Downloadable Content
Download PDF
Masters Thesis
Information Security Plan for Redacted Tax Service
The Cybersecurity Master of Science Program at California State University San Marcos requires all students to participate in a Semester-In-Residence with a local business. I chose Redacted Tax Service (RTS), a small tax preparation company that has been in business in the San Diego area for more than 30 years. My final deliverables are a Risk Assessment and an Information Security Plan, detailing current security practices and providing recommendations for future improvements. Over the course of the Semester-In-Residence I became the company’s Chief Information Security Officer and, as my coworkers liked to call me, the IT Department. I ensured that all software was up-to-date, researched and installed a new antivirus software, ensured Payment Card Industry (PCI) compliance when RTS began accepting credit cards, and mitigated any incidents. The most potentially serious incident occurred when the owner clicked on a link in a fraudulent email. The concern was that the entire computer, and potentially the network, could become encrypted. I was able to check log files, run an application to detect rogue software, and run a virus scanner on all network machines. In the end, I could determine that the malicious intent of the email hadn’t infected the network. Another large concern was physical security. The company had just moved into an office in a local downtown area and foot traffic increased dramatically. I coordinated the installation of a new alarm system, set-up a motion sensor by the front door, as well as a camera in the front office that could be viewed on a computer, tablet or cell phone. I also recommended the purchase of steel file cabinets with locks, which better protected sensitive client information. Some of the previous concerns were documented in the Risk Assessment I performed, including PCI compliance and physical security. Once the Risk Assessment was completed, I was able to determine the controls I felt were necessary using the General Services Administration’s (GSA) Federal Risk and Authorization Management Program’s (FedRAMP) Information Security Plan Template. I also documented the company’s system information, network configuration, and software applications used. I believe this may prove to be even more useful than the security controls, since it had never been documented before. Overall, I was able to complete a Risk Assessment, an Information Security Plan, and ensure a secure and maintainable network. There will always be work to be done but I am confident that Redacted Tax Service is much more secure, in both network and physical security, since I became involved.
Thumbnail | Title | Date Uploaded | Visibility | Actions |
---|---|---|---|---|
JohnsonKaren_Spring2017.pdf | 2019-11-12 | Public | Download |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.