Case Study 2: Eletronic Record Safety And Security (Correction)

Scenario

The employee noticed a few things were out of place in his office when he arrived in the morning for a few instances over the period of a month. He works in a government office building that has fairly stringent security measures in place – all staff must show picture ID to security personnel to obtain physical access to the floor on which his office is located. 
  
Here are a few things that were amiss in his office: 
  1.   The default homepage (an intranet website) was changed 
  2.   A note, food wrappers and crumbs that did not belong to the employee were found near the computer workspace. 
  3.   According to the log of visited Internet websites, several websites had been viewed recently that had never been visited by the employee, many of which were inappropriate.
  4.   New software had been loaded onto his computer from the Internet
  5.   According to time stamps, Internet files were accessed between the hours of 1 and 3 AM. Staff are not permitted access to the building at those hours. 
  6.   Smudges were found on the computer monitor. 
 
The employee believed someone had been fooling around with his computer and was concerned the information and records on his computer may have been deleted or changed. He was anxious to find a solution to his problem.



Solution

The recommendation for government agency for their technical assistance on improving security for staff computers in various workspaces.


Computer auto lock when you walk away.
  • It auto lock when you walk away within 15 minutes. It may save you when you forgot to log your computer. The trouble happen when you just simply leave your desk without lock the computer first and for windows users, be sure to use the “Ctrl-Alt-Del” function to prevent someone from using your computer when you step away from your desk. 
  • Example: if the officer need  going to somewhere, but the officer forget to log the computer, within 15 minutes if the computer are not use, the computer will auto lock and protect by misuse from unauthorized person.


Not allow to share the password.
  • Do not ever give the password even for trusted people because it’s really confidentially. If someone does not have a password to gain access to a resource, they probably were not supposed to have it in the first place.
  • Example:If the computer have the private and confidential record, do not give to unauthorized person password to access the computer to avoid the record will be misuse.

Protect information stored on computer.

  • Information protects on computer and store data on your network drive and not on your computer’s hard drive (e.g. C: drive).Have systems in place to make sure people are who they say they are. If someone shows up to fix your copier, make sure you know who called them, check their credentials and limit 
  • Example:Protect the computer and stored the data to the network to easier to know who access the system. Do not save the record on the hard drive but save at the network drive. If have connection then can access.
Make the passwords unpredictable.
  • Think about the password that people not think that you are using it. Use upper and lower case letters, numbers and symbols. Making it hard to guess also makes it hard to remember, but you must know what's harder.
  • Example: make the password as complicated to difficult other people to remember it. Make sure use the upper, lower or symbol to the password to other people not expect what are the password.

Personal security card
  • Used the personal security card to enter your workplace. It will protect the environment clean in your workplace. It will avoid people enter to your place easily and mess out at your workplace with the stranger thing.
  • Example: The company need to provide the security card to enter in workplace as a protection. It can record who are enter in the workplace area based on time and date. It can prevent the stranger enter at workplace

Have a security plan

  • Company must have a security plan to prevent the electronic record safety and security and the staff must follow it. The best time to develop an IT security plan it must the early step in the company and that must be an priority in the company. The great plan is make sure it's being followed and updated frequently to maintain the secure
  • Example: The It Department have to improve the security of system to the company and create security plant to other workers follow.

Good training security.

  • The security plan in the company is confidential and the staff must know that the good practice security as the secret and not for stranger person its only the staff of the company. Incorporate security into your employee training program.
  • Example: Provide training practice to staff only to improve the security at workplace.

All staff must take responsibility of security in the company.
  • The staff must responsibility towards their security I the company and company must take it seriously as their performance evaluation and make them know that the head department watching their attitude and it make IT security take part as their job to maintain the security in the workplace. 
  • Example:All staff must follow the policy of security at the workplace and responsible toward the security that apply to the company



No comments:

Post a Comment

Search This Blog