Information Systems Security
Haseeb Ahmed Khan
CIS 333 Fundamentals of Information Security
March 12, 2012
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution. The case we have been assigned today deals with physical and logical vulnerabilities and protection against the risks and threats by implying the best controls to either mitigate, avoid and transfer the risks. Being an Information Security officer at a newly opened location in a busy mall, I have been asked to identify physical and logical risks to the pharmacy operations and also to suggest remedies to avoid any huge loss to the business. The pharmacy operations involve the unique transactions which involves the critical patients’ data, valuable medication and access to cash. The regulation set by the government obligates a pharmacy to meet certain standards to secure logical and physical access to information systems. The pharmacy is comprised of 4 work stations, there is a drug storage are and an office in the premises which has a file server, domain controller and a firewall. The three of the four work stations are placed at the counter to record and retrieve information of customers’ order. The entry of the store if from the mall and there the drug storage area is securely locked location behind the front counters. The store has a back door entry which is used by the employees and for delivery of new drugs. As an IT officer I have to protect all aspect of security including physical security of IT systems.
Information Systems Security
Physical security is an essential part of information technology security. Physical security encompasses not only the area containing system hardware, but also locations of wiring used to connect the systems, supporting services, backup provisions and any other part of the systems. Laptops and other types of mobile computing devices must also be protected from theft. The data on the mobile devices sometimes more than the value of the device. Such devices can also be an entry point on network. First look at the physical vulnerable area to IT systems within the pharmacy. After identifying the IT assets of company we can surly identify the physical risks. * Server Room
* File server
* Domain controller
* Front Counter workstations
The back door as showed in the floor plan is used by the employees of the pharmacy and it is often used for delivery of drugs. The access through this door is a physical vulnerability. Only authorized personal should be allowed to use this door. Any unidentified entry or activity should be monitored carefully. Such incident can result in loss of physical devices. The server room is a highly secured area which should be allowed only to IT people, other personal should be granted access by seeking special approval. The door should be locked all the time to protect IT assets. The workstations at the front counters should also be locked and placed securely to avoid any theft. The caged area cannot be locked all the time, it would result in low productivity as the staff move between the store, office and front counters. Securing the server room by locking it is the first step; surveillance makes it more effective if someone breaks into the server room. In case of an incident, one can easily pull up the video and check it for a particular time or for a particular event. “A logical breach...