Information Security Problems
Problems, challenges at CB Hart that are addressed and which solution is proposed for.
Following the recent data leakage from the Hale firm I suggest that cryptography is used as a prevention measure to avoid similar issues. Business relies to certain extent on mobile technology and portable storage devices to communicate and exchange data faster and easier. Encrypting data is very efficient method to protect sensitive information. In such a merger it is important to keep a safe internal network and synchronised antivirus software on all devices and components. As well as keeping patches of used applications up to date. “Patch or mitigate within two days for high risk vulnerabilities. Use the latest version of applications.” (AUS Government). It is important to minimise the number of users with administrative privileges until an efficient network is driven through all devices. Only people who are in need of information about an ongoing case should be permitted to access any sensitive data and even that must be done under after an administrative permission of a higher executive. Consumerisation of IT must be brought down to a minimum of only in-office desktop devices usage until everyone is generated an appropriate username and password for the company network access. * To prevent the law firm from having any more data leakages proper network activity/security must be carried out and documented. * Patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers. * Patch operating system vulnerabilities. * Minimise the number of users with administrative privileges. Proper Network Access Control must be carried out to set appropriate user privileges * Data encryption must be applied if assessed as a necessary data protection measure
What are the major information security problems that currently challenge organisations? (Background information)
Following another recent accident similar to Hale firm’s data
Following the recent data leakage from the Hale firm I suggest that cryptography is used as a prevention measure to avoid similar issues. Business relies to certain extent on mobile technology and portable storage devices to communicate and exchange data faster and easier. Encrypting data is very efficient method to protect sensitive information. In such a merger it is important to keep a safe internal network and synchronised antivirus software on all devices and components. As well as keeping patches of used applications up to date. “Patch or mitigate within two days for high risk vulnerabilities. Use the latest version of applications.” (AUS Government). It is important to minimise the number of users with administrative privileges until an efficient network is driven through all devices. Only people who are in need of information about an ongoing case should be permitted to access any sensitive data and even that must be done under after an administrative permission of a higher executive. Consumerisation of IT must be brought down to a minimum of only in-office desktop devices usage until everyone is generated an appropriate username and password for the company network access. * To prevent the law firm from having any more data leakages proper network activity/security must be carried out and documented. * Patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers. * Patch operating system vulnerabilities. * Minimise the number of users with administrative privileges. Proper Network Access Control must be carried out to set appropriate user privileges * Data encryption must be applied if assessed as a necessary data protection measure
What are the major information security problems that currently challenge organisations? (Background information)
Following another recent accident similar to Hale firm’s data
References: Alan Calder & Steve Watkins, International IT Governance: An Executive Guide to ISO 17799/ ISO 27001, Kogan Page Limited, 2006 Freeform Dynamics Ltd., The Register, The Consumerisation of IT: A question of freedom versus control, October 2011 Andrew Rose, “Information Security in Law Firms”, 2006 Australian Government, Department of Defense, Intelligence and Security, “Top 35 Mitigations”; http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm (accessed 8pm on 22 Nov 2011)