Essay Example on Security professionals are failing to take their Responsibility

Subcategory:

Category:

Words:

492

Pages:

2

Views:

18

Security professionals are failing to take their responsibility for protecting people and the community perfectly This has culminated in a lot of losses being incurred A number of companies are still experiencing a lot of challenges in data protection in digital format and also defining the elements that constitute sensitive data in addition to specific place where the data should be kept Jr 2018 A case in point is the Citibank incident in 2005 where backup tapes containing personal financial information of more than 3 9 million customers disappeared during shipment from its Weehawken NY facility As a result it is worth noting that companies should be watchful of their data the way they protect their machinery and equipment Depending on the nature of business carried out by an organization it should mandate protection of sensitive data including customer information credit card numbers patient information and personally identifiable information in addition to intellectual property The disappearance of the tape containing customers personal information experienced by Citibank was a preventable incident because it happened as a result of negligence According to Raymond and Rey 2014 the information contained includes Social Security numbers in addition to transaction histories on both the active and closed accounts at the lending branches of the bank in the US It took about 18 days before United Parcel Service learned about the missing tape The United Parcel Service could not realize the missing tape immediately because Citibank did not abide by their special security procedures required of the courier 



The special security procedure required scanning of the barcode on each package being shipped rather than giving a summary document listing the entire packages that were being moved in one shipment Raymond and Rey 2014 Citibank instead scanned the summary document for the box that was picked up in Weehawken making it difficult to track the exact point at which the box was lost in the delivery chain It is important to note that failures in a complex system are to be anticipated no matter the redundancy of safety mechanics and care of operations Apart from hacking and risks of viruses there are a wide range of hazards that demands a company should always stay alert and plan applicable ways of handling such threats in case they occur In this case Citibank had a clear procedure that could help in tracking of any shipped document However the company culture was poor in such a way that someone could easily fail to strictly follow a set of precise rules as was required by the special security guidelines Moreover it is so disappointing to learn that security team did apply the disaster recovery contingency plan by failing to focus on defining the unique security procedures which could have helped in immediate realization and recovery of the lost tape Therefore it is necessary to stand for a set of rules prescribed in the substantial contingency plan to avoid unwanted risks Responsible companies would strictly follow due care and due diligence Due care demonstrates the commitment of a company to be responsible for all the activities being undertaken within the corporation and also take the required steps to protect the company its employees and resources against any possible threats In other words due diligence means the understanding of the current risk and threats Jr 2018 Citibank did not keenly practice due diligence and due care pertaining to the security of the customer information data and hence it can be legally charged with negligence or even held responsible for any consequence of that negligence If I was Citibank CSO it would be an opportunity to mandate protection of the documents by keenly following the given set of security procedures to avoid unnecessary mistakes which would lead to loss of the documents

Furthermore it could be a chance to ensure the company practices due care aimed at protecting personal data together with other assets of the company To perfectly do this I would work with company security team to develop and implement specific security policies standards and procedures geared towards securing all resources of the company and customer protection This would see the tape through secure shipment Another method that I would use to secure the data against any leakage that would otherwise cost the customers is encrypting the information in the disk This would have made it difficult for whoever took the tape to decode the information contained Nonetheless I would equally work on building an internal computer security incident response team CSIRT and equip them with incident handling capabilities To combat with this there is a need for people with a certain set of technical expertise and skills as well as define abilities that makes it possible for them to respond to various incidences carry out detailed investigations and also perform analysis tasks with a clear understanding They should be competent problem solvers who are flexible and can easily adapt to change in addition to being helpful in their daily activities To further strengthen the CSIRT I would communicate effectively with them and also other external contacts for maximum cooperation in readiness for risk handling and recovery of losses I believe that training internal staff members to perform CSIRT functions would make it uncomplicated to advance into these incident handling roles because the team would easily follow a set of guidelines specific to the company



Write and Proofread Your Essay
With Noplag Writing Assistance App

Plagiarism Checker

Spell Checker

Virtual Writing Assistant

Grammar Checker

Citation Assistance

Smart Online Editor

Start Writing Now

Start Writing like a PRO

Start