Global Limited is a global provider of infrastructure information systems, whose services cater to a wide range of industry sectors. One of Global Limited’s business objectives is information security for their clients. In order to provide their clients with information security, Global Limited has utilized a risk management approach to protect their client’s information. From a security standpoint the step taken by Global Limited are sound and will maximize the security of their client’s information. The main weakness as such will remain at the user level. If the end users both internal and external are not security conscious and vigilant in their security awareness then there is a risk of a vulnerability being exploited. The access controls Global Limited implemented using access tokens and PIN numbers for authentication provides a level of security to protect unauthorized access to data and systems.
The additional use of the Data Loss Prevention (DLP) product to manage data across the network is integral to compliance of the CIA triad. Global Limited’s approach of layered security from end- point to end user utilized several different methods of controls thus providing their clients with a single comprehensive strategy. Although there is no real way to have complete security against all threats, Global Limited has provided their clients with a secure solution without being so intrusive that the end users cannot do their jobs. If a company or organization’s data and systems are not secure, be it from lack of proper controls or improper physical security, then they would be out of compliance with industry standards. According to the SOX act a company is supposed to have internal controls in place to prevent and detect unauthorized access of financial data. Global’s risk management approach was a key factor in the success of their efforts to protecting their client’s information assets.
By utilizing risk management strategies Global was able to detect vulnerabilities where there were the most likelihood of threat and implement controls to detect and/or prevent breaches of the security controls. The risk management process ensured Global addressed security measures at all levels of the IT/domain. Having remote external access to Global’s network poses many threats. Lack of physical controls over devices could result in breaches. If a person lost a laptop that ad sensitive data or kept their login credentials stored on their phones, an unauthorized person could gain access.
If data is not properly classified and protected it could be compromised through VPN. Some other tools that are comparable to those used by Global are Biometrics and cryptographic keys used for authentication. Titan CMS is similar to Global’s DLP suite in that it classifies, monitors and secures data across a network. Clone Guard provides vulnerability scanning, intrusion detection, and penetration testing to test an organizations defensive countermeasures and identify threats.
Managed Network Security, IDS IPS Solutions Provider – Clone Systems, Inc. (n.d.). Retrieved March 30, 2014, from http://www.clone-systems.com/?gclid=CPCGzpWn1r0CFaVxOgodtEcAeQ Titan CMS content management systems. (n.d.). Retrieved March 30, 2014, from http://titancms.com/home.htm