250 words+ Wilderness Trailhead, Inc. (WTI) is a retailer that offers hiking, rock-climbing, and survival gear for sale on its Web site. WTI offers about 1200 different items for sale and has about 1000 visitors per day at its Web site. The company makes about 200 sales each day on its site, with an average transaction value of $372. WTI sells products primarily through its Web site to customers in the United States and Canada. WTI ships orders from its two warehouses: one in Vancouver, British Columbia, and another in Shoreline, Washington. WTI accepts four major credit cards and processes its own credit card transactions. It stores records of all transactions on a database server that shares a small room with the Web server computer at WTI’s main offices in a small industrial park just outside Bellingham, Washington. Outline and propose a security policy for the WTI database server. Be sure to consider the threats that exist because of that server stores customer credit card numbers.

Security Policy for Wilderness Trailhead, Inc. Database Server

Introduction:
The purpose of this security policy is to outline measures to protect the Wilderness Trailhead, Inc. (WTI) database server, which stores customer credit card numbers. Given the sensitive nature of this data, it is crucial to implement robust security controls to mitigate potential threats and ensure the confidentiality, integrity, and availability of the information. This policy will address key areas such as physical security, access controls, encryption, monitoring, and incident response.

Physical Security:
To safeguard the WTI database server, access to the small room housing the server and the Web server computer should be restricted to authorized personnel only. This includes implementing security measures such as access cards, biometric authentication, and surveillance cameras. The server room should have restricted physical access, with locked cabinets or cages to prevent unauthorized tampering or removal of server equipment.

Access Controls:
Access to the WTI database server should be granted on a need-to-know basis, using the principle of least privilege. User accounts should be created and managed with unique usernames and strong passwords that are regularly changed. System administrators should have separate privileged accounts for administrative tasks, and all user activity should be logged and regularly reviewed. Two-factor authentication should be implemented for critical administrative accounts.

Database Encryption:
To protect customer credit card numbers stored in the database, strong encryption algorithms should be employed. Data at rest should be encrypted using industry-standard encryption methods, with encryption keys securely stored and managed. Additionally, data transmitted between the database server and the Web server should be encrypted using secure protocols such as HTTPS.

Monitoring:
Continuous monitoring of the database server is essential to detect and respond to any potential security incidents. Intrusion detection and prevention systems should be deployed to monitor network traffic and identify suspicious activities. Real-time alerts should be set up to promptly notify administrators of any anomalous behavior. Log files should be regularly audited to detect unauthorized access attempts or data breaches.

Incident Response:
An incident response plan should be established to outline the steps to be taken in the event of a security incident or data breach. The plan should include clear roles and responsibilities, communication protocols, and a process for containing the incident, preserving evidence, and notifying affected individuals or regulatory authorities. Regular testing and updating of the incident response plan should be conducted to ensure its effectiveness.

Conclusion:
This security policy provides a comprehensive framework to protect the WTI database server, particularly the customer credit card numbers stored within. By adopting these measures, WTI can significantly reduce the risk of unauthorized access, data breaches, and financial fraud. Regular review, training, and adherence to this policy are critical to ensure the ongoing security and reliability of the database server.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.


Click Here to Make an Order Click Here to Hire a Writer