Milestoneone-IT549
.docx
School
Southern New Hampshire University**We aren't endorsed by this school
Course
IT 549
Subject
Information Systems
Date
Jan 11, 2025
Pages
6
Uploaded by photodude4169
1Milestone One -Information Assurance Plan Introduction: WawaSouthern New Hampshire UniversityIT 549Prof. Stuart Gold
Milestone One - Information Assurance Plan Introduction: Wawa2IntroductionInformation Assurance has become important through the years, it is the practice of making sure certain data or risks are managed appropriately throughout application usage, storage, processing, and transmission (Kashyap, 2022). Wawa is a convenience store and gas station chain that recently experienced a significant security breach, highlighting the importance of information assurance. In this incident, malware was installed on the Wawa network in March 2019 and was not found and removed until December 2019 (Wawa Convenience Stores, 2022). The breach resulted in unauthorized access to customer payment card information, emphasizing the critical need for Wawa to establish and maintain an effective information assurance plan. Such a plan ensures the confidentiality, integrity, and availability of information, safeguarding customer trust and the organization's reputation (Kashyap, 2022). By prioritizing these key concepts, Wawa can mitigate risks, comply with regulations, and enhance its overall security posture.Goals and ObjectivesThe goals and objectives of an information assurance plan for Wawa encompass the key concepts of confidentiality, integrity, and availability which will provide several benefits for Wawa. Wawa will need to mitigate risks by identifying potential vulnerabilities and implementing appropriate controls and countermeasures (Marget, 2022). This proactive approach reduces the likelihood and impact of security incidents, such as data breaches or unauthorized access. The information assurance plan will need to ensure compliance with regulations and industry standards (Marget, 2022). By adhering to data protection and privacy
Milestone One - Information Assurance Plan Introduction: Wawa3requirements, Wawa can avoid legal penalties, regulatory fines, and other consequences associated with non-compliance. Compliance also enhances customer trust and confidence in the organization's commitment to protecting their information. The information assurance plan will need to create an effective incident response (Cichonski et al., 2012). Having predefined processes and procedures enables Wawa to respond swiftly and effectively to security incidents, minimizing their impact and restoring normal operations promptly. By prioritizing information security, Wawa can enhance its reputation, attract security-conscious customers, and gain a competitive advantage in the marketplace. Training employees and implementing an Information Assurance program.Customers are more likely to trust and choose a business that prioritizes the protection of their personal and financial information, resulting in increased customer loyalty and business opportunities for Wawa especially after their recent data breach.Confidentiality, Integrity, and Availability of InformationAssessing the confidentiality, integrity, and availability of information within Wawa would involve conducting an information security audit or assessment. This process can include evaluating various aspects, such as access controls, data encryption, network security, incident response procedures, and compliance with relevant regulations such as ISO/TEC 27001 (Goddard, 2023).These assessments can provide a comprehensive understanding of the organization's information security posture and guide the development and maintenance of an effective information assurance plan. When it comes to the confidentiality, integrity, and availability of
Milestone One - Information Assurance Plan Introduction: Wawa4information at Wawa, it's important to consider the characteristics of their operations and information systems.Confidentiality refers to the protection of sensitive information from unauthorized access or disclosure (Goddard, 2023). Wawa, like any organization in their market, would have measures in place to safeguard customer data, employee information, financial records, and other confidential data.Integrity involves maintaining the accuracy, completeness, and reliability of information (Goddard, 2023). Wawa would need to have mechanisms in place to ensure that data is not improperly changed, tampered with, or corrupted. This would involve using data validation techniques, maintaining regular backups, and monitoring systems to detect and prevent unauthorized changes (Goddard, 2023).Availability means ensuring that information and systems are accessible and usable when needed (Goddard, 2023). Wawa's information systems and services need to be available to support their day-to-day operations. Maintaining reliable hardware, having a robust network infrastructure, and effective disaster recovery plans would be the minimum requirements.Current Protocols and PoliciesIn order to maintain confidentiality, integrity, and availability, Wawa works to comply with their industry’s compliance standards. One policy would be the Payment Card Industry Data Security Standard (PCI-DSS) for handling credit card information(PCI DSS Compliance Guide, 2021). Wawa was sued in their recent data breach for non-compliance to the PCI-DSS. However, it was later found that Wawa was compliant based on the findings from an independent security audit (Wawa Convenience Stores, 2022).
Milestone One - Information Assurance Plan Introduction: Wawa5Deficiencies that exist in the current protocols and policies at Wawa may include insufficient data encryption practices, limited incident response capabilities, or lack of employee training. These issues could easily expose the organization to risks such as unauthorized access and data breaches. The malware in Wawa’s breach was not found until 8 months after it was installed onto the network which shows a lack in policy and training and policy (Wawa Convenience Stores, 2022). Addressing these issues and overcoming any barriers would require an investment in training and a commitment in compliance by Wawa to ensure a successful implementation of an updated information assurance plan.
Milestone One - Information Assurance Plan Introduction: Wawa6ReferencesCichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012, August). Computer Security Incident Handling Guide - NIST. National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf Goddard, W. (2023, May 18). The Importance of Information Security Compliance. IT Chronicles. https://itchronicles.com/information-security/the-importance-of-information-security-compliance/ Kashyap, P. (2022, April 26). Information assurance vs information security. GeeksforGeeks. https://www.geeksforgeeks.org/information-assurance-vs-information-security/ Marget, A. (2022, March 17). Information assurance: Defined, explained and explored. Unitrends. https://www.unitrends.com/blog/information-assurance PCI DSS Compliance Guide- Requirements Explained. PCI DSS GUIDE. (2021, October 20). https://www.pcidssguide.com/ Wawa Convenience Stores & Gas Stations. Wawa. (2022, July 29). https://www.wawa.com/terms-and-conditions