To be prepared for anything is hard to do but with research and good instincts a business could be and feel safe from manmade and natural disasters. Physical security can be used to fix any gaps or problems with security. They may bring in surveillance, fences, hiring someone for the front desk, security badges for employees, guards at entrances. Anything that could prevent unwanted visitors that would be the proper type of security for the business will be considered. Computer programs like firewalls and back up programs to prevent cyber crime.
The counter measures that need to be considered by Acme Corporation include secured parking and facilities, thorough background checks, and policies and procedures that will prevent proprietary information from leaving the secure areas. To better understand how to develop proper countermeasures it is important to know what a threat is. A threat to an organization is any action that damages an organization’s assets; vulnerabilities are systems in place that pose a weakness to the protection of these assets and countermeasures are systems in place that prevent damage to assets due to these vulnerabilities. Acme Corporation should be aware of all three of these elements so that they may have a successful organization with effective loss prevention strategies. In addressing the threats toward the Acme Corporation, we will look at employees, equipment, profit and the environment.
9/8/2013 SEC280 Case Study Week 1 Case Study: Ping Sweeps and Port Scans Ping sweeps and port scans are not an immediate threat to the company. While it may be used by an attacker to build a profile against the company, it can also be used by an administrator to gather information about the company. Although it is not an immediate threat, it should still be monitored for potential threats because it is a common way for hackers to attempt to break a network. In the following document, more will be discussed about what ping sweeps and port scans are and how they are used to gather information about a company’s network. What is a ping sweep and how does it work?
Availability is the facet of IA where information must be available for use by those that are allowed to access it. Protecting the availability can involve protecting against malicious code, hackers and any other threat that could impede access to the information system. Authentication involves ensuring that users are who they say they are. Methods used for authentication are user names, passwords, biometrics, tokens and other devices. Authentication is also used in other ways -- not just for identifying users, but also for identifying devices and data messages.
Which? This breach was due to business practices, particularly the practices of identifying users and limiting the information they sought. Practices that lead to this include: Practice | Structural weakness created | Authentication through Electronic format | * The illusion of legitimacy created through the use of an electronic format can be used to
Trainings are scheduled according to the urgency of the matter. Training will take place to enhance the different skills required to implement, monitor, and maintain the BCP. The security aspect of the implementation is very important. There will be a special training for the security of data in information technology. It includes the primary security features associated with the system hardware and software (database system management).
A security manager analyzes, anticipates, and protects the organization from every threat, ranging from liability to possible terrorism (Ortmeier, 2009). Security managers are needed in just about any organization, private or public to provide personnel, information and physical security. For a security manager to achieve security success in an organization, he or she must set comprehensive security goals (Ortmeier, 2009). The goals should facilitate the accomplishment of business goals, be achieved within a small security budget and support all security and governance requirements (Ortmeier, 2009). In order for the security manager to set goals, he or she must be a skilled listener and welcome the input of employees, fellow administrators, business partners and customers.
The System Administrators’ Code of Ethics In examining the Systems Administrators’ Code of Ethics a better understand can be gained into the ethics needed in the information technology field. A system administrator is in a particularly precarious ethical position with access to virtually all data on an organizations network. Without having a straightforward ethics code, backed up by good policy, a naturally curious system administrator may be tempted to go down a path of unethical behavior. The code, published and accepted by the League of Professional System Administrators’ (LOPSA), The Advanced Computing Systems Professional and Technical Association (USENIX), and the Special Interest Group for SYSADMINS (SAGE), is an important tool that can assist the professional system administrator in making ethical decisions and maintaining professional behavior. The code contains sections addressing professionalism, personal integrity, privacy, laws and policy, communication, system integrity, education, responsibility to computing community, social responsibility, and ethical responsibility.
The way that technology is a main part of everyone’s life so it is important to have information security to protect the technology from being missed used. Organizations such as governments, military, financial institutions, hospitals, and private businesses store a lot of sensitive information about employees, customers, products, research, and financial operations. Protection of the information is top priority to be successful in any field. Effective Information Security uses security products, technologies, policies and procedures. Just using these tools does not guarantee that all problems will be solved or will provide an effective Information Security.
Software devices used are; firewalls, Host intrusion Prevention Systems (HIPS), and Antivirus/Malware scanners. The concept of “work factor” is an important part of layering and is defined as the amount of effort a hacker, malware, etc. must use to breach the security measures guarding our network. Obviously, the less work they have to do point out that our security isn’t good. Showing that we have strong, layered security around our data and network will convince them to go elsewhere.