario I would implement Role Based/ Software controls. With software controls you can determine who has the

Cap Study Guide Essay

5295 words - 22 pages maintained for an information system and in many organizations is assigned responsibility for the day-to-day security operations of a system? a. Information System Security officer 4. Who is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls? a. system owner, and/or