Unit 3 Assignment 1: Analyzing the Critical Security Control Points The following is a listing of security control points that any company should look at as necessary areas for precaution and care. Information covered by each area will be what each area consists of, how it strengthens the company security and what could happen if these areas are not properly maintained. 1. Inventory of Authorized and Unauthorized Devices and Software – a listing of processes and tools used to track/control/prevent/correct network access by devices and software. Attackers are always looking for devices and software that are newly added to a system and not updated correctly with the security measures in place already.
This threat is suspected due to the existing vulnerabilities that allow the unauthorized access of sensitive information across the existing network design. To thwart this effort and further secure Lafleur’s sensitive information the implementation of Access Control’s should occur. Access controls are used to authorize or limit object access to users, groups, and systems on the network or connected systems. Access control list consist of many areas that maintain a relationship with each other to provide an overall secure environment. The relationships that must be considered are: • Objects – This can be files, printers, computers, and other resources.
MGT2 Task 3 Part A. Addendum to Xemba Translations’ Telecommuter Expansion Project Risk Assessment Matrix Description of Risk | Impact | Likelihood of Occurrence(L,M,H) | Degree of Impact(L,M,H) | Initial Action to Take if Event Occurs | Team Member Responsible | Strategies for Prevention and Mitigation | | Customer data becomes public, or altered because of lax in security on telecommuters computers | “The FTC Act provides penalties monetary, as well as, criminal for violations of consumer data privacy,” (Jolly, 2013). Consumers may also elect to pursue civil action. | L | H | Deny further access to the company database from any external sources until measures are taken to assure this does not happen again. | Hugh, Malinda | Make sure there is a privacy policy in place and that employees are aware of it and the consequences of violations. Secure the Telecommuters computers before they are distributed.
All information that is stored electronically should be password incripted and only accessable to staff with the password. All other sensitive information should be kept secure by it up in a secure room such as a staff office or even in a seperate building. 2.3 Describe features of manual and electronic information storage systems that help ensure security. As described above, manual storage systems for information are generally lockable areas such as filling cabinates and lock boxes. Electronic storage systems such as computers and laptops all have the option of having passwords which should be updated and changed monthly to ensure that the information is always secure and not avaialble to anyone accept for current members of staff.
By proper end user training for anyone involved with the Corporate Techs site, proper scanning of all USB and thumb drives on a test computer being used for this particular site, can mitigate threats from bugs and viruses. Also, by changing all local computer default autorun policies, will disable usage of these USB ports and stop an occurrence from taking place. Last, it’s almost near impossible for an end user to not use a personal laptop during work hours for personal use or for work. But to mitigate further problems from happening, I will implement an encrypted file system for sensitive data. TrueCrypt is a program that I have found efficient that controls over endpoints that enter and exit the internal system.
Always follow company Policies and Procedures. If the victim wants to tell you about the abuse, listen carefully, be carefully not to ask leading question simply ask 'what happened next'? make sure you record what was said e.g. dates, times and places. Remember to use their own words and phrases, describe how the disclosure came about, note the setting and if anyone else was in the room at the time.
This type of access control is called defense-in-depth which is designed to handle failure if one element of the layer fails to provide protection to the system. All employees will receive security awareness training (SAP) to prevent against spear phishing attacks (Ballad et al, 2011). Classification of Confidential Information IDI will utilize a classification scheme to safeguard its sensitive information. Only employees with approved level of access called “clearance” will be allowed to view sensitive information. IDI will utilize the following classification levels: (1) Confidential--which is the lowest level of security that will cause damage if disclosed.
All meetings need proper documentation that should be signed by managers stating they are aware of these laws and changes/updates. This will aid in the company not being held liable for managers being unaware of processes related to religious days and employees. 2.There needs to be a bi-yearly review of currently policies and procedures to ensure the company is not in violation of the Title VII Civil Rights Act of 1964. By doing a bi-yearly review, the company can stay atop of any changes that need to take place to assure adherence to the current policies and
By explaining the importance of keeping confidential information such as daily recordings or daily activities in a secure place and not to pass on any information to anyone outside of the individual’s direct team. When using the computer you must make sure when you are accessing the individual personal information that you do not leave it on and go and do something else. Make sure you have an active password that is only known to those that need to know. Task B Guidelines Prepare a set of guidelines to remind social care workers of best practice in
Workers must be consulted about managing WHS in the workplace. | True | False | c. Everyone in the workplace should have the opportunity to contribute to the development of WHS policies and procedures. | True | False | d. Daily inspections of the physical environment can help to eliminate workplace hazards. | True | False | e. Step three in the process of/risk management is to control risks. | True | False | f. The most effective way to control a risk is to eliminate the hazard.