Information Security Risk Assessment

Central Car Supply has the potential of facing many security breaches. Conducting an information security risk assessment would enable the company to identify the threats and vulnerabilities related to their operations. A systematic approach to information security risk is essential for identification of the organizational needs with regard to information security requirements and to develop an effective information security management system. The security effort should address the possible risks that the company might face in a timely and effective manner. Risk assessment is the first process in any risk management program because it helps identify the relevant risks and offer appropriate controls to reduce or eliminate the risks identified.

Some of the risks to the information security of Central Car Supply include social engineering. The employees may be manipulated to perform actions or divulge confidential information for malicious intentions. One good example is phishing.The company also discloses its passwords and information to its employees for effective operations. However, this poses a significant risk to the security of the information system. Another risk is access to the network by unauthorized individuals. People with malicious intentions can hack into the system to steal data for personal gain or harm the organizations. Errors in maintenance can also put the organization at risk of data breach. Others risks include equipment malfunctioning, destruction of records, theft of hardware, or disasters such as fire, sabotage, tampering, and vandalism, etc. In the Central Car Supply, there are valuable assets that can be potentially harmed by threatsin a manner that may result in monetary loss. These assets include servers, website, trade secrets, customer credit card data, client contact information. Many office employees possess mobile devicesfrom which they can access the company’s information system and emails.

Some of the vulnerabilities that can cause a security breach within the information security systeminclude an outdated system, use of wireless devices, malicious mobile applications, cloud-based file sharing tools, Bring Your Own Device (BYOD) concept, and human error. A data breach can occur from within the organization or perpetrated by external individuals.The company has some old equipment and systems, problems with software configuration or design, e.g. excessive access permissions and human factors such as careless or untrained staff members.

Security Risk Controls

To help control the security of the information system, it is essential for the company to update its system application and ensure encryption of the data. The company should also set clear information security policy and procedures that the employees must understand and adhere to. Creating a stronger password would minimize or prevent unauthorized access into the company’s system. The company should consider installing standard security measures including firewallsto regulate access to the internal network, put antivirus software to protect against external malicious attacks and install an intrusion detection system that can detect any intrusion attempt and insider attacks. Creating and implementing an extensive data handling proceduresbased on the company’s policies would help reduce the chances of data leakage. Strict rules on data handling should be created followed by proper training to inform the employees about what is expected of them. Access control, strong encryption, as well as device control,  would be the best approach to preventing access to sensitive data by unauthorized persons.

Security Concerns Regarding Laid-off employees

Central Car Supply has many office employees with mobile devices that can access emails and systems. Because of the decrease in sales, the company intends to lay off around 5-10 employeesover the next month. There is a concern about potentially disgruntled laid-off employees hurting the company. The potentially laid-off employees can use the opportunity to revenge against the company. The laid-off employees can destroy property within or outside the company, initiate theft of property, products or money, destruction of computer data and files, initiate blast emails to customers or supplier list, or start physical violence against the managers or the remaining employees.

To mitigate these concerns, the company should ensure that it lists the items that should be collected from the employees like security badges, cell phones, and computersbefore making the announcement. At the same time, it is essential to contact vendors, customers, suppliers, and other stakeholders to inform them that individual employees would no longer be working for or represent the organizationavoids any employee mischief that can damage the company. It is also important to change passwords to sensitive data that the laid-off employees had access to. Notifying the employees one by one about their layoff can give them time to access their computers and copy, forward, delete, or destroyvaluable data and files. The security department should, therefore, terminate computer passwords at a given timeand install new passwords for the remaining employees.

References

 
Do you need high quality Custom Essay Writing Services?