Question
Your supervisor has asked that the memo focus on Odentons information systems, and specifically, securing the processes for payments of services. Currently, the Odenton Township
Your supervisor has asked that the memo focus on Odentons information systems, and specifically, securing the processes for payments of services. Currently, the Odenton Township offices accept cash or credit card payment for the services of sanitation (sewer and refuse), water, and property taxes. Residents can pay either in-person at township offices or over the phone with a major credit card (American Express, Discover, MasterCard and Visa). Over the phone payment involves with speaking to an employee and giving the credit card information. Once payment is received, the Accounting Department is responsible for manually entering it into the township database system and making daily deposits to the bank.
The purpose of the professional memo is to identify a minimum of three current controls (e.g., tools, practices, policies) in Odenton Township (either a control specific to Odenton Township or a control provided by Anne Arundel county) that can be considered best practices in safe payment/data protection. Furthermore, beyond what measures are currently in place, you should highlight the need to focus on insider threats and provide a minimum of three additional recommendations. Below are the findings from the Risk Assessment:
The IT department for Anne Arundel County requires strong passwords for users to access and use information systems.
Professional Memo 1
The IT department for Anne Arundel County is meticulous about keeping payment terminal software, operating systems and other software (including anti-virus software) updated.
Assessment of protection from remote access and breaches to the Anne Arundel network: Odenton Township accesses the database system for the County when updating residents accounts for services. It is not clear whether a secure remote connection (VPN) is standard policy.
Assessment of physical security at the Odenton Township hall: the only current form of physical security are locks on the two outer doors; however, the facility is unlocked Monday-Friday, 8am-5pm (EST), excluding federal holidays.
Employee awareness training on data security and secure practices for handling sensitive data (e.g., credit card information) are not in place.
The overarching conclusion of the risk assessment was that Odenton Township is not fully compliant with the PCI Data Security Standards (v3.2).
Note: The Chief Executive for Anne Arundel County has asked for specific attention be paid to insider threats, citing a recent article about an administrator from San Francisco (see Resources). Anne Arundel County wants to understand insider threats and ways to mitigate so that they protect their residents personal data as well as the Countys sensitive information. These are threats to information systems, including malware and insider threats (negligent or inadvertent users, criminal or malicious insiders, and user credential theft).
Expectations and Format
Using the resources listed below, you are to write a 2-page Professional Informational Memo to the Chief Executive for Anne Arundel County that addresses the following:
Risk Assessment Summary: Provide an overview of your concerns from the risk assessment report. Include broad goal of the memo, as a result of the risk assessment, the broad recommendations. Specific Action Steps will come later. The summary should be no more than one paragraph.
Background: Provide a background for your concerns. Briefly highlight why the concerns are critical to the County of Anne Arundel and Odenton Township. Clearly state the importance of data security and insider threats when dealing with personal credit cards. Be sure to establish the magnitude of the problem of insider threats.
Concerns, Standards, Best Practices: The body of the memo needs to justify your concerns and clarify standards, based on the resources listed below, at minimum. The PCI DSS standards are well respected and used globally to protect entities and individuals sensitive data. The body of the memo should also highlight three current controls that are considered best practice; that is, you should highlight the positive, what is currently in place, based on the risk assessment.
Action Steps: Provide a conclusion establishing why it is important for Anne Arundel County to take steps to protect residents and county infrastructure from insider threats based on your concerns. Recommend a minimum of three (3) practical action steps, including new security controls, best practices and/or user policies that will mitigate the concerns in this memo. Be sure to include cost considerations so that the County is
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started