|Type of paper:||Course work|
The frequency of occurrence of internal and external data leaks in organizations has dramatically increased in recent years. It is essential for every company to protect its data from both external and internal threats for its future prosperity.
Apart from the normal security measures embedded in the Payment Card Industry Data Security Standard (PCI DSS), the company will need to implement more security measures in their external website to keep hackers as well as other external threats. Among the proposed enhancements to the security system of the company's website include:
The company will require a two factor authentication system to secure sensitive company data. These will render stolen credentials meaningless to ill-intending individuals as well as allow the flexibility to develop and accommodate access workflows for all groups (clients, staff as well as suppliers and vendors).
It will also be essential to integrate a Single Sign On system backed up by the strong authentication system. An SSO will play a key role in ensuring minimum exposure to risks while at the same time increasing the ease of accessing the system for authorized personnel.
For the organization's most critical data, a biometric authentication system could be implemented to protect critical information. The levels of access will also need to be well defined for extra security.
An effective authentication system incorporates identification and authorization.
Internal Website Security
Digital Hygiene Training programs - these will be aimed at equipping employees with requisite knowledge to refrain from errors that could expose company data to spam or phishing in their day to day online activity. This can be effected by letting company staff know of the dangers associated with opening emails or atttachments whose source they are nt aware of.
Caution over social media usage - Most hackers often use employee data obtained from social media to gain access to a company,s information system. It is therefore imperative that the company
Upgrades to the external website
These will include: Back up and redundancy, Compliance to PCI regulations, encrypton, DDos protection and firewalls.
Remote Access Solution
For the company's remote access activities, a cloud computing network was proposed. A cloud computing network will allow easy sharing of files across offices in a virtual office setup. The benefits to be accrued include cost benefits and increased flexibility.
Ensure that management data is separate from user data
Distinguish the native VLAN from user VLAN's
Refrain from using the dynamic auto or dynamic desirable modes in the ports.
Laptop security configuration, Application policy recommendations
Ensure all software is up to date - outdated software is one of the most used weak points in a company's data security system among hackers. Keepng updated software will play a key role in protecting company data from hackers.
Strong passwords for each site and application used - Passwords are the primary security feature for most systems. It is therefore basic knowledge that passwords protecting critical company data be strong and also be kept safe.
Beware of SQL injections - Parameterised queries could go a long way in aiding avoid SQL injectons.
Protections from XSS (Cross-Site Scripting) attacks - A content security policy will be essential in the implementation of this.
Awareness on error messages - Minimize the information provided in error messages to avoid attacks such as cyber injections.
Cite this page
Free Paper Sample: Security Infrastructure Design for a Retail Company. (2022, Jun 20). Retrieved from https://speedypaper.com/essays/security-infrastructure-design-for-a-retail-company
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Free Essay on Computer Security Auditing
- Free Essay with Questions on Border Security
- Free Essay: The Laws, Rules, and Principles Governing the Use of Force under International Law
- Al-Shabaab and US National Security - Free Essay for Everyone
- Cybersecurity Essay Sample: Definition, Cyber Threats, Cyber-Attacks
- Essay Example on Handmade Company's Network Management and Security
- Essay Sample on Hacking Theory