The risks that exist would come from a suspecting end-user, potentially some form of malware, that would be installed through an open port, thus causing the integrity of a machine on that network to be severely compromised (Lawrence, 2000). Ping sweeps and port scans are two direct unsuspecting threats that, like other cyber threats, are not to be ignored. The ease of gaining access by using these threat sources is something that a business should be aware of and be prepared to address when faced with being at the end of a cyber-attack. Implementing appropriate policy to counteract such a malicious and serendipitous attack on network vulnerabilities should be considered as an additional failsafe. Protection is the key and showing extra caution can at least reduce the
Unit 3 Assignment 1: Analyzing the Critical Security Control Points The following is a listing of security control points that any company should look at as necessary areas for precaution and care. Information covered by each area will be what each area consists of, how it strengthens the company security and what could happen if these areas are not properly maintained. 1. Inventory of Authorized and Unauthorized Devices and Software – a listing of processes and tools used to track/control/prevent/correct network access by devices and software. Attackers are always looking for devices and software that are newly added to a system and not updated correctly with the security measures in place already.
This threat is suspected due to the existing vulnerabilities that allow the unauthorized access of sensitive information across the existing network design. To thwart this effort and further secure Lafleur’s sensitive information the implementation of Access Control’s should occur. Access controls are used to authorize or limit object access to users, groups, and systems on the network or connected systems. Access control list consist of many areas that maintain a relationship with each other to provide an overall secure environment. The relationships that must be considered are: • Objects – This can be files, printers, computers, and other resources.
Derek Brunson CISM 3330-03 Plug IT In 6 Discussion Questions 1. | Why is it so important for you to protect your information assets? Can you assume that your organization's MIS department will do it for you? It is important to protect your information assets by behavioral actions and computer-based actions. I can assume that my organization MIS department will do it for me because they would identify issues and problems and promote to employees how to protect their assets that might be vulnerable to theft in the outside world.
How can a user demonstrate that their computer or device is malware free? By periodically performing real time scanning on system for malware that might have been missed by malware shield. 3. What are the steps necessary to establish a malware free computer or device Installing anti-malware software, Scanning and Auditing of system, and removal of malware. 4.
A software RAID can also be affected if the host computer is heavily loaded. Heavy processing can cause some pieces of data to be delayed by a small amount of time. These delays can add up, and negate the benefits of the RAID array to some degree. NOTE: A good website to use for RAID illustration is – Http://www.lascon.co.uk/d008005.html References Knowledgebase. (n.d.).
NAC tools are different from traditional security technologies and practices that focus on file access. While file-level security is useful for protecting data, it does not keep unauthorized users out of the network in the first place. NAC technology, on the other hand, helps businesses lock down their networks against criminals. Network security measures involve three layers: perimeter security (access), authentication, and authorization and consists of questions like who you are, where you are and what do you want (Turban, 2009). Another technology is firewalls.
Understanding these threats allows the organisation to prevent, protect and correct any damage done to his/her computer to an extent. This can help to reduce the negative impacts it may have on an organisation. Threats: Below is a list of threats to IT systems, ways to keep the system and data secure and organisational issues affecting the security of IT systems. 1. Malicious damage: Examples can be Viruses, Worms or Trojans a.
For this part we will be examining the security features needed in each section of the new system, the data, interface, processes, and network, and finally will end with a diagram of the data flow throughout the system. One of the most important factors in any system is the security of that system. If a system was unsecure, than that system is vulnerable to malicious attack and malware of all types. For a company, this can mean a theft of important data and even worse, a loss of revenue from trying to secure the system and from possible lawsuits. Because of the way that each part of the system functions, each part will have its’ own “type” of security, which will come together to ensure almost absolute system security.
Because many information is stored in few places on the network machines, and many individuals has access to it, important is for organization to build the right architecture of needed database system and have the security policy in place before any of this will be used on a daily basis. The multilevel data distribution should be considered and have a few levels of security that allows not every individual access it to every data but only certain level of information. Architectural design plays important role in this step. Legal Issues Thinking about the legal issues can bring up many questions about what consequences may occur if the organization is not protected by the law in case of stolen data or attack to the database. One of the main issue that companies, individuals or database administrators can face or deal with when it comes to the database system is the copyright laws of the United States.