Memo

Memo

To: Sam Kerns, CEO

From:        

CC: IT Manager

Date: June 15, 2016

Re: Information Security

Mr. Kerns,

After analyzing the systems processes around web computing, I have found that there are several areas in which we could improve the security of the organization. Priority in the following areas is critical to the survival of our company:

• Confidentiality, Integrity and Availability (CIA) – Confidentiality is equal to privacy of information to include trade secrets, contracts, pricing and customer information. A security breach of any of this information could be disastrous to the survival of our company. Customers depend on our organization to take measures to ensure that pricing and contracts or kept confidential. Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people Safeguarding confidential information will require training for employees who have are privy to such information. Methods that we may implement to safeguard such information may include data encryption, biometric verification, security tokens, key fobs or soft tokens.  Integrity involves the maintaining of consistency, accuracy, and trustworthiness of data. Such data must not be changed in transit nor should it be subject to being altered by unauthorized persons. Maintaining hardware and correcting issues immediately can guarantee availability.

• Threats from malicious software – These threats can be mitigated by training employees in the area of ethical computing in the work area. Many employees are not sure of our company’s policies regarding “web surfing” and downloading unapproved programs and software. We need to develop and enforce an Internet usage policy as well as provide training. This will protect our company from malicious software such as adware, key loggers, ransom ware, and Trojans. With the extensive use of the web that we use daily, malware could potentially cause a data breach of confidential information as well as trade secrets and banking information.  

• Security challenges of Cloud Computing – Cyber terrorism is a realistic threat to our company’s integrity and confidentiality. It is vital that we stay proactive with concerns of security with our cloud-computing provider. Cyber terrorism threats that we a vulnerable include theft of proprietary information, distributed denial of service attacks (DDoS), and Denial of Service attacks (DoS). These attacks can have extensive consequences including financial losses, theft of intellectual property, and loss of consumer confidence and trust.

Unfortunately, we are at risk of any of the abovementioned attacks unless we develop, implement, and enforce security policies. Additionally, it is vital that we educate and increase the priority of information security.