Open in app

Sign in

Write

Sign in

Business Memo

Abdullah Sultan
4 min readJul 4, 2021

--

MEMORANDUM

to:

Chief executive, anne arundel County

from:

Your Name

Re:

SECURITY CONCERNS REGARDING safe payment/data protection IN ODENTON TOWNSHIP HALL AND ANNE ARUNDEL COUNTY

dATE:

ENTER DATE

Risk Assessment Summary

The concerns that County of Anne Arundel and Odenton Township have is regarding its ethics, privacy and security. The major issue is that the employees within the country lack knowledge to protect the information from data theft or data breach. These issues can be resolved through establishing final regulations regarding training that are required to be provided. Another risk factor is the lack of physical security in the Odenton Township hall. The place does not have any security protocols or personnel and just has two locks on both of the doors. The main issue that is required to be addressed is the absence of PCI Data Security Standards implementation within the payment methods used in the Odenton Township offices (Pcisecuritystandards.org, 2021). Though the IT department ensures its security, lack of security protocols and initiatives have been posing a threat to the information and finances of Odenton Township.

Background

Significance of maintaining data security has become one of the topmost priorities of the current operating companies as most of them have been operating remotely. As the entire business has almost digitized, all the organisational data and confidential information of the company are at risk. As opined by Kelf (2020), in the current business environment when employees are working remotely in absence of a secure VPN and businesses are becoming data oriented the requirement of early identification of insider threats can help in managing the business. In the context of County of Anne Arundel and Odenton Township, some of the major concerns are related to data security and insider threats. As the individuals working as employees have no knowledge or training regarding data security requirement and precaution for preventing data breach, the risk factor has been high. As the employees tend to share confidential information among each other, this has been contributing to insider threat for the business.

Another issue is with the payment methods undertaken by the County of Anne Arundel and Odenton Township. While dealing with personal credit cards of the residents during taking payments for facilities and services, lack of internal policies in accordance with the “PCI Data Security Standards” has resulted in the increasing amount of financial security risk of the business (Pcisecuritystandards.org, 2021). As the Odenton Township is not aware of the various security measures that have to be taken during initiating any online payment as per the “PCI Data Security Standards”, it has created additional issues for the operations and business of the organisation.

Concerns, Standards, Best Practices

Primary concerns can be identified in the form of the lack of clarity regarding usage of a secure VPN. As per Requirement 6 of the PCI DSS, the need for developing and maintaining secure systems is crucial for organisations to be followed in order to ensure efficiency in the way vulnerabilities in the system are managed and secured (Pcisecuritystandards.org, 2018). Furthermore, another concern regarding the practices being undertaken in the Anne Arundel County IT system also includes the lack of necessary training provided to the workforce. In order to ensure adequate protection of user information, the need for skills and abilities of the employees to make use of the secure practices necessary for protecting card and other confidential information of users is also crucial. This can be stated to be in violation of Requirements 3 and 4, where the need for protecting cardholder data through encryption of transmission of such data when using public networks is identified as crucial (Pcisecuritystandards.org, 2018).

While such aspects can be identified to be sources of major concern for Anne Arundel County, certain best practices can also be identified. Particularly, in compliance with Requirement 5 of the PCI DSS by constantly updating the payment terminal software and the anti-virus software with latest definitions of malware is a crucial step in protecting user data (Pcisecuritystandards.org, 2018). Furthermore, as per Requirement 9, the aspect of a two-stage physical security also helps to ensure that the potential for theft of cardholder data after closing hours is minimal (Pcisecuritystandards.org, 2018). Furthermore, another best practice in the form of the usage of strong passwords and not relying on vendor-provided passwords can also be identified in compliance with Requirement 2 (Pcisecuritystandards.org, 2018).

Action Steps

It can be concluded that Anne Arundel County does not have any distinctive policies for ensuring its data security and mitigating the insider threats. This has created a requirement for taking necessary steps to ensure the security of the residents and county infrastructure from insider threats. The concerns regarding the safety while using personal credit cards, operating from remote locations and lack of knowledge among the employees regarding data security can be addressed through the following recommendations.

· The first recommendationto the organisational authority is to provide training to the employees.The need for providing adequate training to the workforce complies with the A3.1.4 requirements stated under the PIC DSS. In accordance with this requirement, employees responsible for managing cardholder data are required to be provided with training at least annually.

· Establishing a secure VPN is also recommended to the Odenton Township Hall and Anne Arundel County to ensure that while accessing each system, a secure environment is created. This is especially crucial due to the usage of a public network that creates a huge potential for breach of data by external parties.

· Lastly, conducting a regular risk assessment of the systems adopted by both Odenton Township Hall and Anne Arundel County can help in identifying areas of breach that are necessary to be addressed. In this manner, regular risk assessment can keep local authorities and the IT departments responsible for both systems to stay updated on system requirements regarding security and update them accordingly.

References

Kelf, S. (2020). The security risks created by cloud migration and how to overcome them. Network Security, 2020(4), 14–16. Retrieved on 18 June 2021, from: https://www.sciencedirect.com/science/article/pii/S1353485820300441

Pcisecuritystandards.org (2021).Guide to Safe Payments Version 2.0. Retrieved on 16 June 2021, from: https://www.pcisecuritystandards.org/pdfs/Small_Merchant_Guide_to_Safe_Payments.pdf

Pcisecuritystandards.org (2021). Retrieved on 16 June 2021, from: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1624358903030

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Business
Memo
Academic Writing

--

--

Abdullah Sultan
Abdullah Sultan

Written by Abdullah Sultan

2 Followers
3 Following

I am a Software Engineer and a part-time content writer. I sell my services too and if you want my services, then contact me on ag9862873@gmail.com

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams