Company M designs manufacture and sells electronic door locks for commercial buildings. The company has approximately 1,500 employees in three locations around the United States and generates $50 million in annual revenues. Over 5,000 wholesalers and distributors access the Company M business-to-business (B2B) Web site to place orders and track fulfillment.
In the past year, Company M experienced 22 information security incidents, most of which involved lost or stolen laptops, tablet PCs, and smartphones. In addition, the company dealt with four serious malware events that originated from an unpatched server, an insecure wireless network used in the manufacturing plant, an insecure remote connection used by a sales person, and a headquarters employee who downloaded a game from the Internet to her workstation. Three of the malware incidents resulted in files that were erased from the company’s sales database, which had to be restored, and one incident forced the B2B Web site to shut down for 24 hours. Explain your risk mitigation strategy that reduces risks for an organization. Include the following:
- Identify and discuss technological and financial risks that you see Company M faces.
- Which domains of the IT infrastructure do you see were involved during the four malware events?
- What types of security policies should Company M institute to mitigate those risks?
minimum of 300 words