Subcategory:
Category:
Words:
492Pages:
2Views:
140Security professionals are failing to take their responsibility for protecting people and the community perfectly This has culminated in a lot of losses being incurred A number of companies are still experiencing a lot of challenges in data protection in digital format and also defining the elements that constitute sensitive data in addition to specific place where the data should be kept Jr 2018 A case in point is the Citibank incident in 2005 where backup tapes containing personal financial information of more than 3 9 million customers disappeared during shipment from its Weehawken NY facility As a result it is worth noting that companies should be watchful of their data the way they protect their machinery and equipment Depending on the nature of business carried out by an organization it should mandate protection of sensitive data including customer information credit card numbers patient information and personally identifiable information in addition to intellectual property The disappearance of the tape containing customers personal information experienced by Citibank was a preventable incident because it happened as a result of negligence According to Raymond and Rey 2014 the information contained includes Social Security numbers in addition to transaction histories on both the active and closed accounts at the lending branches of the bank in the US It took about 18 days before United Parcel Service learned about the missing tape The United Parcel Service could not realize the missing tape immediately because Citibank did not abide by their special security procedures required of the courier
Furthermore it could be a chance to ensure the company practices due care aimed at protecting personal data together with other assets of the company To perfectly do this I would work with company security team to develop and implement specific security policies standards and procedures geared towards securing all resources of the company and customer protection This would see the tape through secure shipment Another method that I would use to secure the data against any leakage that would otherwise cost the customers is encrypting the information in the disk This would have made it difficult for whoever took the tape to decode the information contained Nonetheless I would equally work on building an internal computer security incident response team CSIRT and equip them with incident handling capabilities To combat with this there is a need for people with a certain set of technical expertise and skills as well as define abilities that makes it possible for them to respond to various incidences carry out detailed investigations and also perform analysis tasks with a clear understanding They should be competent problem solvers who are flexible and can easily adapt to change in addition to being helpful in their daily activities To further strengthen the CSIRT I would communicate effectively with them and also other external contacts for maximum cooperation in readiness for risk handling and recovery of losses I believe that training internal staff members to perform CSIRT functions would make it uncomplicated to advance into these incident handling roles because the team would easily follow a set of guidelines specific to the company