Week 1 Discussion Question

Week 1 Discussion Question

Your boss mentions that recently a number of employees have received calls from individuals who didn’t identify themselves and asked a lot of questions about the company and its computer infrastructure. At first, he thought this was just a computer vendor who was trying to sell your company some new product, but no vendor has approached the company. He also says several strange e-mails requesting personal information have been sent to employees, and quite a few people have been seen searching your company’s trash dumpsters for recyclable containers. Your boss asks what you think about all of these strange incidents. Respond and be sure to provide recommendations on what should be done about the various incidents.

Directions:

· Students are required to post one original response to the discussion questions each week, as well as a response to one classmate. Original responses should not be a word for word rehashing of what is stated in the readings, but rather an integration of the concepts and additional insights, either from real world experience or additional sources. It should be a 250 word response to the question each week by 11 p.m. on Wednesday evening. Your primary posting may end with a tag-line or a related question of your own. Between 1 a.m. on Thursday and 11 p.m. on Saturday, you should have done your secondary posting. Your secondary posting is a response to one classmate’s post. Each answer/response should be supported with research. Responses to classmates should not be “I agree” or “I like the way you stated that.” These responses should again be insightful, offering an opinion or facts based on your research and experiences. The response to one classmate should be a minimum of 125 words. See APA criteria for citing resources. You must provide a minimum of a reference, in APA format, in your original response.

Discussion Provided is below : Needed response for the below as well

Discussion 1

by Sudheer Reddy Tokala – Saturday, 7 July 2018, 4:24 AM

From the discussion, it is obvious that an outsider is trying to fetch the company’s sensitive information in multiple ways. It is clear that the outsider is doing an identity theft, pretending as a computer vendor, using phishing method to fetch information about the company’s employees and also looking for the physical company related documents in the company’s dumpster.

Thus, an organization should must maintain and follow various security measures in order to protect its data. Similarly, in this discussions scenario, the company has to take the following measures to avoid any data and security breaches:

1. The company should train every individual, not to disclose any of the company’s information, until the caller is identified. In the given scenario, it is clear that the company is not expecting any calls from the computer vendor. So, any person who is taking the call must verify the caller and must contact his/her supervisor about the caller, before disclosing the company’s infrastructure. The company should also implement the role based access controls, which means, not every person has access to all the information (sans.org, 2016).

2. In order to avoid any security threats via emails, the company should have a strong firewall and should filter any suspicious emails from the unknown senders and/or categorize them as spam. The company should bring the awareness among the employees regarding the possible security threats and train them on how to react to those threats. The network team should scan the company’s network more often to identify the vulnerabilities and constantly apply the security patches and updates (waterisac.org, 2016).

3. Employees must shred any document that may contain any sensitive information about any individual or company before disposing them into recyclable containers.

Finally, no matter how complex and secure infrastructure the company maintains, the security threats are inevitable, in one way or the other. So, its organization’s responsibility to keep its infrastructure and its employees and customer’s data secure from the vast forms of security threats in this, always evolving, world.

References

Laskov, P. (2018). Introduction to Computer Security: Security Principles, Vulnerabilities and Threats. Retrieved from,

http://www.ra.cs.uni-tuebingen.de/lehre/ss11/introsec/02-principles.pdf

sans.org. (2016). Guarding Beyond the Gateway: Challenges of Email Security. Retrieved from,

https://www.sans.org/reading-room/whitepapers/analyst/guarding-gateway-challenges-email-security-36597

waterisac.org. (2016). 10 Basic Cybersecurity Measures: Best Practices to Reduce Exploitable Weakness and Attacks. Retrieved from,

https://www.waterisac.org/sites/default/files/public/10_Basic_Cybersecurity_Measures-WaterISAC_Oct2016%5B2%5D.pdf


Comments are closed.