Security Audit You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for Cruisin’ Fusion. Create a 10- to 12-s

Security Audit You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for Cruisin’ Fusion.
Create a 10- to 12-slide presentation (not including the title and reference slides) that shows the results of your security audit based on the following audit process:

Potential Risk to be Reviewed: Describe the risk.
Example: Viruses and malware can negatively impact the confidentiality, integrity, and availability of organizational data.
Regulation and Compliance Issues: Analyze how regulations and compliance issues could impact the organization.
Provide a detailed analysis of regulations and compliance issues, beyond the simple explanation in score point two.
Regulation and Compliance Resources and Tools: Analyze what resources and/or tools are available to address regulations and compliance issues.
Describe the control objective and the specific controls you will evaluate to determine potential risk is mitigated. Please note that typically, there will be more than one control that should be reviewed for potential risk.
Example: Determine whether anti-virus software is in use.
Example: Determine whether virus signatures are periodically updated.
Example: Determine whether periodic virus scans are performed.
Provide a detailed analysis of the resources and/or tools available, beyond the simple explanation in score point two.
IT Security – Processes and Methods: Differentiate between the various processes and methods involved in the management of IT security resources.
Review the various options available to address those processes and methods previously explained, and which ones might be feasible.
IT Security – Measures: Analyze the various security measures that could be taken within the organization.
Demonstrate a detailed understanding of what the alternatives are to approach security, how much security is needed, different methods to employ, etc.
Describe the criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., what criteria will you use to perform your evaluation/how will you determine that the risk has been mitigated to an acceptable level).
Example: 100% of servers and PCs have virus software installed.
Example: 100% of the virus software installed is set to automatically update, including virus signatures.
Example: 100% of the virus software installed is set to automatically perform a scan at least weekly.

Include a 1/2- to 1-page executive summary to support your presentation. Include appropriate references. Shopping Cart Software for Cruising

Introduction

Cruisin’ Fusion Taco trucks are pleased to inform our customers that we have introduced a shopping cart feature on our website. Placing orders online is very secure, and we have put adequate security measures on the site to guarantee the safety of your data. Nothing feels better than this, and the ordering system is available on a 24/7 basis. The official launch is scheduled for 31st August 2021, and the first 100 customers to make advance orders will receive one free taco.

Differences between ethics, organization policies, and laws

Ethics refers to the professional code of conduct during collecting, analyzing, and publishing personal data regarding privacy, confidentiality, and how that information will be stored or shared. Informed consent has to be sought before data can be shared. On the other hand, organizational policies refer to the guidelines or general statements that define the organization’s behavior (Rustad, 2019). Laws refer to the regulations within a particular organization that regulate the activities of its members.

How the shopping cart will uphold ethical trends in protecting consumer privacy

To access the Cruisin Fusion e-commerce site, customers will be required to sign in with their email (username) and strong password. Moreover, to protect customers’ credit card numbers from being compromised by hackers, secure payment solutions such as PayPal have been integrated into the website to ensure transactions are secure. Cruisin Fusion IT personnel will be tasked with updating the shopping cart software on the webserver to fix any possible vulnerability (Sarathy, 2020).

Organizational Policies

Data security accountability policy will ensure that employees are aware of their responsibilities while they are handling customer data. To this end, data will be classified as confidential, general, and data meant for internal use and sent outside the company. Another policy will be about remote access management, which will define how network security will be monitored to prevent cyber-attacks (Rustad, 2019). Management of patches policy will ensure vulnerabilities are eliminated by fixing bugs in the shopping software.

Ethical considerations to maintain confidentiality to protect consumer data

As a matter of principle, Cruisin Fusion will adopt a data privacy audit. This will ensure we do not collect more information from customers more than it’s needed. All collected data will be stored in an encrypted format to prevent unauthorized people from accessing it (Sarathy, 2020). A privacy policy will also be posted on the website, where users will be required to read and agree before signing into the site. Changes in the privacy policy will be communicated to customers to keep them updated. Also secured socket layer (SSL) certificate will be installed on the webserver to prevent hackers from intercepting customer information between the browser and the server.

Privacy laws and regulations upheld in shopping cart software

The shopping cart software was designed bearing in mind the federal trade commission act that prevents businesses from using “deceptive trade practices.” In our privacy policy, the company has outlined various ways to implement data security. In addition, the company has strictly implemented the fair credit reporting act, “which regulates collection and use of credit card information” (Sarathy, 2020).

References

Sarathy, R., & Robertson, C. J. (2020). Strategic and ethical considerations in managing digital privacy. Journal of Business ethics, 46(2), 111-126.
Rustad, M. L., & Koenig, T. H. (2019). Towards a global data privacy standard. Fla. L. Rev., 71, 365.