Security Strategy
Money First security strategy is a complete plan that will set in place strategies to mitigate the risk from potential or actual threats. Money First security strategy must include …show more content…
Employees of Money First can make errors that can greatly impact the day-to-day operations of Money First. Access Controls can be broken down into two parts: controlled access to the computer system and controlled access to the database. Computer systems should be set up with a combined ID and password that is necessary to get into the computer. IDs can be setup with the user/employees name, which is publicly known, but the passwords must be kept private/secret. Passwords should not be written down and change periodically; this will minimize the risk of hacker learning employees’ passwords. After securing access to the computer systems, next is to securing access to the data itself. Database security will be set differently that computer systems security. Access to specific data must be restricted so that certain people have access to retrieve and/or modify certain the data. The principle of least privilege should be used for access controls. The principle of least privilege is a strategy of limiting access to the bare minimum level that will allow operational functioning. This means that with, the principle of least privilege Money First employees will be given the minimal level of user rights that they can have to do their …show more content…
Banking data must be separated into levels of security. At the highest level of security would be customer information (this includes: customer name, date of birth, social security number, balance, etc.). Another high level of security must be banking employees’ information (this includes: customer name, date of birth, social security number, etc.). In order to keep the data secure, we must secure the database. To properly secure that database, there are key areas that should be considered: Users and roles, Default account, Patching, Password Management, Parameter settings, Privileges and permissions, Profiles and