Premium Essay

Security

In: Computers and Technology

Submitted By townsend
Words 379
Pages 2
Delores Patton
Intro to Security
1-27-14
Unit 5 Assignment 2 Define and Acceptable Use Policy(AUP)
An acceptable use policy (AUP) is the policy that companies used to ensure that a user must agree to follow in order to be provided with access to a network or to the Internet.
LAN-to- WAN is when the network system links to a wide area network and internet.
Security Administrators should monitor what users are accessing on the network, setup firewalls, apply antiviruses to identify unknown files and emails, disable pinging, probing, and port scanning on all exterior devices, and denial of outbound traffic using source IP addresses.

Web Surfing is accessing the internet using different web browsers. As a Security
Administrator, you should apply domain-name content filtering at the internet entry/access point. By doing this, employees might not be able to surf certain web sites on the internet. The advantage of not having access to the internet is that it could prevent the network from getting viruses and the employees will only be allowed to use the company accounts to send out emails to customers. The disadvantage of this is what if an employee is trying to assist a customer by answering a question that they need to access the internet to answer.
As Richman Investment employees, guidelines to usage of email are covered under email usage policy. The following traffic is not allowed: No peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers No downloading executable from known software sites No unauthorized redistribution of licensed or copy righted material No exporting internal software or technical material in violation of export control laws No introduction of malicious programs into networks or onto systems No port scanning or data interception on the network No denying service or circumventing…...

Similar Documents

Premium Essay

Security

...Security. An automatic grading system must meet a few security requirements. The following two problems are of special importance: 1. The test program must be protected against unauthorized access by the student because it contains the reference solution with which the student's solution is compared. Consequently, the student must not read this program, but Nevertheless he should be able to execute it in order to check his assignment. 2. All the credits are stored in a file. Obviously this file must not be writable to The student. For reasons of privacy it also should not be readable. Nonetheless This file must be updated if an assignment is turned in successfully. These two problems are fundamental. There are many half-hearted solutions that Rather hide the problem than solve it. All of these approaches are characterized by The fact that they offer a so-called \security by complexity". They try to disguise The structure of the test program to a degree where it can only be deciphered by an Inordinate amount of work. The following “solutions" may serve as an illustration: 1. In the case of a conventional programming language the test program is implemented as a main program. Only the object file is available to the student, and at run time the student's solution is linked to the main program. 2. In the case of Maple or Matlab the test program is stored in a file that is readable to the student but whose name is unknown. Additionally this file is located in a......

Words: 341 - Pages: 2

Premium Essay

It Security

...NextGard Technologies Windows Security Implementation Model Michael White American Public University Author Note This paper was prepared for ISSC362 B003 Fall 12, taught by Professor Butler, William NextGard Technologies Windows Security Implementation Model Below are the seven areas of concentration for the focus of this essay: in section one Microsoft Windows access controls will be researched and discussed for solutions with details that are appropriate, in section two cryptography methods will be researched and detailed in order to protect the organization, in section three a plan will be devised to protect the company against malicious code and activity, in section four a plan will be implemented to monitor and analyze the network, in section five detailed security guidelines will be discussed, section six will discuss best practices for the security, and the appendix will include the network topology of the sites and the network infrastructure. The goal of this essay is to implement a model that encompasses a complete security model. Below each section discusses the above mentioned topics with a brief summary to close the essay. The matter of security of a network and access permissions is simple when certain protocols are followed. In the scenario for this assignment the company Ken 7 Windows Limited needs protocols for access control measures to protect restricted data. The first step is to ensure the process for setting up controls is......

Words: 1425 - Pages: 6

Premium Essay

Security

...Introduction As a future information security professional, it is vital that you understand the scope of an organization’s legal and ethical responsibilities. To minimize liabilities and reduce risks from electronic, physical threats and reduce the losses from legal action, the information security practitioner must understand the current legal environment, stay current as new laws and regulations emerge, and watch for issues that need attention. Law and Ethics in Information Security As individuals we elect to trade some aspects of personal freedom for social order. Laws are rules adopted for determining expected behavior in modern society and are drawn from ethics, which define socially acceptable behaviors. Ethics in turn are based on cultural mores: fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal among cultures. Slides 9 Types of Law Civil law represents a wide variety of laws that are recorded in volumes of legal “code” available for review by the average citizen. Criminal law addresses violations harmful to society and is actively enforced through prosecution by the state. Tort law allows individuals to seek recourse against others in the event of personal, physical, or financial injury. Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law. Public law regulates the structure and administration of government......

Words: 2358 - Pages: 10

Premium Essay

Security

...White Paper IT Security Risk Management By Mark Gerschefske Risk Analysis How do you predict the total cost of a threat? Is it only the cost to restore the comprised system and lost productivity? Or does it include lost revenue, customer confidence, and trust of investors? This paper provides an overview of the risk management process and its benefits. Risk management is a much talked about, but little understood area of the IT Security industry. While risk management has been practiced by other industries for hundreds of years, little historical data exists to support qualitative analysis in the IT environment.1 The industry approach has been to buy technology without really understanding the potential underlying risks. To further complicate matters, new government regulations create additional pressure to ensure sensitive data is protected from compromise and disclosure. Processes need to be developed that not only identify the sensitive data, but also identify the level of risk posed due to noncompliance of corporate security policies. Verizon has developed security procedures based on industry standards that evaluate and mitigate areas deemed not compliant to internal security policies and standards. Through the use of quantitative analysis, Verizon is able to determine areas that present the greatest risk, which allows for identification and prioritization of security investments. Risk Mitigation Process The Risk Mitigation Process (RMP) is a part of risk......

Words: 2021 - Pages: 9

Premium Essay

Security

...Security policy & standards Name Institution Course Instructor Date Part A In the current system, the following would be threats to the various components. THREATS TO SERVER Hacker Hacker is a general term that has truly been utilized to portray a machine programming master. All the more as of late, this term is regularly utilized as a part of a negative approach to depict a person who endeavors to increase unapproved access to system assets with pernicious plan. Black hat Black is an alternate term for people who utilize their insight into machine frameworks to break into frameworks or systems that they are not approved to utilize. Port Redirection Port redirection assaults are a kind of trust misuse assault that uses a bargained host to pass movement through a firewall that would overall be dropped. Consider a firewall with three interfaces and a host on every interface. The host on the outside can achieve the host on people in general administrations section, however not the host within. This openly open fragment is normally alluded to as a neutral ground (DMZ). The host on people in general administrations fragment can achieve the host on both the outside and within. In the event that programmers had the capacity bargain people in general administrations fragment host Theft of Service The likelihood of maverick utilization of a system association. Numerous hosts run the Dynamic Host Configuration Protocol (DHCP), by which...

Words: 1684 - Pages: 7

Premium Essay

Security

...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Jordan Treichler Strayer University CIS333 Professor Roden February 1, 2015 Identifying Potential Malicious Attacks, Threats and Vulnerabilities Introduction From an Information Security Engineer's point of view, a videogame development company has many resources, sensitive data and intellectual property which must be safeguarded. The existing network is comprised of two firewalls, one external firewall housing the entire network, one web and FTP server, one email server and one IDS on the DMZ. The second of the two firewalls (internal) protects the WAP, two Windows Server 2012 Datacenter, three file servers, one hundred workstations and the VoIP telephone system (see example below). There have been reports of malicious activity being on the rise; this document will outline the three largest security concerns for the company as a whole. These security concerns consist of employees and workstations, the Wireless Access Point (WAP), and the email server. Employees and Workstations One is led to believe that the malicious attacks are coming from within the company. Historically, there have been multiple instances of this vary action. Take Bradly Manning for instance, Manning was privileged to access classified information not to insert a CD-R and steal classified documents. If a user means harm, allowing mobile devices in the workplace only acts as an aide to them. Had Manning not been permitted......

Words: 1208 - Pages: 5

Premium Essay

Security

...Security Students Name Institutions Name How to resolve a security issue in a situation where the need for security is great but the available funds are limited Community participation is a very important aspect in enhancing security. Through the community’s leaders individuals can be sensitized on the need to protect each other and also help them to create a ‘we’ feeling in the management of the important resources in a region. This will enable the community members to identify with the resources and wealth of a region and hence strive to protect it by all means. Governments and administrative officials should also involve the locals in making of decisions that are of utmost importance to the people’s welfare (Bakari, Magnusson, Tarimo, & Yngström, 2006). The benefits if personnel in security management develop skills as educators for their organization's security Having high skilled employees who are given the potential to grow their expertise is a great benefit to any organization. An organizations success can often be attributed to individual expertise and skills of its employees. The benefits are as follows: 1. Cuts on the costs of hiring external consultants; many organizations spend a lot of money in hiring third party consultants to cover essential tasks within the organization such as periodic network vulnerability scans and developing security programs. The cost of sending employees to the requisite training may be relatively cheaper (McCoy &......

Words: 1066 - Pages: 5

Premium Essay

Security

...Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3, security provides "a form of protection where a separation is created between the assets and the threat." These separations are generically called "controls," and sometimes include changes to the asset or the threat.[1] Perception of security may be poorly mapped to measureable objective security. For example, the fear of earthquakes has been reported to be more common than the fear of slipping on the bathroom floor although the latter kills many more people than the former.[2] Similarly, the perceived effectiveness of security measures is sometimes different from the actual security provided by those measures. The presence of security protections may even be taken for security itself. For example, two computer security programs could be interfering with each other and even cancelling each other's effect, while the owner believes s/he is getting double the protection. Security theater is a critical term for deployment of measures primarily aimed at raising subjective security without a genuine or commensurate concern for the effects of that measure on objective security. For example, some consider the screening of airline passengers based on static databases to have been Security Theater and Computer......

Words: 436 - Pages: 2

Premium Essay

Security

...the CSO or Chief Security Officer. The CSO reports to the Board of Directors directly, hence cannot be influenced by the CEO or the CFO. According to the guideline by ASIS, this is the best model for a position that is as critical as the Chief Security Officer. Our CSO has been trying to add security to the culture of the company, and so far, it has been working. Being that the department is very new (about 1 year old), the security policies are now part of the human resources new hire packet. During their orientation, every new employee has to listen in on about 30 minutes of presentation that is security related, in addition to the normal company and culture orientation. The policies and procedures are now also embedded in the company intranet, and everyone has to sign a letter that says they read everything about the company’s security policies and procedures. This part also complies with the ASIS CSO guideline of bringing security into the company culture. According to the guideline, there is physical security that is handled by the CSO through his Facilities Director, as well as information security that is handled by the Information Security Director. They both report to the CSO (although the facilities director also reports to the Vice President of Human Resources). The company also has a Legal General Council, but this position reports directly to the CEO. The CSO regularly liaises with the General Council on all legal matters relating to the security department.......

Words: 561 - Pages: 3

Free Essay

Security

...Assignment 1 Lee Holland Identify what you see as the main purpose of security management and discuss what is meant by the statement that ‘security measures must be commensurate with the threat’. Within this essay I seek to break down the main assignment into the two phases that are within the title, the first being; What is the main purpose of security management? a role that to some would be undervalued, inconvenient, poorly funded and a hindrance, where to others, it is an effective, well-co-ordinated and highly desirable position, which when funded correctly, will have a positive effect on an organisations financial goals in the aid of preventing the loss of their assets through ways that were not before protected, this both in the corporate business and the commercial world. A reliable and effective security function is an asset to any organisation wishing to protect their tangible and intangible assets from compromise. In the second phase I will discuss what is meant by the statement that “security measures must be commensurate with the threat” In a world where the threats are changing daily, it is imperative that security procedures, policies and counter measures are kept up to date, and in line with the current rules and regulations of the security industry, they must also work within the National law within the county that they might be operating in. With financial constrictions and fierce competition within the business world it is only natural that an......

Words: 685 - Pages: 3

Premium Essay

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own......

Words: 93588 - Pages: 375

Free Essay

Security

...few of these security issues and discuss ways to prevent attacks from occurring. Users pose the largest security threat to a pc. Users go out on the internet, haphazardly clicking away on links that could open their pc for an attack. Malware, phishing scams, bot herding, viruses, and worms are just a few of the ways that your pc can be attacked. First and foremost is the user needs to understand that they must use caution when accessing the network. Follow sensible rules such as, don’t open email from strangers, don’t click on strange links, and don’t walk away from the pc without logging out. Never give out passwords, and change passwords often. Every 30-90 days is good and make sure you create strong passwords. As a rule of thumb, only give users access to the specific files and folders that they need. Use common sense when you are on the network and you can prevent malicious attack on your pc and protect sensitive information. Another way to protect your pc from malicious attack is by utilizing patches and hotfixes to the operating system software. Regular updates to the OS ensure that your device has some protection from worms or other malicious code that can damage the pc. Use firewalls on the network. Antivirus software needs to be installed also to protect the pc and it is imperative that you ensure that the program is updated regularly (Brandt, 2009). It is very important to schedule regular scans of the pc to check for viruses or other security......

Words: 693 - Pages: 3

Premium Essay

Security

...Security is an intentional process of securing anything from expected jeopardy. It is a condition in result of various protective measures. There are different aspects of security that ranges from personal life to national security. This is a separate department in large managements.   This is a condition that prevents unauthorized information or people from having access to confidential or personal areas. Writing on this subject matter might not be difficult but writing well is surely. It’s not simple to comprehend a professional paper on such a diverse subject. It has various categories and concepts which need to be researched and studied properly to write an ample document.   Our company has been writing security term papers since long and it has experienced writers who know their job very well. Physical security, information security, computing security, financial security, human security or food security, writers at our company are skilled enough to produce highly authentic term papers on any one of these categories of security. No matter how difficult topic you have for your term paper we guarantee you quality in any case.   Writers at our company follow your given specifications keenly to produce desired papers. With us you don’t need to worry about the quality of your term paper because excellence is never compromised at our company. Just place your order with us and experience it yourself.   Services provided by our company include:   ...

Words: 295 - Pages: 2

Premium Essay

Security

...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN INTRODUCTION 3 ABSTRACT 3 COMPANY BACKGROUND 3 SOFTWARE WEAKNESSES 4 EMAIL SERVER WEAKNESSES 4 SOLUTION 4 DATABASE WEAKNESS 5 SOLUTION 5 HARDWARE RELATED WEAKNESSES 6 HARDWARE WEAKNESSES 6 SOLUTION 6 HARDWARE POLICY WEAKNESSES 6 SOLUTION 7 REFERENCES: 8 INTRODUCTION A company that deals with making web site and web business solutions is known as Quality Web Design (QWD). The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. ABSTRACT QWD provides business solutions via Internet to its customers. The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, upgrade whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and the network design. They provide the support to the companies by providing web solutions so that they can spread their business through internet. The company processes also......

Words: 1442 - Pages: 6

Premium Essay

Security

...above to submit your assignment. Term Paper: Chief Security Officer Due Week 10 and worth 200 points You have been hired as the Chief Security Officer for a local University. For this role you will be responsible for establishing and maintaining an enterprise wide information security program to ensure that all information and data assets are not compromised. Knowing the concepts that are presented in the course, you will develop a plan to carry out a security program that deters computer crimes, establishes a process for investigation and outlines which laws are applicable for possible offenders. Write a 8-10 page paper in which you: Research the Internet for recent computer hacker attacks or other crimes that have been committed against higher educational institutions. Analyze the processes put in place by other higher education institutions in order to prevent these crimes from reoccurring. Recommend processes, methodologies, or technology that can be purchased to lower computer crime threats. Include specifics on pricing and the level of support and maintenance that would be required. Research the Internet for current laws and government agencies that exist in your region that address the threat of computer cyber-crimes. Identify the laws that would be effective to convict offenders. Determine what computer crime fighting government programs exist within your region that can complement your security operations. Research the internet for......

Words: 317 - Pages: 2