Running Head: Technical Project Paper, Information Systems Security

Technical Project Paper: Information Systems Security Information Systems Security Haseeb Ahmed Khan Mark OConnell CIS 333 Fundamentals of Information Security March 06, 2012

Information Systems Security

Information Systems Security Abstract

In todays IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution. The case we have been assigned today deals with physical and logical vulnerabilities and protection against the risks and threats by implying the best controls to either mitigate, avoid and transfer the risks. Being an Information Security officer at a newly opened location in a busy mall, I have been asked to identify physical and logical risks to the pharmacy operations and also to suggest remedies to avoid any huge loss to the business. The pharmacy operations involve the unique transactions which involves the critical patients data, valuable medication and access to cash. The regulation set by the government obligates a pharmacy to meet certain standards to secure logical and physical access to information systems. The pharmacy is comprised of 4 work stations, there is a drug storage are and an office in the premises which has a file server, domain controller and a firewall. The three of the four work stations are placed at the counter to record and retrieve information of customers order. The entry of the store if from the mall and there the drug storage area is securely locked location behind the front counters. The store has a back door entry which is used by the employees and for delivery of new drugs. As an IT officer I have to protect all aspect of security including physical security of IT systems.

Information Systems Security First look at the physical vulnerable area to IT systems within the pharmacy. After identifying the IT assets of company we can surly identify the physical risks. Server Room o File server o Domain controller Front Counter workstations Switches/hubs

The back door is used by the employees of the pharmacy and it is often used for delivery of drugs. The access through this door could be a physical vulnerability. Only authorized personal should be allowed to use this door. Any unidentified entry or activity should be monitored carefully. Such incident can result in loss of physical devices. The server room is a highly secured area which should be allowed only to IT people, no other access should be granted with seeking special approval. The door should be locked all the time to protect IT assets. The workstations at the front counters should also be locked and placed securely to avoid any loss. The caged area cannot be locked all the time as it will result in low productivity as the staff move between the office and front counters. The facility has a back door entry which is used by the employees.

Information Systems Security

Fig. key Logger attached to keyboard connector

Information Systems Security References Kim, D., & Solomon, M. (2012). Fundamentals of information systems security. Sudbury, MA: Jones and Bartlett. Department of Finance and Administration, State of Tennessee. (2008). Enterprise Information Security Policies. (Document Version 1.6) Ghosh, A., & Cigital, M. An Approach to Defending Against New and Unknown Malicious Software. Retrieved Feb 16, 2012, from http://www.cigital.com/resources/papers/