baker week 8

.docx

School

Virginia State University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by jamelbaker

Report
Likely Shoe 1 JaMel Baker American Military University ISSC 421 8/23/2022
Likely Shoe 2 At Likely Shoe inc. we provide customers with top customized shoes therefore we deal with hundreds of transactions daily we need to adhere to many rules regarding transactions to protect both our company and our customers. The Payment card industry data security standard (PCI DSS) is a worldwide standard which is put in place to prevent credit card theft (Gibson, 2015) . With this standard in place, it helps million people feel secure everyday with making transactions across the global. This standard is still intact rather you have a secure Wi-Fi connection or an unsecure network connection. Since Likely Shoe Inc. is in the business of having access to personal identifiable information, we need to have a secure network that can prevent any hackers from accessing it. To have the proper configuration the network infrastructure must have the following within the configurations CIA, GRC, and AAA. All of these standards must be implemented on all devices that have access to Likely Shoe Inc. Within this report it will be discuss ways we can help protect customers information to keep the business running. Maintaining a secure network is always a long-term project goal with short intermediate actions that require much needed attention. Having a properly configured and secure network system is the perfect way to start planning for any network. There many cyberattacks looming that can alter the companies plan and affect millions of customers sensitive data. With cyberattack growing daily we must properly cover the mentioned guidelines above to be more aware of the situation at hand. CIA which is defined as confidentiality, integrity, and availability (Andress, 2014) . Confidentiality is put into place to limit access to certain sensitive information. Integrity is the ability to maintain the consistency of the data. Availability is to ensure that
Likely Shoe 3 reliability of the network for all consumers and users are maintained. The next standard would be AAA which goes over authentication, authorization, and accounting. Authentication is the secure way of accessing the site from any and all mobile devices as well as websites. Authorization comes from having the ability to access information is needed to conduct all transactions on a need-to-know basis. Accounting is ensuring the tracking of what information and the purpose of it. The last standard guideline we have will be the GRC which stands for governance, risk mitigation, and compliance. Within this standard Governance deals with the ethical management of information by the business employees. Risk Mitigation is the entire process in which all attacks are handled and addressed. Finally, compliance is the alignment of any corporate practice within regulation of any business. Cyberattacks can try to attack the business from many different lists of known cyber threats such as ransomware, man in the middle attacks, session hijacking, social engineering, and malware. Within this report it will be detailed the main three that can affect the business the most. Ransomware is a specify type of malware that can prevent users from accessing their system or personal files and which they demand a payment in order to regain access (Hassan, 2019) . This can be dementia to the company because we would be losing money in multiple ways due to a hacker using ransomware. The next attack will be session hijacking which is an attack that hackers take over a user computer session to obtain their session and act as a user on any network (Hu, 2020) . This is a major one as we don’t want our employees to get session hijack and the attackers have access to hundreds of customers sensitive data information. The last attack that can do major damage within the company would be social engineering which attackers used by sending out fraudulent emails, texts, and act as a website with the intentions of getting PII (Watson, 2014) . This can be extremely harmful to use because we don’t want our customers thinking that we sent out fraudulent emails
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help