Raven Property Management Data Security Proposal

1. Background of the company

Raven is a limited liability company that does govern the operation of a chain of retail supermarkets. In that regard, to this company, a lot of sensitive and confidential information entrusted to its disposal to ensure safety and safeguard. Data stored in their databases from their loyal clients include information such as names of the Directors, health status, passwords, account statements, statutory tax compliance accounts, the creditworthiness of the retail companies. This kind of data calls for extra care when being handled by Raven to avoid possible loss, malicious attack, or even possibility of tampering with it. Therefore, security matters towards this information lie in the hands of a Security Consultant in collaboration with other teams of staff within the organization (Safa & Von, 2016).

Although the company has put in place security measures to control access of data as explained above, there are still vulnerabilities and threats to the customers’ data, basing on the fact that the field of technology is advancing day by day. For instance, they have not yet established a formal password policy that can meet the organization’s regulatory requirements. Instead, it makes it optional for its clients to choose their passwords that are, at times, inconvenient and unreliable due to their weak status. Moreover, the organization uses a single-factor authentication, which compromises the clients’ personal information such as the social security number, income, account transaction payment history, account information, and account balance.

The Raven Property Management uses a single Sign-On technology where the user is assigned into a single screen name, which results in the logging in or unlocking of multiple webpages/sites and applications. Integrated systems with the ability to monitor the accessibility or permissions attract vulnerability to attack due to the use of a single authentication protocol. For instance, the system incorporates a password reset feature; an unauthorized person might get an opportunity to predict a current or future password in the process of changing it via single authentication. It has been proven that regular changing of passwords does more harm than good. Furthermore, this act is ineffective as a means of securing data (Kitchin & Dodge, 2019).

2. Details of the Programme Designed

To ensure reliable information security of the company information. It is of essence that every member of Raven Management is part and parcel in one way or the other to realize the intended target:

• Short-term plan (Individual Level)

Creativity Habit

We intend to be having a weekly creativity course for each department. The primary goal of the course will be to brief staff members on how to employ creativity skills to enhance data security.

Brainstorming

Each staff should join a collaborative group. In those groups, members should share security creatives strategies they are conversant with.

Selection

Each group should gather unique ideas shared in their meeting sessions and compile them at the end of every month.

• Medium-term plan (Departmental level)

Secure Technologies

The team involved should be aggressive to know and learn emerging technologies in the field of IT.

Training

Departmental staff should be trained regularly to keep them up-to-date with the current technology.

Creativity

Departments should implement the effective problem-solving methodology, such as brainstorming.

• Long-term level (Corporate Level)

Recruitment Strategies

The company should incorporate the vetting of new employees.

Follow-Ups

The Manager or CEO company ought to take the obligation of overseeing the overall departmental accountability.

Government Policies

Government regulations enforced to the companies regarding all of their operations ought to adhere strictly.

3. Rationale Behind the proposal programme

Short-term plan

Individual staff should depict creativity and aggressiveness. Do more research and utilize online material to keep them acquitted with the dynamics of technology. Self-accountability is also crucial for the success of the overall target. Proper handling the hardware and software that stores the data can help to mitigate risks of information loss.

Medium-term plan

The department, in collaboration with top management, should ensure secure technologies are incorporated into their systems. For instance, two-factor authentication is greatly recommended rather than single-factor authentication (Wang & Wang, 2016). An account is secured by two different locks with different factors before access is granted. Rather than the password, the two-factor authentication adds an added security. It is of the IT security consultant to ensure the team members have acquitted with the advancements in technology. A training should schedule on a regular interval say like semi-annually.

The team should also embrace brainstorming techniques. It is clarion that we are all talented differently. As such, they can share ideas and more so arrive at a better solution.

Long-term plan

During recruiting new employees by the company, it the role of the corporation at large to ensure proper recruitment strategies. For instance, all new employees should be thoroughly vetted before they are hired. The company manager should ensure the accountability of his subordinates in regards to their role. Probably, they should be submitting to him or her reports regularly. Government enforcing strict regulations regarding data security and protection can be of the essence. Privacy laws put in place by government legally registered companies and businesses prevent disclosing any sensitive information. Therefore, it’s recommendable that Raven Property Management Strictly comply and embrace these regulations within the organization at large. Failure to which they are associated consequences attached to the violation of these laws, which include heavy penalties and even company termination (Holt & Thompson, 2019).

4. Work samples/demonstrations

• Creativity

How to make creativity a habit

• Brainstorming

Members are engaged in profound sharing of ideas at individual groups and departmental levels.

Techniques of Creative Thinking

• Researching

Staff are exploring on emerging technologies from the internet.

• Problem-solving skills

Creative Approaches to Problem Solving

• Appraisal of a Secure System

New product presentation graphically

Example of a Secure Electronic System

5. Expected changes or deliverables

At individuals, departments, and the corporation at large ought to be aggressive, develop a habit of perpetual creativity. To improve IT security through vulnerability management, Raven Property Management should determine its scope. Identify the asset owners, manage expectations, work with a single authoritative source, and finally formulate respective policies. Businesses, systems, and customers are better protected when there are a well-established information security system and management process.

References

Holt, M., & Thompson, J. (2019, January 29). Five Areas of Government Regulation of Business. Retrieved from Chron: https://smallbusiness.chron.com/five-areas-governemnt-regulation-business-701.html

Kitchin, R., & Dodge, M. (2019). The Security of Smart Cities: Vulnerabilities, risks, mitigation, and prevention. Journal of Urban Technology, 2(26), 47-65.

Safa, N. S., & Von, S. R. (2016). Information security policy compliance model in organizations. Computer security, 70-82.

Wang, D., & Wang, P. (2016). Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE transactions on dependable and secure computing, 4, 708-722.