Better Securing an Infrastructure for Telework

Abstract

The XYZ Hardware Company, Inc. infrastructure features high volumes of sensitive and confi- dential corporate data relevant to internal and external transactions. From 1999 to the middle of 2004, XYZ has utilized the Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVESM) Model version 1e to protect its network. The OCTAVESM Model has proven to be helpful for XYZ by identifying over 198 potential security breaches. However, in 2004, when XYZ began to enhance its existing network infrastructure to include telework, 210 security breaches occurred. These breaches cost the company over $350,000 in lost profits between July and December of 2004. To safeguard their network, upper management wanted to invest the money in a series of generalized training including working ethics, virus scanning, and backing up files. However, instead, XYZ’S chief information officer (CIO) invested over $100,000 in research in order to modify their existing protection strategy, to better safeguard their new telework infrastructure by identifying its specific strengths and weakness in an effort to create more concentrated and specialized training at the root of the problem.