Question

Discuss the following questions with your peers and the facilitator regarding the list of security methods (see below): What risk or risks does this method cover? Is the method an organisational or a technical method? Is the method preventative or reactive? What user impact is this method most likely produce? Could this method be improved in any way to create better security? The following list of methods is to be discussed: Full data backup every five (5) minutes Fire prevention systems Visitor rules Clean-desk rules Lock out of USB ports Disconnection of unused network ports Strict WLAN password rules, with a change of password every 14 days Mandatory password protected screensaver after two (2) minutes of inactivity Rules about private use of company resources (e.g., Internet and e-mail) User training about phishing e-mails Rules about the disposition of data storage devices or obsolete computers Strict password rules (12 characters with three [3] numbers, two [2] special characters and a change every two [2] weeks) A dedicated responsible person that checks for locked doors and windows every evening Rules about who has the key for the server room During this learning activity, you have to think about a given method in relation to creating and maintaining security. What risk does that method prevent? Is it really required? Can this method be improved to create better security? Assume that you are responsible for a medium-sized company with mainly non-IT personnel

Answer 1

To minimize the risk of data breaches, companies implement various security measures such as regular backups, fire prevention systems, and phishing education. Balancing strong security protocols with user convenience is essential to protect against risks while maintaining productivity. Continuous improvement of these measures can lead to better security outcomes.

Step-by-step explanation:

Increasing security measures in businesses can help prevent data breaches, a significant problem given the potential loss of confidential information. As part of this effort, tactics such as full data backups every five minutes, stronger passwords, and phishing education are crucial. For instance, regular data backups can help in the quick restoration of data in case of a breach, which is a technical and preventative method, although it may impact user productivity due to interrupted work during backup operations. However, improving backup efficiency and minimizing disruption can enhance security with less user impact.

Fire prevention systems and clean-desk policies are organizational preventative methods; the former minimizes the risk of fire damage to equipment, while the latter protects sensitive information from being left out in the open. Regular password changes and the enforcement of complex password requirements serve the dual role of being both technical and organizational methods, as they require system configurations but also adherence to policies set by the organization. These measures are preventative and aim to prevent unauthorized access, but too frequent changes can lead to user frustration or insecure practices, such as writing passwords down. Balancing security needs with user convenience is essential here.

Phishing education is a critical reactive and organizational method, as users who can recognize phishing attempts are less likely to fall prey to them, thus protecting the organization's assets. Lastly, policies regarding the physical security of server rooms and device disposal are both organizational and preventative in nature, aiming to protect against theft, unauthorized access, and data leakage from improperly discarded devices.