Scribd
Upload
3K views2 pages

Creating A Company Culture For Security-Design Documents

For an online retail company, the document recommends the following for creating a security culture: 1) Implementing strong password policies, password rotation, and multi-factor authentication. 2) Using VPN services, SSL/TLS certificates, and firewall rules to protect external and internal websites and remote access. 3) Enforcing wireless security standards like WPA2, VLAN configurations, and laptop security policies that encourage VPN and strong passwords.

Uploaded by

Onyebuchi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3K views2 pages

Creating A Company Culture For Security-Design Documents

For an online retail company, the document recommends the following for creating a security culture: 1) Implementing strong password policies, password rotation, and multi-factor authentication. 2) Using VPN services, SSL/TLS certificates, and firewall rules to protect external and internal websites and remote access. 3) Enforcing wireless security standards like WPA2, VLAN configurations, and laptop security policies that encourage VPN and strong passwords.

Uploaded by

Onyebuchi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

CREATING A COMPANY CULTURE FOR SECURITY- DESIGN DOCUMENT

Creating a company security culture, there few things to bear mind in order to create a security
policy that will prevent, reduce or medicate risks. Such things are the requirement of on an
organization because based on it they priories their security concerns.

Authentication:

Since the company is online retail Organization, you man want to form an authentication process
that have a strong password policy system that is difficult for brute force attack, that enforce; length
requirements, character complexity, check for the present of dictionary words, and never to record
or write password down in a plain text or share it with to anyone. Also password rotation policy
should be encouraged.

External website security:

As IT support specialists charged with these responsibilities, you might want to look for one the
followings; mult-factor authentication for user like password and pins, Biometrics like fascial, voice
recognition, finger prints etc., VPN connection services to enhance data encryption.\

Internal website security:

For internal website security, you may want to consider RADIUS or Remote Authentication Dial-In
User Service, which uses protocol that provides AAA services for users on a network. 

It's a very common protocol used to manage access to internal networks resources and services by
verifying user credentials using a configured authentication scheme.

Remote access solution:

For remote access solution, you want to consider using VPN services in order to application and service
using SSL or TLS certificates.

Firewall and basic rules recommendation:

Recommending firewall and basic rules requires understanding which services are necessary and
which that is not so that you can recommend implicit deny principle or concept which expresses that
anything not explicitly permitted or allowed should be denied. This is different from blocking all traffic, 
since an implicit deny configuration will still let traffic pass that you have defined as allowed. This can
be done through ACL configurations.

Wireless security:

For wireless security, I will go for WAP2 since is a security enhancement to WPA. Users must ensure
the mobile device and AP/router are configured using the same WPA version and pre-shared key
(PSK) which make it difficult for an attacker gain access into network resources.\

VLAN configuration recommendation:


Laptop security configuration:

For this, you are to assign permission based on the resources, an employee needs to get job done.
Encourage strong password policy.
If use remotely, VPN connection should be encouraged.

Application policy recommendation:

Application that is not needed used be disable


Regular app update and patches should be deployed to fill security concerns.
Since card payment system is involved, PCI-DSS policy should be applied

Security and privacy recommendation:

In this, you are to recommend how to oversee the access and use of sensitive data, It is best to use
principle of less privilege and regular auditing of data access log to ensure that sensitive data are
only accessed by authorized user.

You might also like