Lowe’s Certification and Accreditation.  Systems Boundaries and Functions  Vulnerabilities, Threats, and Threat Sources  Annual Loss Expectancy  Identification.

Slides:

Advertisements

Similar presentations

McMaster Universitys Moveable Assets Policy Property Protection.

Advertisements

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Security+ All-In-One Edition Chapter 17 – Risk Management

Emergency Preparedness and Response

GCSE ICT Networks & Security..

Information Technology Disaster Recovery Awareness Program.

Secure Your Store Understand the measures used in securing a retail store.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

7 Eleven Past Present Future. The Past 7 Eleven, Inc was founded in 1927 in Dallas. The name originated in 1946 because the store was open from 7am to.

Chuck Barry (702)

Business Risks How much of a risk are you willing to take? Going out on a limb.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Section 16.1 Cash Registers

Remote On-line Backup Service. How safe is your business data?

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

A Security Tour of Your Farm or Ranch Farmstead Security:

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Addressing Information Security at Heller October 16, 2013 secureHeller.

CUSTOMER RELATIONS IN THE TRAVEL INDUSTRY 6.06 Recognize the importance of safety and security in the travel industry.

Administrative Practices Outcome 1

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Chapter 13 Security Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives State the major responsibility.

The Systems House, Inc. 06/11/12. Setup Drug Types, Pharma Records Pedigree Printing Options Pedigree How it Works Updating Reporting ARCOS Reporting.

Security and Privacy Strategic Global Partners, LLC.

Security and backups GCSE ICT.

Data management in the field Ari Haukijärvi 2nd EHES training seminar.

RISK MANAGEMENT. RISK IS INEVITABLE  From your research of local businesses, what Risk was unavoidable and why?  Speculative Vs. Pure Risk  Speculative=

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

SCHOOL SECURITY AND SAFETY PLAN STAFF TRAINING DEERFIELD COMMUNITY SCHOOL DISTRICT.

CHAPTER 4, SECTION 2 Access and Key Control. Access Control Equipment  Hall mirrors  Closed-circuit televisions  Parking lot gates  Exit doors and.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Lesson 9: Security. Objectives  Calculate shrinkage based on merchandise book value and physical inventory counts  Give examples of internal and external.

Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.

1 SYS366 Business Use Case Descriptions. 2 Today Identifying Business Use Cases Documenting Business Use Cases.

Introduction to Information Security

Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Inspection Part III.

Marketing Math Chapter 16. Functions of a cash register Record sales Record sales Store cash and sales documents Store cash and sales documents Provide.

So, I got a job… What Now?!? Career & Professional Development Center 124 Sand Spring Hall

Hospitality Operations Objective 3.04 Security. Objective Security  State the major responsibility of the Security Department The protection of.

ACTIVE SHOOTER & EMERGENCY PREPAREDNESS & TRAINING Colorado history Jamie’s training Formed active shooter team Built training program ◦ Video ◦ What to.

Accounting Information Systems: A Business Process Approach Chapter Three: Documenting Accounting Systems.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

Course of Study 6. Security Management  Security and its Importance  Security of the Guest and their Property  Security Needs for the Staff and the.

Physical Security Concerns for LAN Management By: Derek McQuillen.

RISK MANAGEMENT: CONTROLLING RISK IN INFORMATION SECURITY By Collin Donaldson.

Emergency Actions Emergency Actions are composed of two actions. 1) Tornado & Severe Weather 2) Emergency Evacuation.

LMZ Retail: Asset Protection through Robbery Prevention Nate Toon Unit 7 Project CJ 180 Prof. Bashore.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Draft for Discussion & Policy Purposes Only Money Room Security Assessment June 29, 2016.

Unit 1: Protecting the Facility (Virtual Machines)

Payment Card Industry (PCI) Rules and Standards

And Off-Season Storage

Risk management.

Information Technology (IT) Audits

Gas Pump Credit Card Fraud Identification & Prevention

It’s all about the dpisd dr plan

Administrative Practices Outcome 1

Larry Brownfield, CPO, OHE – KOA, Inc.

UGA Extension Credit Card Processing Training

Security of People, Property and Information

Security of Data

Operations Management

Cybersecurity Threat Assessment

Presentation transcript:

Lowe’s Certification and Accreditation

 Systems Boundaries and Functions  Vulnerabilities, Threats, and Threat Sources  Annual Loss Expectancy  Identification of Mediating Controls  Appropriate Effectiveness for each Vulnerability  Plan of Action and Milestones

 Purchase and Return Records Sales system  “Pick up Later” System Documentation of product  Inventory System Responsible for updating inventory  Management and Security Review End of the day reports

System Structure

 Tornado Action Plan Lock all doors Move all associates and customers to back of store  Flood Action Plan  Built in drainage in parking lot  Store built on a hill  Products and computers/servers lifted off ground  Appropriate Effectiveness Measurements  ALE = ($660,000 = $16,500,000 AV x 1.0 EF x.04 ARO)

 Employee are Required to Wear Uniforms Vest stay in store Store Number Associated with Computer Logins Appropriate Effectiveness Measurements ALE = ($26.88 = $960 AV x 1.0 EF x.028 ARO)

 Back Up Generator Required fuel level Plan in place if needed longer than 8 hours Appropriate Effectiveness Measurements ALE = ($1500 = $50,000 AV x 1.0 EF x.03 ARO)

 Pen and Paper Inventory System Departments manually count inventory Employees  Employees are trained to watch for any UPC occurring in the store  Appropriate Effectiveness Measurements  ALE = ($12,500 = $500 AV x 1.0 EF x 25 ARO)

 Exterior Doors are Locked  Cameras on Inside and Outside of Building Footage stored for a length of time Lumber Yard is Secured  Entrance patrolled by employees  Each transiting through is checked  Server Room is Locked with Key Code  Appropriate Effectiveness Measurements  ALE = ($800 = $4,000,000 AV x.001 EF x.20 ARO)

 Data Securely Transferred Between Stores Different encryption methods used for transfer Logins Required to Access Customer Data Appropriate Effectiveness Measurements ALE = ($25,000 = $250,000 AV x 1.0 EF x.1 ARO)

 Video Cameras Placed above registers, exits Register Tills Counted Checked by hand and computer  Inventory Monthly inventory is checked against current sales Appropriate Effective Measurements ALE = ($225 = $25 AV x.75 EF x 20 ARO)

 Industry Standards in Place System is in accordance with PCI DSS standards Vulnerability Software Nessus checks for any vulnerabilities on the card reader system  Appropriate Effective Measurements  ALE = ($14,000 = $2,000 AV x.70 EF x 10 ARO)

 Fire Detectors and Water Sprinkler Systems Installed  Security Cameras Inside and outside placement Watched by asset protection employee Appropriate Effective Measurements ALE = ($412,500 = $16,500,000 AV x 1.0 EF x.025 ARO)

 Sufficient Documentation Required be Provided to Customer on Policies  14 Day waiting on Checks to Clear  Appropriate Effective Measurements  ALE = ($50 AV x 1.0 EF x 70 ARO)

 Write a “what to do” for an Earthquake Earthquakes are minor in Oklahoma, however this is something that should have an emergency plan for.  Make Employees More Aware of Policies Electronic training be associated with the employees during their hire dates.

 Systems Boundaries and Functions  Vulnerabilities, Threats, and Threat Sources  Annual Loss Expectancy  Identification of Mediating Controls  Appropriate Effectiveness for each Vulnerability  Plan of Action and Milestones