Boston Dynamics Company - IT Security and Management on Data Theft - Case Study Example

IT SECURITY AND MANAGEMENT ON DATA THEFT Name: Unit: Instructor name: Institution: Date: IT Security and Management on Data Theft Introduction Information security is the fundamental priority of a company to prevent unauthorised individuals from accessing any information (Thomson, L. 2011, 124). Most of the organisations globally are facing a lot of challenges concerning data theft and data corruption. Considering this scenario attacking the Boston Dynamics company, an overview of the security measures is essential for the company. Putting up privacy measures to prevent data theft and corruption is, therefore, a step in every organisation. The privacy measures that have been used in the previous and current digital era of technology included data encryption and information backups (Thomson, L. 2011, 124). Due to growth in technology, hackers have evolved newer methods of accessing information which has been encrypted through use other software. The high risk of data theft in many organisations globally raised an alarm to create more preventive measures. Data masking and data erasure are some of the privacy measures that have been put in practice to prevent data from getting corrupted (Thomson, L. 2011, 124). Regarding the Boston Dynamics company, data security is essential because other companies are eyeing to get its ideas. IT security management in the organisation, therefore, has the following task to ensure the organisation's data is safe. Data encryption is a way of converting information into a form that can't be understood by the unauthorised person. The encrypted data usually exist in a ciphertext form. Although data encryption has been found less effective in providing full data security, modernization has helped the IT systems in managing this challenge. The encryption key together with the encryption algorithm is modified for the safety purpose. The modern data encryption has used the symmetric algorithm and asymmetric algorithm. Concerning the Boston dynamics, both algorithms are applicable because some of the data is private and the rest is accessible to the staff. In the scenarios of data theft, asymmetric cryptography can be used to control data from the Boston Dynamics. Asymmetric cryptography applies two different keys whereby the encryption key is distinct from the decryption key. Other security measures effective than encryption are put in place for data security purpose. Data backup is another measure to be considered in the scenario of data theft in the Boston Dynamics. In the case of data theft, a data backup is security measure that ensures the original information will exist even after cut-pasting. When information is cut-pasted on a different storage device as the USB, and there was no backup, data is lost without any source of recovery. Backup is a security measure to ensure recovery if lost accidentally. Regarding the Boston Dynamics data theft, having a data backup and recovery plan is a measure to prevent loss to the company due to data loss. Other than information backup and recovery plan, other precautions that are applied in most of the organisation where most of its information is confidential. Access control is an IT security management system plan to prevent access of information to unauthorised persons. Another step used by the IT security management system is data masking. Data masking is the process of altering original data in many different formats. During data masking, the original information is secured not to get the public or unauthorised person. After data masking, the inauthentic version of the original data can be used for training. Regarding the Boston Dynamics, the software used to operate the robots is very sensitive information if accessed by the competitors and other mushrooming organisations. If the company applies data masking as one of their security measures, then the risk of public accessing the inauthentic version is minimal. Data theft is a common scenario in many organisations where some staffs access the most sensitive information for their benefits or to help other companies in getting the ideas. In prevention of data theft, the information technology department should always be updated to tighten the information security. Risks threats and possible countermeasures Impacts accompany most of the risks due to data theft from any organisation. The nature and environment of sensitive information should remain unchanged to preserve the privacy. The probable risks of data theft and their impacts on the Boston Dynamics company include; RISKS IMPACT Loss of operational software. (Kim, K. & Chung, K. 2013, 67). (Operational risk) The company has the different software used to operate various robotics. Theft of this information without backup and recovery measure will cause a breakdown of the enterprise. Also, the information is very useful if it lands in the hands of competitors. The uniqueness of a company plays a role in keeping the stiff competition. Once the competitors get a leakage of the useful database, they will use to improve on their products. This impact on the Boston Dynamics is very sensitive and can cause a serious downfall of the company. Access to private information by the staffs and stakeholders. (Kim, K. & Chung, K., 2013, 67). (Credit risk). Most of the information in an organisation has to be kept private to ensure confidentiality in the working environment. Regarding the data theft scenario in the Boston Dynamics, salary scale has no equity for all staffs. According to business strategies, the wage scale is one of the confidentiality used to discourage demotivation in the organisations. When the database information of the company is lost, data concerning credit rating if lost affects the organisation's credit management. Loss of asset liquidity is another impact to the business covered under credit risks. Loss of uniqueness (Market risk). Once the public acquires the database after the data theft scenario and releases to the public, the unique feature if the products are no longer unique. Public pressure has an impact on the company's products. The impact can be both negative and positive. Legal risks Legal documents concerning lawsuits are lost in the data theft which can cost the company new lawsuits. Regulations of the organisation are another sensitive data that should not be tampered with, and if lost, the organisations will have a fresh start. Another impact concerning legal risk is the liability data which is stored privately. An example of environmental liability is a sensitive document when accessed by the public. Countermeasures Concerning the above scenario of data theft by staff members in the Boston Dynamics, some countermeasures can be put in place to avoid the success of this scenario. Data security in an organisation will rely much on the regulations brought in place than other extra measures. By analysing the Boston Dynamics body of the company, separate departments are running the organisation, which have been separated from each other. Starting with the corporate environment that has 12 members of staff, data accessibility should be regulated. In the corporate environment, workers have been designated different tasks in the organisation. The various functions in the business will call for data security. Personal information security that involves using of passwords to secure work plan, log in details to the storage devices for data access is the first countermeasure (Kohnke, A., Shoemaker, D. & Sigler, K. 2016, 45). Practical application of these countermeasures will provide a reliable data security in the organisation. Information exchange through the home networking connection should be limited or restricted to have a one-way direction. These control restrictions are the background countermeasures for data security. The IT department of the Boston Dynamics is the stem of the organisation. Concerning data security, the department has the mandate to control the overall organisation's information. Access restrictions are put in place by the IT department that controls data flow. Starting with data encryption of the data at rest to access controls is the role of IT staff in the Boston Dynamics. In counteracting the above scenario, the IT department can implement more restrictions to access data from one unit to another. Data masking should be used to prevent access to original information. Data masking is useful since the operations of the robotics will require reference to the manufacturing unit. Prevention of data theft by the IT department can secure the information using specific login details or access keys (Kohnke, A., Shoemaker, D. & Sigler, K. 2016, 45). Access controls and restriction will also separate the corporate staff from acquiring any sensitive information from the organisation's database. Also, limit of network sharing unit is a countermeasure to secure information. Through web streaming, information can be accessed from the websites which should be restricted. A work plan to mask the data theft in the organisations should be put in place by the IT department. An example work plan concerning data security is as illustrated below. (Technet.microsoft.com, 2016) This work plan is a schematic diagram to mask any risk to the organisation which if used will be effective. Analysis of findings The findings concerning IT security and management systems of the Boston Dynamics and other organisations holding in place sensitive data is that security policies are not put in place. Revision of the policies is another threat to the organisation. The regulation strategies are used to deny access and control information flow. One of the findings is that personal security responsibility is a concern to most of the employees. Being held responsible for the organisation confidentiality doesn't cut across all departments. Personal responsibility includes password protection of reliable data which is essential. The access control is another finding that is never used efficiently. Using the IT department as a control centre, the organogram should specify the duties and responsibilities of every employee in the IT department. Training duties to all staffs and availability of training materials is another challenge to the IT department. The security organisation distribution is another threat facing the companies since the most sensitive information should be secured by the chief manager of the organisation and not the department head. Recommendations When controlling the data theft from Boston Dynamics, there are some recommendations which include training and education on data security. Considering that most of the staffs are not IT specialist in the company, the IT department has a significant role in training the entire organisation on data Securities and responsibilities. The training on data security will ensure each employee is held responsible for every data under their supervision. The goals of the training will include; enhancing personal initiative to protect organisation information, providing the primary education on data security and establishing a strong background in data security (Sera (Conference), & Lee, R. 2014, 86). The organisation's rules and regulations to hold every employee responsible for their output is a measure to ensure confidentiality in the organisation. The recommended basic training on data security is password safety and login details to storage devices. Securing data on the primary storage with password protection is essential. Another recommended step is zipped folders when sharing data whereby a key to unzip the folders is required. These measures are put in place to keep off the unauthorised persons from accessing sensitive information. In the training program, one of the security education technique recommended for data security is how to have a secure password. According to IT security management systems, the strength of a password has a mixture of characters that involves numbers and letters, uppercase and lowercase. This technique will ensure reliable data security. The reason for training this technique is that weak passwords are easy to guess by fellow staffs. Most of the employees whereby login password is used, use of personal names or other popular identifications are common. These identifications are easy to access by other staffs or unauthorised employees. A secure password, therefore, will ensure reliable security, and again an elaborate security password is a challenge. The training will also tackle the problem of complex password and login details that are easy to forget to cause data loss. On the security policies to be put in place include the following; the Chief data security officer should ensure that the information security policy including guidelines and other safety standards are utilized to the maximum and acted upon implementation. The chief officer must also make sure availability of sufficient training materials for all employees to enable the staffs of Boston Dynamics to protect information systems (Thomson, L. 2011, 124). The security policies should also be reviewed or updated annually to align the principles of data security (Thomson, L. 2011, 124). Another recommendation on the security policy is that necessary changes to the information security systems of the organisation concerning threat level should call for a revision of the policy and guidelines relevant to security systems (Thomson, L. 2011, 124). To ensure the applicability of these procedures, the following recommended measures should be put in place. The first step is to describe security responsibilities and roles to all employees of the organisation. Secondly, a confidentiality agreement should be mandatory upon employment by every staff or any other partner with access to sensitive information. With IT regulations in the organisations, data security is compact without accessibility to the third parties. References Kim, K. & Chung, K. (2013). IT convergence and security 2012. Dordrecht, Springer. http://site.ebrary.com/id/10636530. Kohnke, A., Shoemaker, D. & Sigler, K. (2016). The complete guide to cyber security risks and controls. http://www.crcnetbase.com/isbn/978-1-4987-4054-8 Sera (Conference), & Lee, R. (2014). Software engineering research, management and applications. Cham, Springer. http://dx.doi.org/10.1007/978-3-319-00948-3. Technet.microsoft.com. (2016). Chapter 3: Security. [online] Available at: https://technet.microsoft.com/en-us/library/bb734741.aspx [Accessed 3 Sep. 2016]. Thomson, L. (2011). Data breach and encryption handbook. Chicago, American Bar Association. Read More