Global Access Control Case Study Essay
Global Access Control Case Study
With business always changing and data always needing to be protected, it has become an issue to determine the level of security for confidentiality and integrity purposes while allowing it all to be properly available for use. To put Global in front of the competition with its customers it implements its Global Connect-Link for collaboration. Through the use of its security division, CIS, Global prioritizes its data according to the risk of activity of usage against the potential business reward. It conducts constant supervision and monitoring to maintain confidentiality, integrity and availability. Global also has its own Continuity Manager software to manage large amounts of external users while maintaining the necessary centralized security from unauthorized access. Another level of security Global offers is its DLP or data loss prevention product. This keeps all data whether structured or unstructured when in motion or at rest from being compromised and deleted.
Lastly in regards to Global’s controls and the documentation of the effectiveness of these controls, CompScan, an audit program is in place to collect and analyze all the data. The overall analysis of Global is that they seem to have a good grasp on keeping all data protected for confidentiality purposes, allows for the transferring of the data to be done securely for integrity purposes and gives it customers, partners, employees and suppliers proper access to all data based on privileges for availability purposes. The only weakness that may exist is the proper training for its employees on all that Global offers. With such incredible software support and ability to provide security without worry it will have to maintain constant training to make sure that simple human error doesn’t become an issue but if something were to happen then the proper steps are taken and followed to avoid corruption from taking place. When it comes to the reporting of is financial data certain policies and procedures must be followed accurately. With an insecure system the opportunity of having inaccurate financial data reported is a good likelihood.
Federal laws require that financial data of any sort be kept private and secure at all times whether at rest on the network or in transit when being viewed or sent to a fellow business entity. The use of the security division’s IRM or information risk management has had a great influence on its ability to maintain business and get the edge on its competitors. The use of its Connect-Link, its prioritizing of security on investments, its Continuity Manager, its data loss prevention product and its CompScan it’s easy to see why peace of mind is something that is Global can offer at a 95% success rate.
To solve the internal problems like employee training, Global can hire a outside company to come in on a basis determined by the security division and conduct classes to make sure all employees are up to date on proper procedures and understanding of keeping security at the top of their own priority list. Maintaining good training programs minimizes the risk of user errors but doesn’t completely eliminate them. Adding other security like anti-virus software to the workstations and closing off ports that are not in use on a regular basis will also help ensure a higher percentage of user compliance to following the rules and policies in place.