Premium Essay

Access Control Simulation

In:

Submitted By bbmcgee
Words 720
Pages 3
Ground Level
Upon entry the door was locked and a key card was required for this single point of entry. There were security cameras outside of the building. There was a dumpster outside that was not secured, which could allow anyone access to sensitive information. Locking the dumpster or placing it in a secured location would mitigate this risk. The receptionist did not ask me to verify my identity. The receptionist should be required to verify the identity of everyone entering building to prevent a person from entering the building that isn’t authorized. There was a security room with security personnel viewing the monitors. Office 1-1 had a post it note taped to computer monitor with names that could be passwords. Increased password security should be implemented to reduce the risk of someone hacking into a system. Both office 1-1 and 1-2 had fingerprint scanners, which increases access control. In office 1-2 there was an unattended paper shredder, which should be secured due to sensitive information. In the hallway there was a security camera and a utility box but the wire cabinet was not locked. As such, anyone can access the hardware inside. A lock should be installed to prevent unauthorized access to the hardware. Also in the hallway there was an Ethernet jack which allowed access to the internet. Controls should be put in place to require security access to logon to the network.

Floor 2
Cubicle 2-1 had a pre-approved offsite equipment request posted This should be secured to prevent an unauthorized person from stealing equipment. Both cubicle 2-1 and 2-2 had fingerprint scanners. Cubicle 2-3 had a locked file drawer and the computer was password protected as it locked after four attempts. Cubicle 2-4 did have a UPS but there was a flashdrive on the desk as well as login information on a post it note. Flashdrives should be encrypted

Similar Documents

Premium Essay

It 244 Final

...4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Sunica Music and Movies will be implementing a full security plan to ensure proper handling and access of data in our new system. Vulnerable customer information being properly protected is a top priority for us. An added benefit will be the security and accuracy afforded to employees through this protection. Customers trust this organization with highly private personal and financial information. That makes it our responsibly to handle that information with the utmost respect and care. Through the controls and procedures outlined in this policy we can achieve those goals. Employees have the right while being given access to this type of information to also be fully protected. The controls and procedures designated here will also facilitate that. For example leveled access removes temptation to lower level employees and protects them...

Words: 2332 - Pages: 10

Premium Essay

Information Security Policy

...Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary There are several threats to the security of networks and data. While there is no definite way to prevent all of the incidents that can befall a network, by developing a proactive security plan that will encompass many of the known threats data loss and corruption can be minimized. Sunica obtains different levels of customer information and records large amounts of financial information on their network. The best way to prevent the loss or corruption of data for Sunica is to develop a well rounded security plan that contains proactive solutions including security hardware and software as well as physical security policies. Hardware security solutions start with firewall protection of the network. Other physical protection includes restricted access to the network closet as well as smart card access for the...

Words: 4350 - Pages: 18

Premium Essay

Final Information Security Policy

...1. Executive Summary 2 2. Introduction 3 2.1 Company Overview 3 2.2 Security Policy Overview 4 2.3 Security policy goals 4 2.3.1 Confidentiality 4 2.3.2 Integrity 5 2.3.3 Availability 5 3. Disaster Recovery Plan 6 3.1 Risk Assessment 6 3.1.1Critical Business Processes 7 3.1.2 Internal, external, and environmental risks 7 3.2 Disaster Recovery Strategy 8 3.3 Disaster Recovery Test Plan 8 3.3.1 Walk-throughs 8 3.3.2 Simulations 9 3.3.3 Checklists 9 3.3.4 Parallel testing 9 3.3.5 Full interruption 9 4. Physical Security Policy 10 4.1 Security of the building facilities 10 4.1.1Physical entry control 10 4.1.2 Security offices, rooms and facilities 11 4.13.Isolated delivery and loading areas 12 4.2 Security of the information systems 12 4.2.1Workplace protections 12 4.2.2Unused ports and cabling 13 4.2.3 Network/server equipment 13 4.2.4 Equipment maintenance 13 4.2.5 Security of laptops/roaming equipment 13 5. References 14 Executive Summary The objective of this proposal is to present the information security policy created for Bloom Design Group. The issue of a company’s network security continues to be crucial because the results of data loss or significant system failure can be disastrous for a company. An alarming number of companies fail to realize how vulnerable their network is to internal, external, and environmental risks. One of the top priorities of an organization should be maintaining...

Words: 3568 - Pages: 15

Premium Essay

Giac

...1. Time Based 2. What is the significance of obtaining a Non-Disclosure Agreement from third parties? To ensure the confidentiality of company data that they may have access to 3. Which two major cities have conducted full-scale simulations of bioterror and nuke attacks? New york and DC 4. What kind of facilities are specified in the physical security perimeter control? All information processing facilities 5. Which of the following best represents the principle of “economy of mechanism?” run only the services and applications necessary to perform the desired function 6. What is the primary goal of establishing incident management responsibilities and procedures? Ensuring an effective response to security investigations. 7. An organization has implemented a Windows environment with Active Directory. They have set up groups with limited access for each department, such as Human Resources and Accounting. Additional access rights needed for certain tasks within each department are assigned to specialized groups, such as Accounting_Payroll and Human Resources_Benefits. User accounts are added to the groups that have the appropriate access rights to meet their assigned responsibilities. What type of access control model is this organization using? Role Based Access Control 8. Why is it important to temper good intentions with knowledge with regard to employee awareness training? Clear and specific policies protect both the organization and the employees. 9. In addition to high-level...

Words: 1946 - Pages: 8

Premium Essay

Information Security Policy

...Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. This new strategy guide for Bloom Design Group provides a comprehensive strategy for providing a safe and secure work environment. Several new policies and procedures will be implemented as a result of these new ideas. Bloom Design Group will have little trouble in adhering to the promised plan based on the their assets and experienced personnel. The goals implemented will include new user accounts and access policies and controls. These goals will allow for monitoring for all persons using the network and view all...

Words: 3916 - Pages: 16

Premium Essay

Information Security Policy

...Axia College Material Appendix B Information Security Policy Student Name: Brice Washington Axia College IT/244 Intro to IT Security Instructor’s Name: Professor Smith Date: 11/7/2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves...

Words: 4226 - Pages: 17

Premium Essay

Nt1310 Unit 3 Lab 8.2

...Bradford Networks Premieres Network Sentry 8.2 Newest Release Enhances Compensating Controls for IoT Network Device Security and Offers Deeper Partner Integration [DATE] - Boston, MA - Bradford Networks, an innovator in transforming network security through visibility, control and response, released today version 8.2 of its award-winning security automation and orchestration solution, Network Sentry. This newest release of Bradford Networks’ leading network security solution now includes new Internet of Things (IoT) simulation and identification capabilities, that enhances customers' ability to discover, profile and validate all headless and Internet of Things (IoT) devices on their networks, then automatically apply relevant rules. Combined...

Words: 558 - Pages: 3

Premium Essay

Mid Term Cis 333

...Which technology of the following supports the convergence of voice, video, and data communication streams across a split channel? Answer PBX phone system Time Division Multiplexing Direct inward system access (DISA) Trunk access group restriction (TAGR) 2.5 points Question 2 Session Initiation Protocol (SIP) supports which of the following? Answer Presence/availability Videoconferencing Collaboration All of the above 2.5 points Question 3 Which of the following is a weakness that allows a threat to be realized or to have an effect on an asset? Answer Risk Threat Vulnerability Downtime 2.5 points Question 4 In which domain of a typical IT infrastructure do service level agreements (SLAs) figure prominently? Answer LAN LAN-to-WAN WAN Remote Access 2.5 points Question 5 Which domain of a typical IT infrastructure includes cabling, servers, and wireless access points? Answer User Workstation LAN Remote Access 2.5 points Question 6 An AUP is part of a layered approach to security and it supports confidentiality. What else supports confidentiality? Answer Threat monitoring Vulnerability assessments Data classification standards Security awareness policies 2.5 points Question 7 Which law requires all types of financial institutions to protect customers' private financial information? Answer ...

Words: 1036 - Pages: 5

Premium Essay

It Security

...Information Security Policy University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Mark Cherry Date: 03/11/2012 * Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary This plan seeks to provide the best security available while keeping cost at a minimum. The security plan will implement the best software available along with other security measures to keep all information as secure as possible. The plan should be able to provide top notch security measures with the least amount of monitoring and maintenance. The plan should be fully active and available in the least amount of time with the least amount of disruption from day to day business. Project constraints will be mostly likely be in the cost sector, this may delay certain implantation of security measures but should not delay the...

Words: 2076 - Pages: 9

Premium Essay

Mid Term Study Guide

... 2. Which law requires all types of financial institutions to protect customers’ private financial information? 3. An AUP is part of a layered approach to security and it supports confidentiality. What else supports confidentiality? Data Classification Standards 4. A(n) _____________ is a detailed written definition of how software and hardware are to be used. standard 5. True or False: A guideline is a common type of data classification standard. False 6. A(n) __________ is the likelihood that something bad will happen to an asset. Risk 7. Which domain of a typical IT infrastructure includes cabling, servers, and wireless access points? LAN 8. Which domain of a typical IT infrastructure includes Wi-Fi hotspots, smartphones, and virtual private network connections? Remote Access 9. In which domain of a typical IT infrastructure do service level agreements (SLAs) figure prominently? WAN 10. A(n) _____________ is a weakness that allows a threat to be realized or to have an effect on an asset. Vulnerability 11. True or False: An earthquake is considered a threat rather than a risk. True 12. True or False: Losing Data is considered a threat rather than a risk. False 13. True or False: A financial organization failing to comply with federal regulations is considered a threat rather than a risk. False 14. True or False: Losing business due to the aftermath of a tornado is considered a threat rather...

Words: 4175 - Pages: 17

Premium Essay

Sscp Study Notes

...SSCP Study Notes 1. Access Controls 2. Administration 3. Audit and Monitoring 4. Risk, Response, and Recovery 5. Cryptography 6. Data Communications 7. Malicious Code Modified version of original study guide by Vijayanand Banahatti (SSCP) Table of Content 1.0 ACCESS CONTROLS…………………………………………………………...... 03 2.0 ADMINISTRATION ……………………………………………………………... 07 3.0 AUDIT AND MONITORING…………………………………………………...... 13 4.0 RISK, RESPONSE, AND RECOVERY………………………………………....... 18 5.0 CRYPTOGRAPHY……………………………………………………………....... 21 6.0 DATA COMMUNICATIONS…………………………………………………...... 25 7.0 MALICIOUS CODE……………………………………………………………..... 31 REFERENCES………………………………………………………………………........ 33 1.0 ACCESS CONTROLS Access control objects: Any objects that need controlled access can be considered an access control object. Access control subjects: Any users, programs, and processes that request permission to objects are access control subjects. It is these access control subjects that must be identified, authenticated and authorized. Access control systems: Interface between access control objects and access control subjects. 1.1 Identification, Authentication, Authorization, Accounting 1.1.1 Identification and Authentication Techniques Identification works with authentication, and is defined as a process through which the identity of an object is ascertained. Identification takes place by using some form of authentication. Authentication Types Example Something you know...

Words: 17808 - Pages: 72

Premium Essay

Riordan Hr

...Service Request SRM-22 Riordan Manufacturing Jarred Pacheco 11-02-2012 BSA/375 Riordan Manufacturing wants to integrate an existing variety of HR tools into a single integrated application. Expected results are to define the business requirements for the development of a new HR system, and to create a detailed system design and project implementation plan to complete the project. The project should be completed in approximately six months, so the new system can be utilized in the second quarter of next year. The key stakeholders I would gather information from in Riordan Manufacturing are the director of human resources Yvonne McMillan, President & CEO of Riordan manufacturing Dr. Michael Riordan, Employee Relations Manager Andrea Gamby, Compensation & benefits manager Terri Carranza, payroll manager Silvija Peterson, Recruiter-Professional staff Eric Myers. I would choose these individuals due to the fact that they are directly related with the HR department. Other key stakeholders information would be gathered from are the employees of Riordan Manufacturing. When choosing which key stakeholders to consider, you consider the people who can affect the system or who will be affected by the system. This might include managers, employees, staff members, and even some customers and suppliers. The information-gathering techniques and systems analysis tools I would propose for the project are, Interviewing and listening. People are interviewed about their work, the...

Words: 3176 - Pages: 13

Premium Essay

Hefty

...website. And suppose your refrigerator were spewing spam e-mail, enraging people you'd never even met. The Internet of Things has been touted as many things. But what you haven't heard is that it could be your worst enemy. Yet all of these incidents have actually occurred, according to news reports. And it's likely that even more disturbing transgressions have been taking place unbeknownst to homeowners. For example, researchers have discovered that in some cases, they can hack the Internet of Things to intercept each document you print and divert it to a remote site, use your smart TV to bug your house, and even control the traffic light on the corner outside your home. For although the Internet of Things offers great convenience by linking our gadgets—an estimated 50 billion of them worldwide by 2020—it can also let hackers take control of your house, your car, and even your body. The vulnerabilities lie all around you. A recent HP Research study reported that the average Internet of Things gadget has an astounding 25 security flaws, and 70 percent have at least one such vulnerability. Many of these problems may yield to solutions like those adopted by the personal computer industry decades ago. As I'll explain later, there are also some that require new approaches that take into account the vast scale and narrow profit margin of the emerging world of Internetaugmented products. LET'S START WITH YOUR HOME. Your smart meter—if you don't have one...

Words: 3850 - Pages: 16

Premium Essay

Beacuse I Have to

...State of North Carolina Statewide Information Security Manual Prepared by the Enterprise Security and Risk Management Office Publication Date: April 20, 2012 INTRODUCTION FOR STATEWIDE INFORMATION SECURITY MANUAL ...... 1 GUIDANCE FOR AGENCIES .............................................................................. 1 CHAPTER 1 – CLASSIFYING INFORMATION AND DATA ................................ 2 CHAPTER 2 – CONTROLLING ACCESS TO INFORMATION AND SYSTEMS. 7 CHAPTER 3 – PROCESSING INFORMATION AND DOCUMENTS ................. 32 CHAPTER 4 – PURCHASING AND MAINTAINING COMMERCIAL SOFTWARE ..................................................................................................... 107 CHAPTER 5 – SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT .................................................................................................... 122 CHAPTER 6 – COMBATING CYBER CRIME ................................................. 146 CHAPTER 7 – CONTROLLING E-COMMERCE INFORMATION SECURITY 153 CHAPTER 9 – DEALING WITH PREMISES RELATED CONSIDERATIONS . 173 CHAPTER 10 – ADDRESSING PERSONNEL ISSUES RELATING TO SECURITY ........................................................................................................ 185 CHAPTER 11 – DELIVERING TRAINING AND STAFF AWARENESS .......... 192 CHAPTER 12 – COMPLYING WITH LEGAL AND POLICY REQUIREMENTS ......................................................................................................................

Words: 65255 - Pages: 262

Premium Essay

Test Paper

...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...

Words: 125224 - Pages: 501