In order to cover above mentioned vulnerabilities and threads, the studio can consider to apply below methods to protect its confidential information. Following the NSTISSI 4011 Security Model, there are three main steps, which the company needs to consider including: policy, technology, and training & education. Firstly, the policies should be discussed, reviewed then established. Next to technology step, many applications and solutions can be applied and setup to protecting, monitoring and recovering business information. Lastly, the education and training must be taken place to public the policies and guide the usage of appropriate applications to all employees and partners.
• Policy:
Security policies are the central resources …show more content…
Moreover, HT is a game development studio, its customers may require highly confidential project. Some further technology solutions can be used to improve to adapt to those requests, but it also requires more costs, such as:
- Using token as confirmation key for off-site accesses to the server.
- Provide encryption device for users, who own highly confidential data, to prevent the breach due to lost or stolen of their devices.
- IT department can pre-test and propose the whitelist or blacklist applications and devices for the company. This will reduce the varieties of hardware and software types, and also decrease the vulnerability of too many types of devices.
• Training and education:
Lastly, training and education is an important step in many ways. The highly secured policies will not be effective if no one knows them or understands them clearly. Moreover, employees and partners may meet various problems and violations only because they are not guide and educate how to use the security application and device correctly. Through training and education, the awareness of BYOD security threats that are facilitated by unconsciousness or negligence of employees and partners can be raised. For HT Studio, several training programs will be effective, for