MEMORANDUM
Risk Assessment Summary
A risk assessment conducted by the Greater Washington Risk Associates (GWRA) has found multiple
security threats linked to the county of Odenton, Maryland. Odenton Township's current procedures for
combating security threats are not up to PCI Data Security Standards. Currently the physical protective
barriers are insufficient for the RA facility as there are 2 locks present on the outer doors of the facility
but not on the inner doors. System login and usage has no indication of a secure connection such as a
VPN. Payment services are simple and straightforward, yet private information is unsecured and at high
risk of a data breach. Another significant issue is worker knowledge on data management and data
security. Procedure revisions and additional training for workers is advised to uphold the security of the
citizens of Anne Arundel county
Background
Payments are currently accepted information provided in-person or over the phone by ethier reciting
delicate credit card information or physically handing the credit over for payment. Although this method
is simple and quick, it poses many security issues. When delicate information is freely given, there is no
guarantee of security as information can be easily mimicked or stolen for malicious use. When payments
are given over the phone, credit card information can be easily stolen by reciting the credit card
information necessary for the transaction. Therefore, Payment staff must be trained on proper data
security measures to prevent sensitive information from being disclosed to malicious third parties. Credit
card payments should also be encrypted with secure payment terminals.
Concerns, Standards, Best Practices
A significant issue that must be addressed is the lack of data security. Remote access to data is currently
unsecured, it is currently unknown how manufacturers and approved employees access sensitive
information when not in office. For remote access, it is highly recommended that a secured VPN
connection is established. The physical security of the facility is faulty as well. There are only two locked
doors that secure the entire building and all other facility entrances remain unlocked from 8am - 5pm
Monday - Friday. Locks should be installed on all entrances of Odenton Township, only authorized
individuals should have access to these locks. Employees have also not been provided with data
management and security training. Transactions must be done electronically on a secured website where
information could be encrypted or in-person at a payment terminal.
Anne Arundel County currently utilizes secured passwords and security software to protect sensitive
credit card data. Password security is particularly crucial to ensure data breaches. Although there are
security risks that have been detected, the IT department has been meticulous at upholding antivirus and
security software efficiency by keeping it routinely updated. Hackers and cyber-criminals have a track
record of creating new viruses and malware that may infect multiple computer networks to access and obtain sensitive information. It is crucial that anti-malware and security software is constantly upgraded
to prevent unauthorized access.
Action Steps
To uphold the security of the citizens of Anne Arundel county, additional measures and revisions to the
procedures at Odenton Township must be implemented. Remote access to sensitive data should be
avoided, a secured VPN connection should be implemented when accessing the database through a
wireless connection. This will deter cyber attacks, data breaches and additional security threats.
Additionally, during office hours at Odenton Township, the facility must be guarded with secured locking
systems that utilize pins and keypads that only authorized staff in the Financial Department have access
to.
Mandatory data management and security training will equip staff with the skills and knowledge to
properly handle confidential information. Upon hiring, new staff must be required to complete this
training. A regular re-training course should also be implemented on a routine basis. The re-training
course should be conducted semi-annually or as often as needed. To ensure complete security it is highly
recommended that Odenton Township moves forward with these procedures.
2
Ethics in Information Technology Professional Memorandum
of 2
Report
Tell us what’s wrong with it:
Thanks, got it!
We will moderate it soon!
Struggling with your assignment and deadlines?
Let EduBirdie's experts assist you 24/7! Simply submit a form and tell us what you need help with.