Track: Cybersecurity

Abstract

Information security risks are always changing, and so must the countermeasures against them. A security assessment is essential for ensuring that a company is prepared and secure. In this case study, the researcher conducts a vulnerability assessments and proposed security controls, where recommended security controls are culled from those available subscription-based services online. The study aims to identify and assess five (5) different security issues involving the concerned marketing company, Company ABC, and recommend potential solutions that will mitigate each identified issue. The framework used in the assessment is the ISO 27001. Among the vulnerability findings were lack of security management for storage of company resources, files can be stolen and stored locally and disseminated without detection, there is no change management system and lack of proper documentation for work, interns are not provided corporate emails and instead uses their personal emails for internal and external communication and server access, lack of security management for storage of company resources, lack of centralized management, interns are not provided corporate emails and instead uses their personal emails for internal and external communication and server access. Recommended solutions were detailed in this study and focuses on the usage of the functionalities of these different subscription-based platforms, dropbox, google workspace, gmail, and protonmail.