There have been issues surrounding the authenticity and protection of sensitive data that belongs to companies and customers.

Name
Institution
Date

EXECUTIVE SUMMARY
Background
There have been issues surrounding the authenticity and protection of sensitive data that belongs to companies and customers. In some circumstances, it has been difficult to trust companies with personal information unless the companies promise to keep the information secure and private. They should also promise to use the information according to purposes that it is meant for. Issues of threats to information have also been on a rise where the threats may lead to loss of data that may never be obtained. The issues of security of data have also changed due to technological changes that are taking place. The strategies being used have become a threat to many companies that handle sensitive information with regards to customers.
For data to be protected, courses of action with criteria to be used need to be explained and implemented. This persuasive paper handles the recommendation on data protection policy that can be used to achieve protection of the data.
I will therefore make the following recommendations to improve the security standards of sensitive information in the company.
The paper also handles the courses of action with criteria that when used, data protection can be achieved. The courses of action that I have recommended for use are;
Recommendations
Our company should enhance the intrusion detection and intrusion prevention systems to aid the existing systems in data protection.
Our company should also develop and enhance clear policies, incident response manuals and tools for intervention when there is an alarm in data systems.
Courses of action
• Enhancing anomaly based detection system
Background
This is a process where definitions of normal and observed events are compared to help identify if there are any significant deviations. An intrusion detection system that is anomaly based has profiles representing normal behavior of users, the networks used and the applications.
Criteria
• The system will be developed by checking the profiles and monitoring features of a certain activity that is taking place at a specific period of time
• Statistical methods can be used for comparing the existing profile with the characteristics of the current activity and when there is more bandwidth, the system will automatically alert the administrator.
• Developing profiles for a variety of behavioral attributes for example login attempts that have failed, the number of emails sent and how the processor has been used at a particular period of time.
Analysis
Anomaly based systems for detecting attacks are beneficial in their effectiveness to detect attacks that are previously unknown. It is only difficult to establish and determine the cause of a particular alert.
• Improving the state of firewalls
Background
A firewall is a software or hardware device that is used to control the services that need to be exposed in a network. Therefore, the firewalls can block and restrict individuals that are not allowed to access the content but will only allow authorized access. Firewalls will ensure that public services are available for everyone and private services are restricted to internal users and sensitive company and customer information is blocked for access when the firewalls are enhanced.
Criteria
• Ensuring that our firewalls are properly configured to the systems used in our company.
• Implementing restrictions that are necessary at different interfaces of our systems.
• Exposing few pieces of software to reduce attack on the server.
• Providing a limitation to components that ate regarded vulnerable to exploitation
Analysis
The firewalls are easily available; many of them are those of Linux systems. Also, setting the firewalls to be functional takes less time and are required to be installed during the initial stages of setting up the system server

• Utilizing Private networking and virtual private networks
Background
A private network is a type of network that that is only available to some specific users or servers. A virtual private network (VPN) is a way in which secure connections are created between remote computers and the connection presented is like that of private network that is local. This presents a platform in which services can be configured in way that they is similar to a private network and remote servers can be connected over connections that are secure.
Criteria
• Our company should enhance the utilization of private networking for communicating internally
• Implementing additional measures that will secure the communication that takes place on the servers
• Effective use of the VPN will map a private network that authorized servers can only see.
• Configuring other applications to pass their traffic on the VPN software to allow filtering of information.
Analysis
It is simple to utilize the private networks in a data center. The initial setup for VPN is the one that is tedious and involving, but the security offered by the software is worth the take.
• Establishing a public key infrastructure and encryption
Background
This is a system that is established and designed in a way that it can create, manage certificates that are used for identification of people and encryption of communication. The certificates may be used in authentication of entities after which they can be used in establishing encrypted communication.
Criteria
• The public key infrastructure will establish certificates of authority and manage certificates for our servers.
• The members identity will be validated and their traffic will be encrypted and thus prevent man in the middle attacks
• Configuring each server to a centralized authority.
• Encrypting the system applications and protocol
Analysis
Setting up the public key infrastructure and configuring a certificate authority may be difficult at initial stages. Nevertheless, the benefit that comes with use of the key infrastructure is much more worth than losing the company and customer sensitive data to the public or unauthorized users.
Enhancing policies and tools
Background
These are policies that can be followed to intervene correctly when a data incident has occurred. The policies can also be used to pursue a legal action or stop the individual that has caused the attack or harm on the data systems.
Criteria
• Improving the incidence response techniques that enhance the quality of data that has been gathered.
• Pursuing software tools for investigating an incident to do a research make an evaluation and report on findings.

INTRODUCTION
Protecting data means making it unavailable to unauthorized persons for use, modification, or protecting it from being destroyed. The security threats that exist include viruses, natural threats such as floods or fires or thieves. Companies and customers have an expectation that their data is maximally protected and cannot be used without the authenticity of the owners. Protecting customer and company’s data is supreme. The company is able to assess the effectiveness of the ICT system in handling their information and ability to protect it from theft or improper use. When companies establish an ICT department, the company expects that the department will come up and generate rules with regards to protecting the information for the company and customers and the management of this information. This paper will handle the recommendations, the courses of action, the criteria and analysis of protecting sensitive company and customer data.
Background
The successfulness of a company depends on many factors. Some may be tangible such as assets that include buildings, products and employees. Others may be intangible and have difficulty in measurement, but these, are essential to the information and communication technology department of the company. The companies should have trust in what the information communication technology department is able to do in protecting the sensitive information of customers and the company. In the absence of trust the customers may not wish to share their information, use the company’s services or purchase their products. The key to customer trust is ensuring that privacy of their information is upheld. Additionally, the law requires that privacy is protected, these aids the firms with ICT services to regulate their actions and thus avoid being fined. You can win a customer’s trust by ensuring that the information collected is stored and used in the highest degree of care and diligence with respect. Due to the evolutionary nature of the ICT systems, focus should be placed not only on the communication to service providers but also consider security and privacy of company’s and customers’ sensitive data.
Companies that need to secure their sensitive data and those of customers will need to build and establish strong ICT systems foundations. These should be based on privacy and security. Major technological changes require that the systems used by companies also evolve to fit the changes taking place. As the advantages of obtaining data from customers are becoming clearer and manifest, the rate at which companies are getting information is on an increase day in day out. And since data is an important asset in the company, it is important that it is treated with care. Information that is stored not only includes that of customers but also that which belongs to the company. This information can be records of staff, financial records or materials used for marketing the company. It is extremely harmful to lose this kind of information as it may result to the collapse of a company.
The data can be exposed to damage, disasters that are natural such as fire and floods, or can be spoilt by viruses or stolen by thieves who can use it against the company by either retrieving company or customer information.
Recommendations
Our company should enhance the intrusion detection and intrusion prevention systems to aid the existing systems in data protection.
Our company should also develop and enhance clear policies, incident response manuals and tools for intervention when there is an alarm in data systems.
Courses of action
• Enhancing anomaly based detection system
Background
This is a process where definitions of normal and observed events are compared to help identify if there are any significant deviations. An intrusion detection system that is anomaly based has profiles representing normal behavior of users, the networks used and the applications.
Criteria
• The system will be developed by checking the profiles and monitoring features of a certain activity that is taking place at a specific period of time
• Statistical methods can be used for comparing the existing profile with the characteristics of the current activity and when there is more bandwidth, the system will automatically alert the administrator.
• Developing profiles for a variety of behavioral attributes for example login attempts that have failed, the number of emails sent and how the processor has been used at a particular period of time.
Analysis
Anomaly based systems for detecting attacks are beneficial in their effectiveness to detect attacks that are previously unknown. It is only difficult to establish and determine the cause of a particular alert.
• Improving the state of firewalls
Background
A firewall is a software or hardware device that is used to control the services that need to be exposed in a network. Therefore, the firewalls can block and restrict individuals that are not allowed to access the content but will only allow authorized access. Firewalls will ensure that public services are available for everyone and private services are restricted to internal users and sensitive company and customer information is blocked for access when the firewalls are enhanced.
Criteria
• Ensuring that our firewalls are properly configured to the systems used in our company.
• Implementing restrictions that are necessary at different interfaces of our systems.
• Exposing few pieces of software to reduce attack on the server.
• Providing a limitation to components that ate regarded vulnerable to exploitation
Analysis
The firewalls are easily available; many of them are those of Linux systems. Also, setting the firewalls to be functional takes less time and are required to be installed during the initial stages of setting up the system server.
• Utilizing Private networking and virtual private networks
Background
A private network is a type of network that that is only available to some specific users or servers. A virtual private network (VPN) is a way in which secure connections are created between remote computers and the connection presented is like that of private network that is local. This presents a platform in which services can be configured in way that they is similar to a private network and remote servers can be connected over connections that are secure.
Criteria
• Our company should enhance the utilization of private networking for communicating internally
• Implementing additional measures that will secure the communication that takes place on the servers
• Effective use of the VPN will map a private network that authorized servers can only see.
• Configuring other applications to pass their traffic on the VPN software to allow filtering information.
Analysis
It is simple to utilize the private networks in a data center. The initial setup for VPN is the one that is tedious and involving, but the security offered by the software is worth the take.
• Establishing a public key infrastructure and encryption
Background
This is a system that is established and designed in a way that it can create; manage certificates that are used for identification of people and encryption of communication. The certificates may be used in authentication of entities after which they can be used in establishing encrypted communication.
Criteria
• The public key infrastructure will establish certificates of authority and manage certificates for our servers.
• The members identity will be validated and their traffic will be encrypted and thus prevent man in the middle attacks
• Configuring each server to a centralized authority.
• Encrypting the system applications and protocols.
Analysis
Setting up the public key infrastructure and configuring a certificate authority may be difficult at initial stages. Nevertheless, the benefit that comes with use of the key infrastructure is much more worth than losing the company and customer sensitive data to the public or unauthorized users.
Enhancing policies and tools
Background
These are policies that can be followed to intervene correctly when a data incident has occurred. The policies can also be used to pursue a legal action or stop the individual that has caused the attack or harm on the data systems.
Criteria
• Improving the incidence response techniques that enhance the quality of data that has been gathered.
• Pursuing software tools for investigating an incident to do a research make an evaluation and report on findings.
Other courses of action that can be used in protecting data include;
• Identifying the security risks existing
• Also, analyzing information can be a course to data protection
• Ensuring availability
• Ensuring high confidentiality

Identifying existing data security risks
Background
The number and kind of risks that a company is exposed to will depend entirely on the type of data that the company stores. There is a necessity to cover all risks by some kind of protection.
The criteria here will involve;
• Ensuring that the security policies of the company are in compliance with the data protection and privacy laws.
• Appointing a person who is well trained and has knowledge of recent threats that may damage data so that the individual can manage the security.
Ensuring high confidentiality
Background
This ensures that the required levels of secrecy are put to place at each point where data is processed. Unauthorized disclosure is prevented at this point. As information remains stored I the systems and devices, a high level of confidentiality should be maintained within the networks. Sources of threat may arise from;
• Social engineering where an individual poses to be the actual yet it’s not true
• Monitoring activities taking place on the networks
• Individuals stealing passwords for files
• Shoulder serving
The criteria to be used to counter the threats are;
• Encryption of data that is stored and transmitted
• Usage of network padding
• Classifying data and implementing access control mechanisms that are strict.
• Training personnel on proper procedures.
Ensuring availability of data
Background
This is a course of action that ensures information is available reliably and can be accessed in a timely manner to individuals who are authorized. The sources of threat could be as a result of; Failure of the device or software issues arising from the environment such as heat, cold, humidity and contaminations that can affect the availability of the system.
Criteria to counter the problems
• Having backups at separate places that will help to replace the system that may fail.
• Using firewalls and router configurations
• Using instruction detection Symantec to in monitoring traffic on networks and system activities of the host.

Course of action Criteria
Enhancing anomaly based detection system
The system will be developed by checking the profiles and monitoring features of a certain activity that is taking place at a specific period of time
Statistical methods can be used for comparing the existing profile with the characteristics of the current activity and when there is more bandwidth, the system will automatically alert the administrator.
Developing profiles for a variety of behavioral attributes for example login attempts that have failed, the number of emails sent and how the processor has been used at a particular period of time.

Improving the state of firewalls
Ensuring that our firewalls are properly configured to the systems used in our company.
Implementing restrictions that are necessary at different interfaces of our systems.
Exposing few pieces of software to reduce attack on the server.
Providing a limitation to components that ate regarded vulnerable to exploitation

Utilizing Private networking and virtual private networks
Our company should enhance the utilization of private networking for communicating internally
Implementing additional measures that will secure the communication that takes place on the servers
Effective use of the VPN will map a private network that authorized servers can only see.
Configuring other applications to pass their traffic on the VPN software to allow filtering of information
Establishing a public key infrastructure and encryption
The public key infrastructure will establish certificates of authority and manage certificates for our servers.
The members identity will be validated and their traffic will be encrypted and thus prevent man in the middle attacks
Configuring each server to a centralized authority.
Encrypting the system applications and protocols.

Enhancing policies and tools
Improving the incidence response techniques that enhance the quality of data that has been gathered.
Pursuing software tools for investigating an incident to do a research make an evaluation and report on findings.

Summary of analysis
The courses of action that I have suggested with the criteria can be used to achieve the objective of securing company and customers’ data. I recommend the above actions to be taken because of the advantages that they possess. Some of these advantages are; they prevent loss of data. Confidentiality being maintained will assist to protect unauthorized access of information. The strategy being used is easy to implement and does not require a huge budget. Also the courses of action will ensure that information is available, this is achieved when the company has separate storage that is used for backup. And since information will always be available, sooth running and safe keeping of customers and company’s information will be achieved. The trust of customers will increase and cause them to buy more products and services from the company

Conclusion
Due to overlap of information that is collected, preserved and transmitted more attention has been put on data security. The current knowledge on the usage of obtained data and ensuring that it’s secure has been a challenge. But this persuasive paper has elucidated how security of information is paramount to the company as well as customers and its need to be kept safe. Further, ways of taking actions against incidences of data insecurity have been highlighted and if they can be put to use, protection of data can be achieved and bring more value to the company and the customers.

References
Serret-Avila, X., & Boccon-Gibod, G. (2004). U.S. Patent No. 6,785,815. Washington, DC: U.S. Patent and Trademark Office.
Busch, R., Cloutier, I., Sekaly, R. P., & Hämmerling, G. J. (1996). Invariant chain protects class II histocompatibility antigens from binding intact polypeptides in the endoplasmic reticulum. The EMBO journal, 15(2), 418-428.
Gertner, Y., Ishai, Y., Kushilevitz, E., & Malkin, T. (2000). Protecting data privacy in private information retrieval schemes. Journal of Computer and System Sciences, 60(3), 592-629.
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Information_Security_and_Risk_Management(np)