On March 22, 2004, the Vice President of Industrial Relations for Huffman Trucking was informed of changes made to the health and dental insurance options for non-represented employees. Huffman Trucking has decided to move to a flex plan with several options the employees can select (K Colbert, Memo, March 22, 2004). To make this a smooth transition to the new benefit plan, Colbert is directing the development and installation of a benefit election system to support the tracking and reporting of employee (union and non-union) benefits (Apollo Group Inc., 2011). With the new benefit system coming online brings new security requirements and possible risks that must be ...view middle of the document...
Another risk to maintaining paper is the ability to conform to ever-changing state and federal regulations, such as the Freedom of Information Act or the Healthcare Information Privacy and Accountability Act. To address the security concerns for maintaining paper would be to address the confidentiality, integrity, and availability (CIA) of the information on paper. Confidentiality addresses the loss of privacy or unauthorized access to the information or theft. The integrity of the information means the information is not accurate or no longer reliable. Finally looking at the availability refers to a disruption to the business or access to the paper (ISRMC, LLC, 2009). Along with the CIA is the non-repudiation of the signed document.
To protect the CIA and non-repudiation of the document, a GSA approved fire or environment-proof safe provides this security. This safe must be put in a place with limited and controlled access. If the removal of the document is ever a possibility, two-person integrity must be met while handling and accessing the document. A security manager for the database will ensure logging and archives of the log for at least six months. Non-repudiation is addressed in need for digital signatures. Even if the organization chooses to use paper copies or spreadsheets, there must be a form of a digital signature attached to the spreadsheet. Digital signatures provide the ability to identify the signer of the document and also provide the ability to track changes to the document after it was digitally signed (Entrust, Inc, 2012). Paper copies of signed documents and the above security steps are only backups of an original electronic document. The paper copies will also be at one of the company’s off-site storage facilities. This is to preserve issues related to weather like tornadoes, hurricane, flood zones, etc.
Database Risks and Security Requirements
As stated earlier in this document, the benefit election system needs to have a way of saving the data collected, and it is this data that the organization will protect. Mitigating or accepting the risk to this data must be answered. If the company can address the risk to the data, the benefit election system will fall in line and will also be protected. Database risk can come in different ways, depending on the location of the data. According to Application Security, Inc. (2011), database risk can come from external attacks, such as SQL injections or social engineering, unpatched or misconfigured databases, insider mistakes, insider attacks, or cloud security (p. 7).
The plan to establish security requirements for the database should begin with determining the location of the database. The company must also determine the access requirements for the database. If the Huffman HR department headquarters located in Cleveland, Ohio will be the only location of the database, the security requirements will be easy to accept. The human resources department can...