A new client of your security consulting firm is worried about the potential for data leaks that could expose it to financial losses as well as a damaged reputation. The client recently read a front-page story about a negligence lawsuit arising out of a data leak that exposed confidential client information. The source of the data leak was a peer-to-peer file sharing application that had been installed on an employee’s desktop computer. An initial quick-look security assessment found that your client’s concerns were well founded. At least one department (Marketing) was using a similar peer-to-peer file-sharing application to distribute promotional videos and audio podcasts to potential customers. Your team leader has asked you to prepare a short technology evaluation paper (deliverable) in which you address one of the problem areas (a or b) identified in the quick-look assessment:
Data: Identify and provide an assessment of the risks associated with collection, processing, and storage of confidential client information (loss of confidentiality).
Software: Identify and provide an assessment of the risks associated with unauthorized installation of file-sharing software on company computers, including servers, desktops, and laptops (loss of system integrity).
Use the provided matrix to categorize and assess the risks associated with your chosen option (a or b). Then research and evaluate three or more technology-based solutions that could provide effective protection measures. Use one row per technology solution.
Your technology evaluation paper must begin with an executive summary followed by your technology evaluation matrix. The executive summary should provide an overview of your risk assessment and evaluation. It should also provide additional information to help the client understand your recommended solution. Your summary should be concise—approximately three pages long—and include the following elements:
an explanation of the information security threats (risks) and vulnerabilities (in plain English) associated with your selected option (a or b)
a comparison (compare/contrast) of the capabilities and weaknesses of the candidate technology-based solutions
a recommendation of the best fit technology-based solution to solve/mitigate the problem(s) associated with your selected option
Remember to present your findings and cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count.
Matrix: Technology Evaluation and Recommendation
Copy this worksheet into your own Word document and fill out.
What Is the Risk or Vulnerability? What Needs to Be Protected? (e.g., passwords, data, file backups, system registry) Candidate Technology Solution How the Technology Solution Works Effectiveness (High, Medium, Low)