Avatar Financials, Inc., located on Madison Avenue, New York City, is a company that provides financial advice to individuals and
Avatar Financials, Inc., located on Madison Avenue, New York City, is a company that provides financial advice to individuals and small- to mid-sized businesses. Its primary operations are in wealth management and financial advice. Each client has an account in which basic personal information is stored on a server within the main office in New York City. The company also keeps the information about the amount of investment of each client on a separate server at its data center in Bethlehem, Pennsylvania. This information includes the total value of the portfolio, type of investments made, the income structure of each client, and associated tax liabilities.
In the last few years, larger commercial banks have started providing such services and are competing for the same set of customers. Avatar, which prides itself on personal consumer relations, is now trying to set up additional services to keep its current customers. It has recently upgraded its website, which formerly only allowed clients to update their personal information. Now clients can access information about their investments, income, and tax liabilities that is stored at the data center in Pennsylvania.
As a result of previous dealings, Avatar has been given free access to use the computer room of an older production plant. The company believes that this location is secure enough and would keep the data intact from physical intruders. The servers are housed in a room that the production plant used to house its legacy system. The room has detectors for smoke and associated sprinklers. It is enclosed, with no windows, and has specialized temperature-controlled air ducts.
Management has recently started looking at other alternatives to house the server because the plant is going to be shut down. Management has major concerns about the secrecy of the location and the associated measures. They want to incorporate newer methods of physical data protection. The company’s auditors have also expressed a concern that some of the measures at the current location are inadequate and that newer alternatives should be found.
1. Why are the auditors of Avatar stressing the need to have a better physical environment for the server? If Avatar has proper software controls in place, would that not be enough to secure the information?
2. Name the six essential control features that contribute directly to the security of the computer server environment.