Q

Outline the security policy that would act to protect their data centre resources.

Home, - How they can protect companys data and resources

Question: Outline the following security policies:

1. A security policy that would act to preserve the Confidentiality, Integrity and Availability of their data,
2. A security policy that would act to protect their data centre resources, and
3. A security policy that would act to educate DR Alarms staff in how they can protect the company's data and resources.

Answer: Outline - Security policies

The outline of the security policies of the DR alarms has been explored in detailed manner in this section. This section covers how the data must be protected and how to apply the security policies to the sensitive data (Alotaibi et al., 2016, p. xx). It gives clear idea of how to secure the resources in the datacentre and steps to mitigate those risks were defined in detailed manner in security policies. The training provided to the employees to conserve the data with high confidentiality and privacy was explored in detailed manner.

1.1 Preserving CIA of data
Most of the security policies focus on three aspects of the data and information such as confidentiality, integrity, and availability. The three aspects stay as proof that the security policies are followed in the organisation in appropriate way. The clear explanation of the CIA model for the security policy has been explored below (Pawaskar, 2020, p. xx) :

Confidentiality
The term confidentiality refers to protecting the data from being exposed to unauthorised third parties due to the data breach activity or insider threat. It is essential to limit the accessing rights in order to secure the proprietary information and maintaining the privacy level. The confidentiality mainly targets on accessing control mechanisms and hence avoiding the chances of sensitive data gets affected by the external threats. Every piece of the information on the DR alarms is significant because the firm withholds the details of employees, users, trade secrets, legal files and so on. The authorised people can be permitted to access the certain data and thus completely eliminating the chances of over control on sensitive data. The two processes must be included to enhance the confidentiality such as authentication and authorization so that only legal and authorised users can be granted to retrieve the data retained in the Datacentres (Merhi&Ahluwalia, 2019, p. xx) .

i). Authentication - The authentication process indulges in verification of user identity and it is possible with some of the identities such as tokens, biometrics, and cryptographic keys and so on.

ii). Authorization - The authorization process will define who has the right access to the data exist in the system. The confidentiality can be enforced by allowing the admin or authorised users to access certain defined files. The need to know mechanisms are followed so that the confidential data sharing activity can be possible.

The confidentiality of the data at rest as well as transit can be attained by non-technical means by retaining the hardcopy of the confidential data so it can defend social engineering attempts as possible. Some of the effective security methods defined below to enhance the data confidentiality such as (Qadir&Quadri, 2016, p. xx):

Two factor authentication The dual factors have to be employed and it provides ultimate security in compared with normal authentication process (Rjaibi&Rabai, 2015, p. xx).

Two factor authentication

The dual factors have to be employed and it provides ultimate security in compared with normal authentication process (Rjaibi&Rabai, 2015, p. xx).

Encryption

The encoding of the message during sending process so that the data can be read or modify only by the authorised one. The data will be decoded at the end of the receiver side.

Biometric verification

The biometric such as fingerprints, facial recognition, iris etc. can be used to carry out the authentication and authorization activity to eliminate the illegal activities. Digital certificates emerge as best technique to ensure the confidentiality by intervening only the authorised users to access the certain data types.

Password

The strong passwords can be used which means characters and numbers can be employed.

The above mechanisms can improve the confidential level of the retained data and thus the data exist in the DR alarms can be conserved with high confidentiality. The sensitive data were retained in secured manner by restricting the user access to the certain data. The confidentiality completely undergoes spectrum of accessing control mechanisms as well as monitoring, training and testing activity. In apart from that, giving proper training to the employees to how to handle the sensitive data is essential. The DR alarms mainly faces the confidentiality issues due to the internal threat factors and focusing on those aspects can deliver the appropriate results at the end (Aldossary& Allen, 2016, p. xx).

Integrity
It is one of the security requirement in which the information and programs must be altered only in specified and authorised way. The major cause of the data integrity such as errors and omission and it has to be eliminated. The errors are normally occurs by the humans and it is normal. But it creates serious of concerns in the future and it needs to be nullified in the initial setup. In general, integrity and confidentiality are closely interrelated and thus balancing two terms is significant. It is significant to ensure that the data should not be altered while transmitting and steps needs to be taken to assure that the data is not modified by the unauthorised people. Thus some of the measures such as file permission and accessing control mechanisms for certain users have been made. The data accessing rules can be defined to those engage in accessing activity so that the limited accessing is possible. Some of the best practices can be employed to improvise the data integrity level and they may include:
• Ensure that the employees are well knowledgeable about the regulatory and compliance requirements
• Usage of the backup and recovery software to retain the important data and files
• In order to ensure the data integrity, some of the mechanisms such as version control, data log monitoring, checksums and accessing control activity can be made.

Availability
The availability requirements can be fulfilled by maintaining all the hardware and other functional system in working mode by avoiding the various functional conflicts arise among them. To accomplish this, it is significant to carry out the necessary upgrades and updating activity in timely manner. It means the faster and adaptive disaster recovery must be carried out to attain the high availability. The high availability can make the users to access the system at any time without any interruption. To prevent the data loss from the natural disasters, the backup copy of the confidential files must be reserved in the geographically isolated area perhaps in the local area. The additional security mechanisms such as deployment of firewall and proxy servers can defend against the various security threats evolve in the systems.

1.2 Protection of data centre resources
In this section, the methods to protect the data resources exist in the datacentre of the DR Alarms were explored. There are many flaws existing in the data center and it is foremost thing to concentrate on the physical security. The holistic security policies must be followed so that the data centre issues can be resolved. The compliance requirements should be fulfilled in which accessing activity occurs in secured way. Some of security standards have been listed to ensure the data integrity and confidentiality. The data center management simply employ the security policies and accessing lists in order to handle the data in the secured and protective manner. They are (Angraini et al., 2019, p. xx):

Layered security measures
The layered security measures must be followed in which the hackers can be blocked before attempts to reach the valuable data or hardware assets. Thus the every layer must be protected with effective security measures to fight against the issues evolve to the servers. The server rooms must have multifactor authentication so that the unauthorised access to the data in it can be blocked within short span of time.

Server security
Due to virtualization, the security of the server has become tedious and challenging. The industry security standards must be followed such as 24*7 security, intrusion detection and prevention mechanisms. The security solutions needs to secure all the virtual and physical servers as well as web based applications. The remote monitoring of the severs, applications and other security services with high security can make the data to be retained with high security in the data centres.

Access lists
The access control lists can be employed in which the DR alarms can prevent theft activities and guard against the human error is possible for those who are not authorised to handle the IT assets exist in the organisation. The zero trust philosophy must be followed to ensure that the unauthorised person does not engage in accessing of the sensitive data. Every employees of the DR alarms must go through the accessing lists and acting in accordance with those lists will results in high level of security.

Multi factor authentication
The zero trust security procedures should be incorporated with the multi factor authentication. Every AP must need two or more identification or authentication to assure that illegal accessing activity does not occur. The two or more identities can be used during the authentication time and thus eliminating the intrusion activity by the illegal users. The usage of multifactor for the sensitive areas and zones can make the data to be secure from the harmful threats and attacks (Ahlan et al., 2015, p. xx) .

Biometric technology
The transition to the biometric technology can help the people to identify them by their unique characteristics such as retina, voice pattern and thumb print. It is essential to take review on the physical and logical security standards and thus the data can be remained in well protected manner. In compared with the passwords, the biometric security attains high level of security and thus the security compromise activity due to weak passwords can be defended.

Exit procedures
When someone in the firm has the access to the sensitive zones in the data centres left their position then their privileges will not be blocked. And thus whether it is data center personnel or employees who have the accessing rights and who are leaving firm has to be checked and employed facilities to eliminate those accessing privileges given to them. Because there are lot of security concerns evolve if the privileges are not denied. The main issues faced by the DR alarms is that the unused accounts can fill up the storage and clearing space also attained by properly monitoring the unused accounts (Bilal Khan, 2011, p. xx) .

RFID asset management
The personnel working on site in the data centres and continuous monitoring of the camera footage is somehow difficult to keep on monitoring the every single piece of IT assets at all times. The RFID tagging can make the administrator to manage the data centres and track the assets exist in the datacentres in real time via business intelligence software tool. Tags has the ability to send the alert to the respective personnel whenever the assets is tampered or moved and it can make the admin of the Dr alarms to respond to those activities.

24*7*365 security
Security checkpoints and cameras will not be helpful to attain the high level of security without the security staff members. Thus routine patrols must be employed throughout the every data center areas and it can provide the reminder that every security personnel are present and react quickly to the potential security issues. The security should be tightened so that the authorised people can be permitted to access the sensitive data.

Video surveillance
The video surveillance technology were incredibly valuable for the data centres and thus the CCTV with full tilt and zoom features can be helpful to monitor the access points placed in the interior as well as exterior environment. The backup of the camera footage should occur in digital manner and archiving activity carried out to protect against the unauthorised tampering activity. The monitoring of the video surveillance can make the administrator to block the illegal users if they attempt to access the authorised data.

1.3 Educating DR Alarm staffs - Data protection
The workplace education on the data securing activity is essential to nullify the various threats evolve due to the human errors. The 56 % of the data confidentiality affected due to human errors in the DR Alarms. And thus undergoing appropriate training by the employees of the DR alarms can produce the secured protection to the data at rest as well as data at motion (Ajoudanian&Ahmadi, 2012, p. xx) . There are several laws and regulations exist to accomplish the CIA of the data at DR alarms. The roles and responsibilities of the employees in securing the data must be defined in the training process and thus the serious of issues emerge due to the violation of the laws can be avoided. The employees should know how to expose the unused accounts so that the secured data disposal activity can be made. The training must be given to the new employees as well as customers to how to disclose the sensitive data and what are the issues caused by violating the laws were defined. In major cases, the intrusion activity takes place via online. The inspection of the website and finding of the threats or worms persist in the web sites can be done. The training wasprovided to the employees of the DR Alarms to how to secure the data with high security and privacy. The employees should know how to carry out the login activity in secured and safe manner. Some of the ways are listed to assure the data security and they may include:

• Discussion on physical security
The data security training must explores the detailed discussion on the physical security and granting permission details can be provided to each employee. And acting in accordance with those accessing rights can eliminate the accessing issues (D'Arcy & Lowry, 2017, p. xx).

• Exploring common security threats
The weak spots exist in the organisation to enter the database were informed to the employees and assuring security on those spots is the foremost process. The common attacks made in the DR alarms such as malware, phishing and password attacks. These three attacks needs special attention because most of the security concerns caused by those attacks.

• Communicating data protection rules
The rules for protecting the data must be communicated with every employees and intimate the employees to use the latest security software to assure high security level. The GDPR privacy laws and regulations were followed in which some of the ways are provided and employees of the DR alarms must concentrate on those rules to achieve the high CIA. The fine can be made on the employees for those who attempt to violate the accessing rules.Some of the ways are mentioned to process and reserve the data in secured manner such as:
• Those who indulge in processing of the sensitive data should have certain limitations on the data.
• The data shared with others should be encrypted in proper way so that the intrusion activity takes place during data transfer can be minimized.
• The monitoring of the login activity performed by the administrator to detect the persons who are all engaged in the illegal activities.
• The regular auditing activity must takes place in which the assessment of the risks exists in the DR Alarms can be detected (Borate & Borate, 2014, p. xx).


Leave a comment


Captcha

Related :-