Shake It ClubAsset BaselineTangible Assets:The building that houses the dance club, located in Manhattan at the corner of Second Avenue and 48th Street.Within the building, there is a lounge area, two dance floor rooms, rooms for staff behind the staff, seven individual rooms, offices, and bathrooms.
Office furniture and equipment, including desks, chairs, desktop computer, laptop computer, an iPad, television.A safe and business and financial documents housed in a safe.Security cameras and surveillance system.
Hand-held credit card processing devices, POS system.Club employees, including male and female dancers, bartenders, waiters/waitresses, bouncers.Club clientele, including individual customers, corporate customers, and VIPs.
Contact and payment information for clients, including corporate and VIPs.Intangible Assets:The club’s reputation for discretion and for providing its patrons with privacy.The club’s good location in the heart of midtown Manhattan.The willingness of the club’s owners to be flexible about the type of payment they accent and also willingness to keep tabs.Risk AssessmentClientele contact and payment information.One of the club’s most important intangible assets is the trust its clientele has in the club’s discretion. Without this trust, the club would likely lose a lot of its most important and best paying business.
Therefore, keeping the contact information and stored payment information of its clientele safe and secure is extremely important. I am assuming this information is kept in some kind of computer database, such as Microsoft Access. Threats:Accidental erasure of data.
Hacking and data theft by outsiders.Data theft by employees within the club.If there is a database backup on the premises, the database backup could be stolen. Vulnerabilities:Data leaks. Incorrect user privileges. Improperly trained staff.Office equipment and technology.
Related to also important to safeguard the office equipment, especially the desktop, laptop, and iPad, which is presumably where client contact information is kept in a database. In addition to safeguarding that database in particular, financial software, saved security footage, and employee data is also likely stored on these devices.Hand-held credit card processing devices/POS System. As with saved client contact and payment information, it is important to ensure that real-time payment methods are secure to maintain the trust of clientele, especially corporate and VIP guests. Threats:Computers/iPad could be damaged by fire, water, etc.Computers/iPad or TV could be stolen.
Owners’ computers/iPad could be accessed and used by unauthorized people, for instance waiters or dancers.POS System after could be get old and break VulnerabilitiesThe club has many hallways, rooms, and two exists. It could be very easy for someone to discreetly sneak into the offices if office doors are left unlocked.Safe and financial/business files.Also important to keep the safe and financial files for the club secure.
In addition to containing bank and financial information about the business, these files also contain information about the club’s employees, whose data is also important to protect and keep secure. And, of course, the safe contains cash money which, if stolen, will be very difficult to trace and get back. Threats:Destruction of files due to fire/flood.Theft of physical files.Theft of money and other valuables from safe.
Theft files (could be photographed/copied rather than physically stolen). Vulnerabilities:Physical files could be at risk of flood/fire.Safe keys could get lost/stolen.Security cameras and surveillance system.A nightclub could be a fun but also dangerous business to operate, considering the late-night nature of the business, the clientele (drunk, sometimes also on drugs), and the fact that it is a cash-heavy business. Additionally, because this particular club offers dancers – and private dances – the club must ensure the safety of its employees, especially its female staff. Therefore, the club must make sure its security system is operational at all times. Threats:Damage to cameras due to severe weather or fire.
Vandalism/sabotage/deliberate destruction.Severed link between cameras and larger surveillance system. Vulnerabilities:If connected to the internet, cameras can be remotely hacked.Potential for someone to destroy of break a camera on purpose.Physical building and interiors.The building itself and its great location in midtown Manhattan must also be secured, both from fires and forces of nature, but also from potential damage by patrons.
Threats:Damage due to fire/flooding.Damage caused by patrons, both normal wear and tear and accidents, and also intentional damage. Vulnerabilities:Hundreds of patrons per night, many of whom are impaired due to intoxication (alcohol/drugs).Location in tightly packed midtown Manhattan, which means if a nearby business has a fire or other calamity, it could potentially also envelope the club.
Though unlikely, location in Manhattan means the club could be exposed to an act of terror. Information Assurance Framework (Security Infrastructure) Information assurance framework is all about people, business operations, and technology. This section explores policies and procedures to be put in place to protect owners, staff members, and assets from harm.
Controlled AccessPolicies: Passwords for all computers, devices, security system, etc. must be secure.Only club owners, accountants, and other office staff are permitted to access the club’s financial data and patron database.Only club owners and security personnel are permitted to access security camera recordings.Only bartenders and waitstaff are permitted to use hand-held POS processors.Procedures: Password Policy:Passwords must be a minimum 8 characters long.
Passwords cannot have the same characters as more than 50% of your password (for example, “fffffaaa” or “99999444”).Passwords cannot follow QWERTY keyboard rows, for instance “qwertyuiop” or “123456789”Passwords cannot contain the words “Admin,” “User,” or “Password.”Passwords must contain characters from three of the following categories:Uppercase letters (A, B, C and so on)Lowercase letters (a, b, c and so on)Numbers (0, 1, 2, and so on)Non-alphanumeric characters (%,*, $, and so on). Controlled Access policy:Accounts for computers will be configured to allow or bar access to different information by user role. Club owners have access to everything, but accounting staff will have access to financial records. Secretarial/marketing staff will have access to client contact database, but not financial records. Security staff will have access to stored security footage.
Bartenders and waitstaff will have accounts they must sign into and out of on their payment processors when they start or finish work or when they take a break. The device will not function unless signed into.Personnel SecurityPolicies:Staff must remain discreet about club clientele and not publicly disclose the names or other personal information of club patrons.All newly hired staff members must complete a background check.Procedures:Staff must sign a nondisclosure agreement upon hiring, in which they promise not to publicly disclose personal information about the club – including information about its patrons – with an understanding that violating this policy could lead to termination.Prior to hiring, all staff members must complete and pass a criminal background check and drug test, to be performed by a third-party company. Physical SecurityPolicies:The exterior and all interiors of the club must be monitored by the club’s security system at all times.Offices, computers, files, and the safe must be secured when not in use.
Physical files/financial data must be protected from harm or theft.Hand-held POS devices must be accounted for and securely stored when not in use.Club patrons who purposely commit acts of vandalism or violence, or make threats of violence against the club, its staff, or other patrons will be barred from the club.All club patrons must provide ID before entering the club.Procedures:The club’s security cameras must be on and operational at all times, recording the exterior of the club as well as all of its internal hallways and rooms, both during times the club is open and during off-hours. During business hours, one member of the security staff is responsible for monitoring the cameras from an office.Cash and other valuables belonging to the club must be stored in the fireproof/waterproof safe. The safe must be locked at all times.
When not in use, office doors must be locked securely.Filing cabinets must be fire- and waterproof and must lock.When not in use – during off hours, during breaks, etc. – in addition to logging out of their POS accounts, bartenders and waitstaff must store their handheld devices in a secure locker.If a member of staff witnesses an act of vandalism or violence against the club, its staff, or patrons, the staff member must report the incident to security staff immediately. They must also file an incident report, which will be kept on file for insurance purposes, and possibly to report to the police.Club patrons must provide security personnel with a government-issued ID prior to entering the club. If a patron does not have an ID, they must be prevented from entering the club.
Network SecurityPolicies:All network resources must be secured and accounted for at all times.Network issues must be reported immediately.Network diagnostics must be scheduled twice a week.Procedures:The club does not have dedicated IT staff. Therefore, it must hire a company that could monitor its network systems, perform backups, and troubleshoot network problems should they rise.Passwords for network must follow the password policy.When network issues arise, they must be reported to the IT company immediately.Automated tools are deployed and implemented to monitor the following services for real time detection of intrusion and vulnerability exploitation:Internet traffic Electronic mail traffic LAN/WAN traffic, protocols, and device inventory Operating system security parametersProtection against Software VulnerabilitiesPolicies:Only authorized personnel may access club WiFi on authorized devices.
Staff members cannot download and install apps or software to club computers or devices.Procedures:Only club owners, accountants, security personnel in charge of monitoring the surveillance systems, and other office staff may be given access to the club’s Wifi.Staff members may not connect personal devices to club WiFi.Only club owners or members of the third-party IT company may install software on club computers.Disaster Recovery and Business ContinuityPolicies:The club will develop a comprehensive disaster recovery plan when any form of change occurs to the previous policy in order to take accounting changes into consideration.The disaster recovery plan must be tested at a regular interval. Procedures:The disaster recovery plan must be tested once per quarter within a simulated scenario to guarantee its seamless implementation during the event of a legitimate emergency.
All staff must be fully aware of all disaster recovery plans as well as their assigned roles in the event of an emergency. A written guide will be developed to inform each staff member of his or her role in the recovery plan, which they must sign-off on once per quarter.RecommendationsHere is an overview of recommendations for solutions that club owners can implement to safeguard the security of their patrons’ information, physical location, staff, financial data, and more. Included also is a price range for each recommended action.Get a third-party cloud-based database service. Using a third-party cloud-based database to store clientele contact information and payment information will make the data more secure than using a database that is local to a specific computer or local server because generally these larger cloud companies have better security, less downtime, and offer guarantees about the safety and integrity of your data. Estimated cost: Prices vary greatly according to the system you select, but a cloud database hosted by Amazon Web Services could cost as little as $32 – $63 per month.Hire a third-party IT management service.
This service will monitor and secure the club’s network routers, LAN, and the surveillance systems, perform routine network checks, and troubleshoot issues as they arise. Estimated Cost: Approximately $250 – $400 per month.Implement a Nondisclosure Agreement. Upon hiring, staff should be asked to complete a nondisclosure agreement, in which they agree not to reveal the names and other information of club patrons, with the understanding that doing so will lead to termination. One of the club’s most important assets is its reputation for discretion and it’s important for the club to make sure all staff members understand this.Hire a third-party background check company.
Hiring an outside company to perform background checks and drug tests on new hires will ensure that new hires do not have concerning past criminal behavior or substance abuse issues, while also maintaining the employees’ right to privacy from their employer. Approximate cost: Varies depending on the service hired, but GoodHire.com offers a low-volume service with a turn-around time of one business day for $29.99 per background check.