Security Policy - Part 4 [sap95] - Essay Example

Running Head: REGULATORY PROCEDURES FOR RUBRIC COMPANY Introduction Rubric Agency is one of the fastest growing advertisement companies within its region of operation. In the recent past, the agency witnessed a substantial growth in both vertical and horizontal aspects. Its client base increased tremendously over the past business year. In addition, both the depth and width of their services grew correspondingly to expanding client base. In order to maintain professionalism in their services, Rubric rolls out a security policy meant to provide a safe environment for information contained within the organization.

This section extrapolates on the regulatory policies adopted to ensure client and company information remains secure from threats within and outside the company. All these policies aim at developing an ethically responsible workforce with loyal responsibility of safeguarding the agency’s data from unauthorized and ill motivated parties. The first part looks into the nature of activities taking place within the agency’s industry. Secondly, we focus on common threats encountered in advertisement and lastly, the mandated regulations meant to ensure ethical standards within the advertisement industry.

Regulatory Policies and Procedures The company’s management strives to integrate roles played by all stakeholders into creating a perfect relationship between all variables involved. In order to accomplish this objective, the company employs the use of information mechanisms meant to facilitate smooth and timely flow of information to the intended audience. Rubric Company conducts most of its business communications through systems in the internet. Their first software, System X-LINC, plays a central role in receiving and monitoring communications between the company’s designers and the clients during development of advertisement artworks.

Therefore, it contains sensitive and confidential information which needs critical management from unauthorized access. In addition, Rubric use another system called Demdex data in informing both the employees and clients on latest developments. Demdex contains constituent elements like financial servers, networks and backup servers. Rubric Agency relies on the information contained by this system in conducting employee payroll practices, purchase expenses and storage of client transaction data.

As a result, information contained in the two systems is either sensitive or confidential, and requires proper management to ensure security from unauthorized parties. A Common Threat Policy As explained earlier, typical activities within Rubric or any other advertisement agency include communications with clients and management of information concerning employee and other sensitive data. Anonymizer (2011) says that common threats within the industry include attacks from spyware. Spyware software covertly collects information from the user’s internet connections without the user’s knowledge.

Information collected can be used by attackers for their advertisement purposes. In addition, advertisement companies suffer from phishing threats. In the case of Rubric, phishing attackers intercept communications between the company and its clients. These tricks lure unsuspecting mail recipients into opening links in emails. These links usually appears as if they are from the company. However, phishing activities aim at stealing business information from a company’s clients. Another threat within this context is Evil twin wireless connections.

Evil twin software poses as legitimate hotspots for wireless connections. Once a user connects to such Wi-Fi provider with their laptops, the software tracks their online activities and eventually obtains confidential information. Fortunately, companies within the advertisement industry counteract the effects impacted by such threats using Anonymous Surfing protections. Anonymizer (2011) emphasizes that anonymous surfing blocks email recipients from clicking on fraudulent links in their mails.

On the other hand, anonymous surfing protects users from evil twins by routing all their internet connections through a secure server. Rubric has successfully protected confidential information from such threats by mandating the use of anonymous surfing in all their business communications. In the real world, recent statistics indicated that phishing attacks increased significantly from 2010-2012. According to Paganini (2012), US witnessed a 77% attacks comprising phishing and other cyber crime activities.

The most affected companies include eBay and PayPal. In this case, financial institutions and advertisement service industry suffers phishing attacks significantly. B Regulatory Review Policy Federal and state agencies acknowledge the role of negative technological practices within the advertisement industry. As a result, the Federal Trade Commission act in the US mandates advertisement agencies to adopt ethical business practices in their industry. According to Federal Trade Commission (2012) their policies seeks to protect both the companies and their consumers from selfish practices observed in the current competitive environment.

With respect to Federal Trade Commission (2007), the commission created a task force mandated to oversee the integration of wireless internet and broadband connectivity within the advertisement industry. The commission provides detailed guidelines on how to manage and protect consumer information within the hands of advertisement agencies. Suitable recommendations by the commission include creation of a secure wireless or broadband internet connection by every agency to ensure protection from phishing and spyware.

This will ensure clients’ personal and financial information remains secure at the hands of agencies. With respect to security policy, Rubric seeks to emphasize the use of secured internet servers in all their business communications. Furthermore, Federal Trade Commission act mandates advertisement agencies to integrate strict user authentication and remote connections policies. These policies address issues like the use of a firm’s information systems by a user operating from a remote location far from a company’s premises.

Such access to information increases the risk of exposing clients’ details to threats mentioned in previous sections. In the context of Rubric, the agency’s policy ensures that such threats are minimized by discouraging remote access of company’s systems by employees. In case such access is necessary, employees will receive authentication details from security directors. In addition, their technological hardware, especially laptops are loaded with suitable software and hardware components to eliminate any chance of cyber attacks.

Another policy focuses on the risk experienced by the customers’ credit card information held by the agency. In this category, the Payment Card Industry Data Security Standards (PCI DSS) is responsible for curbing the increased exposure of credit card information to fraudulent parties. In order to implement practical measures, PCI DSS mandates that every organization involved in credit card transactions should have a secured wireless LANS at their disposal. Rouse (2009) says that these secure LANS allow agencies including Rubric to apply WLAN APs into their cardholders’ data environments to minimize fraudulent, access to their information.

On the other hand, COPPA and CIPPA participate in regulating activities of advertisement companies who collect and maintain personal information from a minor. In creation of advertisement programs, COPPA mandates agencies to conduct their activities in an ethical manner by maintaining the respondents’ privacy. According to Chapple (2013), privacy regulations assert that an agency must obtain parental consent, maintain the information’s confidentiality and secure any personal data collected from a minor.

This ensures that an agency is obliged to secure children’s personal information at all cost during their advertisement programs. In addition, children’s information is protected by CIPPA, a body issuing mandates on secure access of internet to minors. CIPPA’s regulations protect children from harmful information contained in the net like obscene pictures. In this context, every agency should obtain certificates that ensure internet safety policies meant to monitor and control online activities of minors.

These regulations ensure continued protection of children’s information from access by unauthorized parties. Reference List Anonymizer. (2011). Consumer Threat Center: Common Cyber Threats in Advertisement Industry. Retrieved from https://www1.anonymizer.com/consumer/threat_center/ Federal Trade Commission: (2012). Protecting America’s Consumers. Retrieved from http://ftc.gov/ftc/regreview/index.shtml Federal Trade Commission. (2007, February). Comptetition in the Technology Marketplace: Internet Access Task Force.

Retrieved from http://www.ftc.gov/bc/tech/cable/taskforce.htm Paganini, P. (2012, December 13). Phishing: A very Dangerous Cyber Threat. Retrieved from http://resources.infosecinstitute.com/phishing-dangerous-cyber-threat/ Chapple, M. (2013, January). Updated COOPA regulations add to child Internet Protection Guidelines. Retrieved from http://searchsecurity.techtarget.com/tip/Updated-COPPA-regulations-add-to-child-Internet-protection-guidelines Rouse, M. (2009, May). PCI DSS (Payment Card Industry Data Security Standard).

Retrieved from http://searchfinancialsecurity.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard