Metro Bank Security Risk Analysis

1. Identify drives to which the databases and/or logs will be backed up, ensuring that there is enough disk space to accommodate the backups for the retention period that you choose. 2. Identify drive that will be used for data or log files. These will usually be on SAN storage and hence on a different drive from the operating system and SQL Server installations.

4.1 Theft In the event of physical thefts of company equipment or other network property we have to secure vulnerabilities in company property access and perimeter physical barrier that protects all company assets. To prevent intruders from accessing company grounds without authorization we have many choices in physical controls such as surveillance cable/laptop locks, cameras, security guard, alarm system, access control scanners at entry points, mantraps. As a preventative measure from property break-ins, all lower level (easily accessed from outside) office windows must be protected by installing window bars and/or using fence that secures all company property limits. In addition, a mantrap interlocking door control would greatly increase security.

1.0 Overview: These policy’s describes the backup strategy for workstations or devices likely to have their records backed up. These devices are naturally servers, however, are not essentially limited to servers. Servers projected to be backed up comprise of the file the mail and the web server. 1.0 Purpose: A policy designed to defend data in the organization to be sure it’s not lost and can be recuperated in the result of an equipment failure, deliberate destruction of data or disaster.

Regardless of the storage media, devices, procedures, or organization, someone is (or should be) responsible for ensuring that all data backups completed without errors. In a large organization the duty can fall to someone within the Information Technology function. In this example, that someone is the Windows administrator. As a Windows administrator within that function and If and only if I had the authority, I would set up a personnel scheduling, reporting and certification system to log all backup media, its’s current location, its’ label and the backups destination. Since the backup is certified by the person completing the backup, it does provide assurance that the backup was completed.

Today there are a few virtual server products and in time I am sure there will be many good products in the future. I will choose a virtual server backup product to suit my environment. First, I will need determine required service levels for recovery time objective and recovery point object. The will help me identify my requirements and help choose from a range of products that offer different service outcomes, from near continuous to periodic data protection.

Do we follow our documented procedures for backup and recovery? Note: IT backup is an important component of our BCP. For example, our BCP provides that that we do these things to minimise the risk of lost of electronic documents – some documents are scanned to tape, and softcopies are held by business units; remote replication; and disk

I use every precaution when I am using a computer at the office. I am only allowed visitor access; the police officers do any detailed

Section 2.2 set forth the conditions as to which the Digital Data is to be stored during the course of the Project. The Digital Data can be stored in a number of ways including a single Project Participant’s server, multiple Project Participant’s servers, or hosted by an outside provider. In this section, the Project Participants will agree where the Digital Data is to be stored and how it will be saved and accessed by the

So, you should ensure that the backup can be retrieved without hassles and in shortest time. If needed, gather thorough information about the backup process before finally implementing a specific

The eight access rights include the creation and deletion of object, subject and access rights for read, grant, delete, and transfer. The area that was limiting within this model was associated with the defining a system of protection. This

To reduce the risk, companies or schools should use multi authentication. 8. Natural disaster Can result in loss of important and confidential information of businesses Back-up the systems on regular basis to avoid losing all of the data. 9. Unauthorized user gain the access to your workstation This risk could be loss of your personal information and data on your computer Should monitor the access to your workplace.

They will protect all company, customer and supplier assets and use them only for appropriate company approved activities.  Without exception, they will comply with all applicable laws, rules and

For operational purposes, the company collects and stores confidential information about their customers, employees, suppliers, and vendors. For purposes of their rewards program, the company collects sensitive and confidential consumer information. Although security measures and information technology systems have been put in place to ensure secure transmission and storage of confidential information, security breaches, computer viruses, or even human error can occur. Any of these events could cause data to be lost or stolen, as well as disclosed and used with malicious intent. Such occurrence could lead to litigation, fines, increased security costs, and damage to

To comply with PCI standards, merchants must take a number of relatively common-sense security steps. such as keeping their networks secure, managing vulnerability, and protecting customer credit card data. Merchants must also maintain stringent access controls, test their networks on a regular basis, and actively manage their own information security. While EMV standards make stolen credit card data virtually useless, PCI standards increase the security of cardholder information. PCI security standards are managed by PCI Security Standards Council, a joint venture between American Express, Discover, MasterCard, Visa, and JCB.

In regard, there should be all the measures in cooperated, physical, technical and administrative established and implemented to ensure and assure physical security. Several defense mechanisms should be in place for instance the defense in depth approach which can be used to provide multiple layers of security whenever control is not possible r bypassed. These measures will deny, deter, detect and delay attackers from gaining access to the facility Basic facility needs such as, food, water, electricity and climate control must be available at all times to safeguard the interests of workers in general. This is so because these people are very important both for the organization growth and security from within.