This report includes the following considerations: Needs and desires of customers and club members – available services, time availability, and network design Risk management or assessment – protection of confidential and personally identifiable Information (PI) Data classification and security requirements – what measures will be implemented to protect the three states of data The nature of telethon and remote access technologies – permitting access to protected resources from external networks and often external hosts as well, generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal resources made available to telemarketers through remote access (Scarceness, 2009).
The most common security objectives for telethon and remote access technologies are: Confidentiality – ensure that remote access communications and stored user data cannot be read by unauthorized parties Integrity – detect any intentional or unintentional hangs to remote access communications that may occur in transit Availability ensure that users can access resources through remote access whenever needed (Scarceness, 2009). Risk Management or Assessment/Major Security Concerns Lack of Physical Security Controls – primary mitigation strategies are encrypting the client device’s storage or not storing sensitive data on the client device Unsecured Networks – Risk from using unsecured networks can be mitigated but not eliminated.
Us encryption technologies to protect the confidentiality and integrity of communications, as well as using mutual authentication mechanisms to verify the identities of both endpoints Infected Devices on Internal Networks – Use appropriate anti-mallard technologies; network access control (MAC), possible use of a separate network for telethon client devices External Access to Internal Resources – Servers made available through external access should be appropriately hardened against external threats and access to the resources are emitted to the minimum necessary firewall and access control mechanisms (Scarceness, 2009). Data Classification and Security Requirements Encrypting Data at Rest – encrypt all sensitive data when it is at rest on the device and on removable media used by the device.
Employ storage encryption technology Using Virtual Machines – the organization has limited enforcement of policies over PC’s personally owned by a taleteller. Running a VIM hyperlinks (bare metal) that will be compliant with security policies Backing Up Data On Telethon Devices – sensitive information performed at external locations needs additional security. Encryption with integrity verified is necessary.