P. 1
LaRon Walker - Protection of Customer Data

LaRon Walker - Protection of Customer Data

|Views: 53|Likes:
Published by LaRon Walker
Protection of Customer Data
Protection of Customer Data

More info:

Published by: LaRon Walker on Apr 05, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less





Protection of Customer Data LaRon Walker Master of Information Technology and Internet Security August, 2010 Due to the

fact that all of the information transmitted by Kucera is over the Internet and different networks, the threat of an individual¶s privacy being at risk is very high, because of applications that capture packets by sniffing networks. This applies to both business to business communications as well as consumer to business transactions. The best way to defend against these types of attacks for both consumers and businesses alike is to make sure that firewalls are checked frequently, all updates and security patches are current, and all security and antivirus applications are up-to-date. Hardening Practices should be applied to all Kucera computers, Point of Sale systems (POS), and servers. According to the article Hardening Network Servers (2003), ³Hardening a server is a process by which a computer system is audited for common security vulnerabilities, and the uncovered vulnerabilities are fixed by applying operating system patches, removing network services, and installing other utility software.´ Based on the fact that Kucera has no control over its customers¶ computers, these practices will only protect customer privacy data once inside of the internal networking environment. Other vulnerability management techniques like pen testing should also be performed regularly to help maintain the security integrity of the networking and computing environments. By using a combination of these strategies helps ensure that consumer privacy data is protected.

Kucera should also appoint a strong Privacy Policy Management Team (PPMT). This team should develop a strategy that provides strict privacy guidelines that are carefully monitored, implemented, and maintained. Along with this, the committee should ensure all guidelines for consumer privacy legislations are followed such as the European Union Data Protection Directive of 1995 and The Payment Card Industry Data Security Standard (PCIDSS). By following these legislations, solid data privacy models are defined advising what information is required to conduct business, who or what requires access to personal information, how the personal information is used, along with the minimal encryption required to transmit this information. Along with PPMT, an equally strong password management system should be enforced. According to Barr (2008), a good password management system should provide strong password enforcement that includes a password exclusion dictionary (words that should not serve as passwords), a password history store to prevent the re-use of old passwords, allows users to manage their own passwords (including resets), and allow users to synchronize their passwords across multiple networks, systems, devices, and applications. Barr (2008) also states that passwords should be stored with AES (256-bit) encryption to help address the risk of passwords being compromised from outside network attacks.

Barr, J. (2008, October 1). Effective Privacy Policies. Faulkner Information Services. Retrieved August 21, 2010 http://www.faulkner.com.wf2dnvr13.webfeat.org/products/securitymgt/docs/privacypolic y1008.htm

Barr, J. (2008, December 1). Enterprise Password Systems. Faulkner Information Services. Retrieved August, 2010 http://www.faulkner.com.wf2dnvr13.webfeat.org/products/securitymgt/docs/passwordmg t1208.htm Sharpiro, B. (2003). Hardening Network Servers. Faulkner Information Services. Retrieved August 21, 2010 http://www.faulkner.com.wf2dnvr13.webfeat.org/products/securitymgt/docs/hardeningse rvers1003.htm

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->