Threats and vulnerabilities
Scenario
Altamaha Tech Incorporated is a company that specializes in the development of wearable medical devices. The company has recently experienced high turnover of design engineers and scientists. Understanding the current situation, the company held a meeting on what steps can be taken to improve operations and secure its information and information systems. The company’s initial concern would focus on the possibility of internal and external threat due to high turnover of key employees. To aid the company in developing security controls that address known issues, the company has completed a security audit by a trusted third party. The independent security report has detailed information on all issues found within the security program.
You will assume the role as the CTO (Chief Technology Officer) to review the attached security report (Links to an external site.) (PDF) to develop proposed security improvements. You must determine the appropriate actions based on industry standards and best practices to create a plan to resolve security issues.
Instructions
Write your paper in the MLA format (Links to an external site.). You may refer to the course material for supporting evidence, but you must also use 3 other sources and cite them using the MLA format. Include a mix of both primary and secondary sources (Links to an external site.), with at least one source from a security journal. If you use any Study.com lessons (Links to an external site.) as sources, please also cite them in MLA (including the lesson title and instructor’s name). Ensure that your paper includes information on the following:
Describe assessment techniques used to determine threats and vulnerabilities.
Describe physical security threats and vulnerabilities.
Describe logical (technical) security threats and vulnerabilities.
Summarize required policies to protect information systems:
-Acceptable Use Policy (AUP)
-Mobiles device Management (MDM)
-Personally identifiable information (PII)
-Payment Card Industry Data Security Standard (PCI DSS)
-Information system secure backup strategies
Describe policies and procedures used for continuous security monitoring.
Describe training and continuing education policies implementation.
Describe a continuity of operations plan to keep the key system operational during a disaster.