In the modern world, the world is interconnected electronically brought about by the innovative application of the latest technologies. Most corporations face various challenges as it concerns the security of the information system. Hackers have devised methods that they may use to infiltrate into the company’s database. The situation is worsened in case of unfaithful employees. This calls for stringent measures to be set about in order to avert such scenarios from occurring. Risk management policy for information system security basically involves, ensuring that everything that pertains to the management as well as mitigation of risks in the information security is considered as noted by . It also provides clear guidelines for the implementation of the policy. The introduction of risk management policy in any given organization is done with an aim of achieving certain goals; such as to give assurance which implies that, the organisation has been able to identify exposures of its highest risks and has taken appropriate steps to manage the problem.
Models such as the `Intrusion detection system’ (IDS) may serve well in detection of any intrusion malfunctioning. It relies on the dennings intrusion detection model in which there are various observable activities, audit records and the network packets. These systems, verifies if the users of the system were hackers or crackers. In addition, the anomaly intrusion develops a statistical profile in which various network activities are recorded. Another goal is to make sure that, the planning processes in an organization include focused areas where risk management is required. The other one is to put in place a process that integrates the various risk control measures that, the organisation already has the risk. This refers to an assessment of the probability or possibility of some adverse event taking place and, the consequences that are likely to come up as a result of this event . On the other hand, risk management involves establishing and systematically applying a process in order to identify, analyse, assess, mitigate and monitor risk so that it is contained and maintained at levels that are acceptable. This paper tries to elucidate mitigation that may be employed to curb scenarios where hackers may interfere with a given system. It also lays measures that guide the employees on the confidentiality of the data that they handle.
Firstly, the risk management policy should involves policy description as well as procedures for the safe handling credit card transactions as well as information regarding personal data that are processed through automated systems or manual procedures. Therefore, it targets any individual who transmits or processes credit card transactions in any multinational corporation . Secondly, the policy focuses on any individual who transmits or processes credit card information, such as access to computer hardware and software containing credit card information. Moreover various security models may be implemented such as business continuity planning. This will see business security recovery procedures that would be conducted. The model would comprise of the intelligence feeds that would give a pro active surveillance. This would detect any malfunctions in the system and give urgent security control updates.
This policy and procedures are meant to see to it that credit card information is processed and transacted in a manner that satisfies the corporation’s obligation. There should be a detection process help to determine whether some users tried to access your system to ensure the security of such information to the levels that, either meets or exceeds those standards required by the multinational corporation Card Industry . For purposes of guarding the company’s reputation and ensuring public trust remains priority, failure to comply with the policy as is stipulated in this policy document will be treated as a serious matter.
As denoted by , the connection of computer to any network or Internet exposes it to malicious programs, stealing of valuable information like passwords by hackers or construction of DOS (Denial of Service) attacks that may limit computer user from access to websites and other services. Such effects would require stringent mitigation to counteract this effect.
In order to comply, it is required that the companies comply with this policy is to be assumed as mandatory for any individual or department that transmits, stores or processes credit card information. This would comprise only individuals who have undergone thorough training and, are certified and authorized may preside over any transaction involving credit card information or personal data information. Moreover, the credit card payments and transfer of personal data information may only be acceptable with the use of methods approved by the security engineers and officers. To enhance this, any individual with access to credit card information or, any personal data information is endowed with the responsibility for protecting the information. This means that personal data information or Credit card information must be immediately destroyed as soon as it becomes no longer necessary.
To curb the external hackers, the system has to be integrated in a manner such that it does not allow phishing and spam in its network as noted by. The DNS are more vulnerable to attacks such as DDos and the cache poisoning. This may be achieved by systematic encryption of the content conveyed, and continuous surveillance of any abnormally as suggested by .
In conclusion, In order to cut down on losses resulting from credit card as well as, personal information data fraud, the office of the information security engineer shall partner with the relevant authorities to ensure mitigation of risks involved as noted by . This shall include; establishing penalties for noncompliance such as raised transaction fees involved in credit card, suspending privileges enjoyed by credit card holders, and administering fines in situations where an account is compromised. As noted by, employees of a given institutions are obliged to adhere to the set polices to enhance the security of a given firm’s information. Failure to comply with above principles, as implemented in this Policy, may also lead to the revocation of the ability to process credit card transactions and/or could lead to severe disciplinary action.