Unit 3 Assignment 1: Analyzing the Critical Security Control Points The following is a listing of security control points that any company should look at as necessary areas for precaution and care. Information covered by each area will be what each area consists of, how it strengthens the company security and what could happen if these areas are not properly maintained. 1. Inventory of Authorized and Unauthorized Devices and Software – a listing of processes and tools used to track/control/prevent/correct network access by devices and software. Attackers are always looking for devices and software that are newly added to a system and not updated correctly with the security measures in place already.
For this part we will be examining the security features needed in each section of the new system, the data, interface, processes, and network, and finally will end with a diagram of the data flow throughout the system. One of the most important factors in any system is the security of that system. If a system was unsecure, than that system is vulnerable to malicious attack and malware of all types. For a company, this can mean a theft of important data and even worse, a loss of revenue from trying to secure the system and from possible lawsuits. Because of the way that each part of the system functions, each part will have its’ own “type” of security, which will come together to ensure almost absolute system security.
Internal attacks can be more difficult to find as attackers have the potential to remove any evidence of the attack more easily as they have more knowledge or access rights on the system as opposed to an outside attack. Attacks can be administrated via removable devices such as a USB that could contain some form of malware on it such as a virus. Most internal attacks are conducted by unhappy employees who want to disrupt the organisation by using the knowledge they obtained in the organisation, against the organisation. Additionally, the employee may want to gain access to important data in order to infiltrate and sell the information onto another competing organisation. The
All procedures are to be tested to make sure they work. * Data should constantly be tested to make sure there is no corruption or lost. The redundant servers should greatly help with this. When the data is taken off site there should be a working server there to test the backup upon arrival. All checks should be logged.
The most cost effective way of preventing this type of invasion is the firewall, which will allow network administrators who have access to run diagnostic uses of the probes, while denying the same access to anyone outside of the network. If the probes are left unchecked without proper precautions on the network it would only be a matter of time before a breach would occur. This could cost the company everything in the long run. On a danger scale from 1 to 10 with 10 being the most dangerous, a ping sweep would run around a 3 and port scan would be around 5 or 6. I rate these probes like this as they are the detection methods used by hackers to enter a network; they are not the attack themselves.
Each m-coupon has a unique ID which is used by the system to verify the coupon. However there is always a risk that the ID can be fabricated, m-coupons can always be fabricated and spammed to customers which may damage the marketing campaign and image of the business. For the strategy to be effective, sufficient protocols should be deployed to ensure protection from fabrication of m-coupons and their spamming. Business should create m-coupons for specified short time periods only. Further coupons should be sent to the customers on their request from a designated number or system to help customers differentiate between fabricated and spam coupons from the
Name two tools used to plan, schedule and monitor the activities during a systems implementation project. 12. The objective in designing any internal control system is to provide foolproof protection against all internal control risks. 13. A good _________ enables an accounting manager as well as auditors to follow the path of the data recorded in transactions form the initial source.
All staff are to follow the procedures set out in this policy as information getting into the wrong hands can put service users at risk and result in disciplinary action. The codes of practice inform and give support/guidance to each company of the safe ways to handle and store the confidential information and
Which of the following account lockout policy modifications could you make to ensure that user passwords cannot be intercepted by analyzing captured packets? (D) Disable the Store Passwords Using Reversible Encryption policy 2. Which of the following mechanisms is most often used in firewall rules to allow traffic on to the network? (D) Port numbers 3. Which of the following NTFS features is incompatible with EFS encryption?
This type of access control is called defense-in-depth which is designed to handle failure if one element of the layer fails to provide protection to the system. All employees will receive security awareness training (SAP) to prevent against spear phishing attacks (Ballad et al, 2011). Classification of Confidential Information IDI will utilize a classification scheme to safeguard its sensitive information. Only employees with approved level of access called “clearance” will be allowed to view sensitive information. IDI will utilize the following classification levels: (1) Confidential--which is the lowest level of security that will cause damage if disclosed.