Essay about A Security Evaluation Of Information Technology

982 Words Aug 13th, 2016 4 Pages
Dalton, Walton, & Carlton, Inc. has entered into a contract with Clark Consulting, Inc. to complete a security evaluation of their Information Technology (IT) infrastructure. Dalton, Walton, & Carlton, Inc. provided a list of their IT assets and current infrastructure as part of the evaluation. Clark Consulting Inc. completed an evaluation of the systems, servers, network and personnel activities pertaining to IT assets and has developed the following suggestions to mitigate the vulnerabilities identified during the evaluation.

The initial vulnerability identified is the ability for employees and vendors to access information beyond their job duties and remove data from the premise without authorization. The fact systems have been stolen can lead to the potential of data being extracted from the stolen devices. All systems should have full disk encryption enabled. If a system is stolen, then the criminal would not be able to access the data on the device. Employee system and server access is not limited; also employees and vendors share login credentials. All employees and authorized vendors must have their own login credentials. The login credentials will be setup by roles and responsibilities to limit access to applications and data based on each employee’s job description or vendor’s access requirements. Employees must be trained to lock their computers when they leave them and spot checks must be completed. Data Loss Prevention software should be used to…

Related Documents