Information technology security policy proposal For Venmo including vulnerability assessment, risk assessment, control analysis and recommendations to prevent cyber threats
Information Security management is a comprehensive practice of protecting the assets of an organization through the implementation of physical, administrative, managerial, technical and operational controls. Information must be managed properly to reduce the risk of losses due to breach in confidentiality, integrity or availability of assets. It involves managing physical, information and human assets in the organization. It involves identifying the criticality of such assets and enforcing controls/policies, procedures, standards to ensure business operates at acceptable risk levels. Security professionals are like risk advisors to organizations.
The objective of this project is to analyze Venmo company regarding its risk of losses due to cyber attacks and controls in place to mitigate that risk, projected to save the company $448B from cyber threats.
- Milestone 1:
- Executive summary statement about Venmo - the core business functions and an overview of the business processes in the chosen system.
- Security specific issues and expectations
- Security categorization and high-level security requirements
- Identify security requirements for Venmo
- Identify sources or security requirements – laws, regulations and standards
- Determine Threats, Vulnerabilities and possible Risks (Risk matrices) in physical/electronic processes in Venmo
- Identify Key security roles
- Identify key stakeholders to ensure common understanding of security requirements
- Milestone 2:
- Perform a risk assessment to Venmo based on milestone 1 (both qualitative and quantitative approaches) including values for Asset Value (AV), Exposure Factor (EF), Single Loss Expectancy (SLE), Annual Rate of Occurence (ARO), Return on Investment (ROI)
- Identify appropriate countermeasures for the problems found in Milestone 1 and 2?
- Inclue physical security controls, risk mitigation plan, governance policies, legal/regulatory and security engineering controls
- Classify them as preventive/ detective/ corrective/ deterrent/ recovery/ compensating and directive controls.
- Further classify them as technical, administrative and physical controls.
- Milestone 3:
An IT security policy defines all the rules for individuals to access your organization’s assets. This is a document created for each organization based on the organization’s risk tolerance level and the value of the asset to its business. It is a collection of several sub-policies and procedures.
- Create an IT security policy for Venmo including a collection of several individual policies (Ex: Internet policy, system usage policy, anti-virus policy, etc).
- Include all possible sub-policies applicable to your organization based on your risks and assets identified through your previous milestones.
- Include all security mandates from the perspective of physical security/legal/regulatory/compliance/administrative
- Each policy should include the consequences – for each violation, explain the consequences.
- Milestone 1 - Report - Group 7.pdf: introduction of Venmo with core business functions, processes and security risks and requirements
- Milestone 2 - Risk Assessment - Group 7.xlsx: risk assessment and control recommendations
- Milestone 3 - Security Policy - Group 7.docs: IT security policy including rules for individuals to access Venmo's assets
Project is finished.
Project was completed as the capstion project for Cybersecurity Fundamentals course of the Certificate in Cybersecurity Systems at UT Dallas.
Created by: