Security Control Evaluation

Betty, the regional sales manager of a mid-sized home security system manufacturer and installer, discovered that 2 laptops and 2 tablets, worth about $8,000 in total, had been stolen. Upon investigation, 2 members of her sales team had left their offices unlocked when they attended a luncheon that went well into the afternoon. When her employees returned, they discovered that the equipment was missing, apparently taken by an individual or individuals, who walked into the unlocked offices, picked up the equipment, and left unnoticed by the other employees in adjoining offices.
Since the employees stored business data on the local hard drives of their laptops, the sales team lost approximately 2 years of emails and sales logs as well as customer contact lists and detailed product specifications files.
Business impact:
• The laptops were not encrypted.
• One laptop had a password taped to the back of the laptop, allowing the thief to log into it and exposing the unencrypted data on the device.
• The monetary loss was significant in which the company could not submit an insurance claim because the sales offices were not locked.
The company lost sensitive and proprietary data due to it being stored on the local hard drives of the laptops. The impact of data loss is estimated to be $75,800 in value.

Based on your reading in NIST SP-800-53A (from CYB/120), write a 2- to 3-page analysis of the case study in which you examine the security controls that were compromised. Complete the following in your analysis:

Identify who in the company is responsible for physical security.
Determine what security controls were not in place that could have potentially prevented this compromise.
Compile a list of future security controls that will need to be put in place to prevent other attacks.
Describe the role that security awareness and training have with respect to improving physical security within the company.