Unit 2 – Assignment 1: Selecting Security Countermeasures Marcial Norori IS3220 Mr. Sebastian Burci ITT Technical Institute – Hialeah, FL. 1/5/2015 A secure Web server provides a protected foundation for hosting Web applications. A Web server configuration plays a critical role in the Web application's security. Badly configured directories can lead to unauthorized access. A forgotten detail can provide a convenient back door, while an overlooked port can be an attacker's front door.
Regulatory frameworks are requiring organizations, like yours to implement the necessary safeguards to ensure the confidentiality, integrity and availability of information. (Khansa & Liginlal, 2009, p. 1) The importance of information security cannot be over-emphasized. It is imperative that you invest in information security as it comes with protection and resilience against malicious attacks. According to Khansa & Liginlal, if we prevent malicious attacks on this company, monetary damages from attacks would be reduced and customers’ information would be saved from compromise, preventing any negative publicity for this company, (Khansa & Liginlal, 2009, p. 17) In a nutshell, information security tries to set security controls to prevent theft or damage to data or assets on your computer. The damage could be from internal or external.
Networked Systems Security Task 1 – THREATS AND IMPACT OF NETWORK THREATS There are many types of threats that can damage your computer either temporarily or permanently. Some threats posed may not threaten your computer right away however have the potential to do so. Some threats that present themselves can include physical threats such as the theft of equipment whether that is the monitor, computer etc. Other threats can be harder to find such as viruses, worms or any kind of malware. Understanding these threats allows the organisation to prevent, protect and correct any damage done to his/her computer to an extent.
NAC tools are different from traditional security technologies and practices that focus on file access. While file-level security is useful for protecting data, it does not keep unauthorized users out of the network in the first place. NAC technology, on the other hand, helps businesses lock down their networks against criminals. Network security measures involve three layers: perimeter security (access), authentication, and authorization and consists of questions like who you are, where you are and what do you want (Turban, 2009). Another technology is firewalls.
(Points : 3) | Public and procedures Security programs Security personnel and administrators Data | 7. (TCO A) What term provided below, in the world of information security, is defined as a security risk that has a high possibility of becoming a system breach? (Points : 3) | Backdoor Threat Security gap DBMS gap | 8. (TCO A) What asset besides physical, logical, and intangible would represent the four main types of assets? (Points : 3) | Human Software Network Temporary | 9.
Next will be the explanation of security authentication process. In the final section an explanation of the role of information security policies within an organization will be covered. In order to better explain the types of threats a company may encounter.
Missouri branch is using Norton Anti-Virus corporate edition, Arc Serve Backup Software. Anti-virus will protect and remove viruses, Trojan horses and worms but to block hackers from getting access to the data, a firewall must be implemented. New Jersey Office/Plant. This branch is also not using a firewall. No firewall can be a disaster for Huffman Trucking because it allows hackers to get in and have access to organization’s valuable information.
This threat is suspected due to the existing vulnerabilities that allow the unauthorized access of sensitive information across the existing network design. To thwart this effort and further secure Lafleur’s sensitive information the implementation of Access Control’s should occur. Access controls are used to authorize or limit object access to users, groups, and systems on the network or connected systems. Access control list consist of many areas that maintain a relationship with each other to provide an overall secure environment. The relationships that must be considered are: • Objects – This can be files, printers, computers, and other resources.
Care has to be taken to make sure that the data is correct and up to date. It also applies to retrieval of data, data retrieval is for a purpose and there is no use retrieving data that is out of date. So the systems I work with have to be kept updated all the times by checking for out-dated records , such as married names, addresses new GP practices etc . The purpose of confirming information is to avoid inaccurate information, to avoid wrong information, to prevent mistakes, and also to avoid unnecessary costs and issues that might arise as a result of wrong information. Wrong information can lead to serious outcomes.
Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management. Security risks to database systems include, for example: Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations); Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services; Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended; Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and obsolescence; Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities (e.g.